Privacy Policy

Application

This privacy policy (“Privacy Policy” or “Policy”) is provided by Bright Thinking (“we”, “us”, or “our”) to persons (“you”) accessing https://www.bright-thinking.co.uk and its associated sub-domains from time to time (“website”). This Privacy Policy applies to this website and your rights in connection with collection of any personally identifiable information (“personal data”). We provide this Privacy Policy in accordance with applicable data laws including, without limitation, the (EU) General Data Protection Regulation (“GDPR”), Data Protection Act 2018, and the Privacy and Electronic Communications Regulation (“data laws”).

 

Introduction

We are committed to the protection of your personal data and this Policy sets out information regarding: (i) who we are; (ii) what personal data we collect about you; (iii) how we collect and use your personal data; (iv) retention and transfer; (v) your rights in respect of your personal data; and (vi) relevant contact details.

We are the data controller for the purposes of relevant data laws in respect of your personal data.

Bright Thinking is the trading name of Alison Outred, providing life coaching and business coaching services and having business address at 7B Palmerston Road, Edinburgh, EH9 1TL. You can contact us at [email protected] or 07723590515.

 

Personal Data We Collect From You

“Personal data” means information that can identify you. This can include data such as your name, email address, telephone number, home address, date of birth, demographic information, and technical data such as your IP address, web-browser, and other operating system information. You have rights in your personal data under applicable data laws.

Bright Thinking may collect certain data from you in the following circumstances:

  • you book an appointment with us in person, on the telephone, or online or make an enquiry as to an appointment;
  • you provide data during a session appointment or in anticipation of a session appointment;
  • you provide us with your financial information (such as a credit or debit card) to process an order either in person, on the telephone, or online;
  • you visit our website which provides us with information about your IP address and other analytics about your
  • use of our site such as page interaction (see our section on ‘Cookies’ for further information).

We may host, from time to time, various social media channels which can include, without limitation, platforms such as Facebook, Twitter, Instagram, LinkedIn, or similar (“social media channels”). Where you provide us with personal data under these channels then we may collect such personal data in the same manner as provided for in this Privacy Policy as if you had provided such personal data to us directly.

 

Sensitive Data

While not always applicable, we may from time to time collect sensitive data relevant to any session or pre-session appointment carried out in our ordinary course of business. “Sensitive data” is a special category of personal data which reveals: (i) racial or ethnic origin; (ii) political opinions; (iii) religious or philosophical beliefs; (iii) trade union membership; (iv) genetic data; (v) biometric data; (vi) data concerning health; or (vii) data concerning sex life and/or sexual orientation.

Bright Thinking is a coaching services provider and therefore we may, either prior to a session or during a session, collect sensitive data. In respect of data concerning health; this may include medical history information (such as pre-existing heart conditions, epilepsy, or other) which is collected in order to maintain a safe environment for our clients during session.We process such sensitive data on the standard bases of consent, performance of a contract, and legitimate interest, however – and in accordance with Article 9 GDPR – we will obtain your explicit consent to the processing of such data. Any files containing sensitive data are maintained securely and only accessed by Bright Thinking personnel. You have the right to withdraw your consent and should communicate this to Bright Thinking in person, by email, or by telephone in accordance with the information contained within this Policy.

 

Why We Process Your Personal Data

Our use of your personal data is linked to the appropriate processing basis. In the event that you share personal data with us in order that we may schedule an appointment for you or provide our services to you in the normal course of our business then we shall process that data under the basis of fulfilment of a contract.

We also have a legitimate interest basis in processing your personal data where you have expressed interest in using our services, in order to keep you updated as to our services and products, and the keeping records of the contract and the service provided.

Where we collect personal data from you automatically through your use of our website (such as IP address) then we do this under the basis of legitimate interest as we wish to ensure that the website functions properly, provides the appropriate user experience, to ensure that the website provides relevant content for you, and for traffic monitoring and audience participation. We are entitled to rely on this basis as it pertains to the hosting of our website, our interaction with customers and potential customers and the growth of our business.

Where we process your personal data in order to comply with legal requirements (such as maintaining appropriate transaction records for tax and financial purposes) or as required by governmental, legal, or regulatory authority, we do so on the basis of either: (i) compliance with a legal obligation to which we are subject and/or; (ii) in order to protect our legitimate interests in connection with our business operations or any other legal claims basis.

 

How We May Share Your Personal Data

We may share your personal data with:

  • service providers to Bright Thinking who provide IT, web, or similar services (including search engine providers and analytics to assist us in monitoring your use of the website);
  • financial service providers who process payments, refunds, or bookings of appointments;
  • third parties where part of a sale, transfer, or merger of some or all of our business and/or its assets;
  • any governmental, legal enforcement, or similar body to whom we are required to disclose your personal data to.

 

Third Party Links

Our website may, from time to time, provide links to the websites of third parties that are not operated or affiliated with Bright Thinking. We have no control and assume no liability over any such third party links and you are advised to review each of those sites’ individual privacy policies.

 

Where Your Personal Data Is Stored

Our business is located in the UK and we would not, in the ordinary course of operations, transfer your data outside of the European Economic Area (“EEA”). However, some of our service providers are based outside of the EEA so their processing of your personal data will involve a transfer of such personal data outside the EEA.

These service providers include, from time to time, electronic communication platforms such as Skype or Zoom, which we use for the holding of confidential files and Skype, and Google Analytics which we use for traffic monitoring. These US-based providers are part of the EU-US Privacy Shield, allowing us to transfer data to them given that they have equivalent safeguards in place as required under relevant data laws. Whenever we transfer your personal data outside of the EEA we take steps to ensure a level of security for that data under mechanisms such as the EU-US Privacy Shield.

You, as a data subject, have the right to withdraw your consent to a data transfer outside of the EEA but this is only applicable where we rely on your consent to the transfer and not upon another basis such as legitimate interest or performance of a contract.

 

Retention Of Your Personal Data

We retain your personal data for such time period as is necessary for us to fulfil the purpose for the collection of the personal data as set out in this Privacy Policy. Please note that, due to legal, accounting, reporting, and tax requirements, we are required to maintain information relating to our customers (including financial transaction records) for a minimum of 6 years.

 

Security

We take the protection of your personal data seriously and will take appropriate measures to reduce the risk of any accidental or unauthorised disclosure of your personal data. Your personal data is limited to those owners, directors, employees, agents, contractors, and other third parties of the Company who have a business requirement to know the personal data.

Any data collected by email is hosted by IONOS which complies with strict European data privacy rules and are SSL/TLS encrypted.

Your Rights

You have, as a data subject under the data laws, certain rights in respect of your personal data. These rights include, among others:

    • the right of access to your personal data
    • the right to be informed about our collection and use of your personal data
    • the right to rectify any inaccurate or incomplete personal data
    • the right for your personal data to be deleted
    • the right to obtain a copy of your personal data (portability)
    • the right to object to us using your personal data for certain purposes (such as direct marketing)
    • the right to withdraw your consent as a processing basis for your personal data.
    • You are entitled to exercise your rights under the data laws and can do this by contacting us with your request.

Please see our “Contact Us” section of this Policy for contact information. We will not usually levy a charge for you to exercise any of your rights as noted within this section of our Privacy Policy. We do, however, reserve the right to charge a reasonable fee if data subjects make repeated, vexatious, excessive, or clearly groundless requests.

You have the right to complain to the Information Commissioner’s Office (the ‘ICO’). See their website for further information: https://ico.org.uk

 

Cookies

Our website uses cookies. Cookies are small files of letters or numbers which are placed onto an internet browser or operating system when you visit certain websites (including this website). Many websites use cookies and they are very common. Cookies collect information about users of the site and help to distinguish your use of our website from other users. Cookies fall into categories of: (i) strictly necessary cookies; (ii) functionality cookies; (iii) analytical/performance cookies; and (iv) marketing cookies. Cookies can either be “session” cookies which are deployed only during the period that you use a website or “persistent” cookies which are stored as files on your computer and remain there following the end of your browsing on that website.

Strictly necessary cookies are cookies which are essential for you to browse a website and to use its features. Functionality cookies are cookies which permit websites to remember choices which you have specified in the past such as a username and password. Analytical/performance cookies are cookies which track users’ use of a website and are generally anonymised so do not constitute personal data. Marketing cookies track online activity and are used to create more relevant advertising.

 

This website uses the following cookies:

Cookie Party Category
SERVERID First Party. This is a strictly necessary cookie for the operation of the site and is a session cookie. Strictly necessary.

You are able to set your browser to disallow cookies however please note that this may impair the functionality of our website and your user experience. Further information about cookies is available at https://www.allaboutcookies.org

 

Governing Law

This Privacy Policy shall be governed by and in accordance with the laws of Scotland and the courts of Scotland shall have exclusive jurisdictions in relation to any claims, issues, or otherwise associated with this Policy.

Changes To This Policy

We reserve the right to update or amend this Privacy Policy from time to time and you shall be notified by a republication of this Policy on our website. You and any users of our website are recommended to review this Privacy Policy periodically for any changes.

 

Contact Us

Please contact us if you have any questions or comments about our Privacy Policy or any personal data we may hold on you. Our contact details are:

Telephone: 07723590515
Email: [email protected]
Address: 7B Palmerston Road, Edinburgh, EH9 1TL

Last Updated: 02 April 2020