Privacy Policy

Last updated 6th March 2026

SkyRose Wellbeing trading as SkyRose Coaching (“we”, “us”) is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains what personal data we collect, how we use it and your rights in relation to that data.

1. What personal data we collect

We collect and process personal data that you provide to us directly. This may include:

  • Your name
  • Email address
  • Telephone number
  • Information you choose to share about your circumstances or reasons for seeking support
  • Booking and appointment information, including data submitted through our scheduling platform, TidyCal
  • Brief session notes, stored securely in written or electronic form

If you complete a quiz or contact us through our website Contact Us form, we will collect the information you submit through those forms.

2. How we use your data

Your personal data is used only for the administration and delivery of services. This includes:

  • Arranging, rescheduling or cancelling appointments
  • Communicating information relevant to your sessions
  • Processing payments and issuing invoices or receipts
  • Maintaining appropriate professional records
  • Meeting legal or regulatory obligations

We do not sell, share or pass your personal data to third parties for marketing, research or commercial purposes.

3. Legal basis for processing

We process your personal data on the basis of:

  • Performance of a contract, where you book and pay for services
  • Legitimate interests in administering, maintaining and improving our services
  • Legal obligations where applicable
  • Consent, where you opt in to receive marketing or additional communications

You may withdraw consent at any time by contacting us.

4. Data storage and third-party processors

Personal data is stored securely using password-protected systems. Access is restricted to us only.

We use trusted third party service providers to support the delivery of our services. These include:

  • TidyCal for appointment scheduling
  • Zoom for online sessions
  • Stripe for payment processing
  • Tally for quiz data collection
  • Make for workflow automation between our systems
  • KIT for email communications and subscriber management

These providers process personal data on our behalf and are required to comply with UK GDPR requirements. Some providers may store or process data outside the UK. Where this occurs, appropriate safeguards are in place in accordance with UK GDPR.

Session notes and relevant client records are retained for up to seven years following the end of services, in line with professional guidance.

After this period, records are securely deleted or destroyed.

5. Confidentiality and Data sharing

Everything discussed within sessions is treated as confidential.

Confidentiality may only be broken where:

  • There is a serious concern about your safety or the safety of another person
  • We are legally required to disclose information by a Court of Law

Where possible, we will seek to inform you before any disclosure is made.

If services are arranged or paid for by a third party, only administrative information such as invoices or receipts will be shared.

Session content remains confidential unless you provide written consent or we are legally required to disclose it.

We do not share your personal information with third parties except:

  • Where required by law
  • Where necessary to establish, exercise or defend legal claims

6. Your rights

Under UK data protection law, you have the following rights:

  1. Right to be informed
    You have the right to be informed about how your personal data is collected and used. This Privacy Policy provides that information.
  2. Right of access
    You can request a copy of the personal data we hold about you.
  3. Right to rectification
    You can request correction of inaccurate or incomplete personal data.
  4. Right to erasure
    You can request deletion of your personal data in certain circumstances.
  5. Right to restrict processing
    You can request that we limit the way we use your data in certain situations.
  6. Right to data portability
    You can request that your data be provided to you or transferred to another service provider, in a structured, commonly used format where processing is based on consent or contract.
  7. Right to object
    You can object to processing where we rely on legitimate interests as our lawful basis.
  8. Rights related to automated decision-making and profiling
    You have the right not to have important decisions made about you solely by automated systems without human involvement.

To exercise any of these rights, please contact us using our Contact Us form.

We may not be able to comply with certain requests where we are legally required to retain data or where it is necessary to establish, exercise or defend legal claims.

7. Data breaches

In the event of a personal data breach, we will comply with our legal obligations, including notification to the Information Commissioner’s Office where required and communication with affected individuals where appropriate.

8. Complaints

If you have any concerns about how your data is handled, please contact us directly using our Contact Us form so that we can address the issue.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

SkyRose Wellbeing is registered with the Information Commissioner’s Office under reference ZB312743.