Privacy Policy

1. Introduction

John R Saunders ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website coaching.johnrsaunders.com (the "Site") and use our services.

This policy is designed to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Personal Information

We may collect the following personal information:

• Name and contact details (email address, phone number)
• Information you provide when booking coaching sessions
• Payment information (processed securely through GoHighLevel)
• Communication preferences
• Any information you provide in forms or correspondence

3.2 Automatically Collected Information

When you visit our Site, we may automatically collect:

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on pages
• Referring website addresses
• Cookie data (see our Cookie Policy for details)

3.3 Assessment Data

When you complete the nervous system risk assessment on our Site, your responses are processed locally in your browser and are not stored on our servers unless you choose to submit your information to book a session.

4. How We Use Your Information

We use your personal information for the following purposes:

• Service Delivery: To provide coaching services, manage bookings, and communicate with you about your sessions
• Payment Processing: To process payments for services (via GoHighLevel)
• Communication: To respond to your enquiries and send service-related information
• Marketing: To send promotional communications (only with your consent, which you can withdraw at any time)
• Website Improvement: To analyse site usage and improve our services
• Legal Compliance: To comply with legal obligations and protect our legal rights

5. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to fulfil our coaching services contract with you
• Consent: For marketing communications and non-essential cookies
• Legitimate Interests: For website analytics and service improvement, where not overridden by your rights
• Legal Obligation: To comply with legal and regulatory requirements

6. Data Sharing and Disclosure

We may share your information with:

6.1 Service Providers

• GoHighLevel: Our CRM, booking, and payment processing platform
• Vercel: Our website hosting provider
• Analytics Providers: Only if you consent to analytics cookies

6.2 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, property, or safety, or that of others.

We do not sell your personal data to third parties.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

• Client Records: Retained for 7 years after the last session (professional practice requirement)
• Marketing Data: Until you withdraw consent or request deletion
• Website Analytics: Typically 26 months (when consent is given)

8. Your Rights

Under UK GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Restriction: Request limitation of processing
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please contact us at privacy@johnrsaunders.com

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

• SSL/TLS encryption for data transmission
• Secure hosting infrastructure
• Access controls and authentication
• Regular security assessments

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. When we do this, we ensure appropriate safeguards are in place, such as:

• EU Standard Contractual Clauses
• Adequacy decisions by the UK Government
• Supplier certifications and commitments to data protection

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

12. Cookies

Our Site uses cookies and similar tracking technologies. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):