EmberPath Privacy Policy

Privacy Policy

Effective Date: 17/10/2025

EmberPath Coaching (“we,” “our,” or “us”) is committed to protecting your personal data.
This Privacy Policy explains how we collect, use, store, and protect your information in line with the UK GDPR and, where relevant, the EU GDPR.

1. Data Controller

The data controller is:

EmberPath Coaching
Email: [insert email]
Phone: [insert phone]
Address: 45 Tilbrook Road, SE3 9QD, London, UK.

2. Personal Data We Collect

We may collect and process the following types of data:

  • Identity and Contact Data: name, email, phone number, billing address.

  • Coaching Data: notes, goals, and information shared during sessions.

  • Financial Data: payment information handled securely by our payment provider (we do not store full card details).

  • Technical Data: IP address, browser type, usage data, and cookies.

  • Marketing Preferences: your choices about receiving newsletters, resources, or updates.

3. Lawful Bases for Processing

We process your data only when we have a lawful reason:

  • Contractual Necessity: to deliver coaching and manage payments.

  • Consent: when you opt into marketing or share sensitive information in sessions.

  • Legal Obligation: for tax, accounting, or regulatory requirements.

  • Legitimate Interests: to improve services, maintain security, and support client relationships — balanced with your rights.

4. How We Use Your Data

We use your personal data to:

  • Provide and personalise coaching services.

  • Communicate about sessions, materials, or updates.

  • Process payments and manage accounts.

  • Improve our website and services.

  • Send marketing communications (with your consent).

  • Meet legal or regulatory obligations.

5. Sharing Your Data

We never sell your personal data. However, we may share it with:

  • Service Providers: payment processors, scheduling tools, email platforms.

  • Professional Advisors: accountants, auditors, or legal consultants.

  • Legal Authorities: when disclosure is required by law.

All third parties must handle your data in line with GDPR and for the purposes we specify.

6. International Data Transfers

When we transfer your data outside the UK or EEA, we ensure it is protected through:

  • Adequacy decisions approved by UK/EU authorities, or

  • Standard Contractual Clauses (SCCs).

7. Data Retention

We keep data only as long as needed:

  • Client records: up to [X years] after your last session.

  • Financial records: [X years] to meet tax requirements.

  • Marketing data: until you withdraw consent.

After this period, we securely delete your data.

8. Your Rights Under GDPR

You have the right to:

  • Access your data.

  • Rectify inaccuracies.

  • Request Erasure of data no longer needed.

  • Restrict how we use your data.

  • Receive your data in a portable format.

  • Object to processing based on legitimate interests or for marketing.

  • Withdraw Consent at any time.

To exercise these rights, contact us at [insert email].
If you are unhappy with our response, you may contact the ICO or your local Data Protection Authority.

9. Children’s Data

Our services are not intended for individuals under 18, and we do not knowingly collect children’s data.

10. Cookies and Website Tracking

Our website uses cookies to improve your experience and analyse usage.
You can manage or disable cookies through your browser settings.

11. Updates to This Policy

We may update this Privacy Policy from time to time.
Changes will be posted on this page, along with the updated effective date.