Privacy & Data Protection Policy

How Personal Data Is Collected, Used, and Protected

This Privacy & Data Protection Policy applies to this website, catherinehale.co.uk, and to services, programmes, sessions, courses, events, retreats, and coaching containers provided by Catherine Hale.

This policy explains:

  • what personal data is collected

  • how it is used and protected

  • your rights in relation to your data

  • how data handling intersects with safeguarding, accountability, and care

This policy should be read alongside:

  • Ethics

  • Safeguarding & Care

  • Concerns, Feedback & Accountability

  • Code of Ethics

Catherine Hale nervous system integration and embodied leadership

A Note on Power & Responsibility

I work in contexts where people may share personal and, at times, sensitive information.

Because I hold up power as a facilitator and programme lead, I treat data protection as part of ethical responsibility, not just legal compliance.

This means:

  • only collecting information that is genuinely needed

  • being clear about how information is used

  • protecting confidentiality

  • and not using personal data in ways that create pressure, leverage, or dependency

What Is Personal Information?

Personal information is any information that can identify you directly or indirectly.

You are not required to provide personal information, but choosing not to do so may limit my ability to provide services or respond to enquiries.

Some information shared in this work may be sensitive personal data, including information relating to health, wellbeing, sexuality, or lived experience. This is handled with additional care and only collected where necessary and with explicit consent.

What Information Is Collected

Information You Provide Directly

This may include:

  • information provided when purchasing a product or programme

  • information shared when registering for sessions, events, retreats, or programmes

  • information shared via enquiry forms or email

  • information provided for safeguarding, accessibility, or participation purposes

  • newsletter subscription details

Sensitive information is only collected where relevant and with your consent.

Information Collected Automatically

This website uses analytics tools (including Google Analytics) to collect information about website usage, such as:

  • pages visited

  • time spent on pages

  • general location data

This information helps improve content and user experience.
It does not identify you personally.

Information from Third-Party Platforms

Personal data may be collected through trusted third-party services used for scheduling, payment, communication, or hosting, including:

  • scheduling systems

  • email platforms

  • payment processors

  • social media platforms

Where third-party services are used, their own privacy policies also apply.

How Personal Information Is Used

Personal information is collected and used only for specific and limited purposes, including:

  • administering purchases and enrolment

  • delivering programmes, sessions, events, and retreats

  • communicating relevant information about services

  • responding to enquiries

  • providing newsletters or updates (where consent has been given)

  • improving offerings and user experience

  • meeting legal or safeguarding obligations

Consent is obtained where required, and you may withdraw consent at any time.

Safeguarding, Confidentiality & Care

Information shared within sessions, programmes, or grievance processes is treated as confidential.

Personal and sensitive information:

  • is accessed only on a need-to-know basis

  • is not shared without consent, except where legally required

  • may be used to support safeguarding, accessibility, or accountability processes

Information shared through the Concerns / Grievance Form is handled with particular care and is only used for accountability and repair purposes, as outlined in the Concerns, Feedback & Accountability policy.

How Information Is Shared

Personal information is not sold.

Information may be shared only where necessary, including:

  • with payment processors

  • with service providers who host or process data securely

  • with collaborators delivering joint events or retreats, where consent has been given

  • where required by law or to meet safeguarding obligations

Legal Disclosure

Information may be disclosed where required:

  • to comply with legal obligations

  • to respond to lawful requests from authorities

  • to protect safety, security, or prevent harm

  • to support safeguarding or emergency situations

International Data Transfers

Personal information may be transferred outside the EEA where necessary to deliver services or work with trusted providers.

Where this occurs, appropriate safeguards are used to ensure data protection standards equivalent to those within the EEA.

Data Security

Reasonable and appropriate measures are taken to protect personal information, including:

  • secure systems and access controls

  • encryption where appropriate

  • secure storage of physical records

  • confidentiality agreements with service providers

Financial information is not stored directly. Payments are processed through secure third-party providers (e.g. PayPal, BACS).

Data Retention

Personal information is retained only for as long as necessary to:

  • deliver services

  • meet legal obligations

  • respond to concerns or accountability processes

  • improve services

Data is reviewed periodically and securely deleted or anonymised when no longer required.

Your Rights

You have the right to:

  • be informed about how your data is used

  • access and correct your data

  • request data portability

  • request deletion (where legally possible)

  • restrict or object to certain processing

  • withdraw consent

  • lodge a complaint with a supervisory authority

  • not be subject to automated decision-making where applicable

Contact & Data Requests

For questions about your personal data, or to exercise your rights, contact:

support@catherinehale.co.uk

Requests are handled with care and within appropriate timeframes.

Updates to This Policy

This policy may be updated to reflect changes in services, feedback, or legal requirements.

Last updated: 30th January 2026

Cookie & Email Marketing Policy

This website uses cookies to improve user experience and site functionality.

You may disable cookies via your browser settings, though some features may not function as intended.

Email communications may include tracking to understand engagement and improve content. You can unsubscribe at any time via links in emails.

Email marketing services used are GDPR compliant.