Privacy Notice

Last updated: 5 June 2026

1. Introduction

This Privacy Notice explains how we collect, use, store, and protect your personal data when you visit and interact with our website. We are committed to handling your personal information in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and any applicable national data protection legislation.

Please read this notice carefully. By using our website or submitting the contact form, you acknowledge that you have read and understood this Privacy Notice.

2. Who We Are (Data Controller)

For the purposes of the GDPR, we are the data controller of your personal data. This means we determine the purposes and means of processing your personal information.

Sarah Battey, 46 Avenue Guillaume, L-1650 Luxembourg

If you have any questions about this Privacy Notice or how we handle your personal data, please contact us at the address or email above.

3. What Personal Data We Collect

3.1 Contact Form

When you complete and submit the contact form on our website, we collect:

  • Your email address
  • The content of your message or enquiry

You are not required to submit the contact form. Providing this information is voluntary and necessary only if you wish to contact us.

3.2 Technical and Usage Data

Like most websites, our website and its hosting infrastructure (provided by Bluehost) may automatically collect certain technical data when you visit, including:

  • Your IP address (anonymised or in full, depending on server configuration)
  • Browser type and version
  • Operating system
  • Referring URLs and pages visited
  • Date and time of access

This data is collected by Bluehost’s web server logs for security, operational, and diagnostic purposes. We do not use this data to identify individual users for marketing purposes.

3.3 Cookies

Our website uses only the essential cookies that are automatically set by WordPress (our content management system) and Bluehost (our hosting provider). We have not installed any additional tracking, analytics, or advertising cookies.

Essential cookies may include:

  • Session cookies that maintain basic website functionality while you browse
  • Security cookies set by WordPress to protect the site against malicious activity

These cookies are strictly necessary for the website to operate and do not require your consent under GDPR. They do not collect personal data for marketing or tracking purposes and are automatically deleted when you close your browser or shortly thereafter.

If you wish to control or disable cookies, you may do so through your browser settings. Note that disabling essential cookies may affect the functionality of the website.

4. Legal Basis for Processing

We process your personal data only where we have a valid legal basis under Article 6 of the GDPR:

  • Legitimate interests (Article 6(1)(f)): We process technical/server log data to ensure the security and proper functioning of our website. Our legitimate interest in operating a secure website is balanced against the limited impact on your privacy.
  • Consent (Article 6(1)(a)): Where you voluntarily submit the contact form, we process your email address and enquiry on the basis of your consent, which you give by submitting the form.
  • Contractual necessity (Article 6(1)(b)): If you contact us to enquire about or engage our coaching and training services, processing may be necessary to take steps prior to entering into a contract with you.

5. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

  • To respond to your enquiries and requests submitted via the contact form
  • To communicate with you about our coaching and training services
  • To maintain and improve the security and performance of our website
  • To comply with any applicable legal obligations

We do not use your personal data for automated decision-making or profiling.

6. How We Share Your Personal Data

We do not sell, rent, or trade your personal data to third parties. We may share your information only in the following limited circumstances:

  • Bluehost (Hosting Provider): Our website is hosted by Bluehost, Inc., which processes technical and server log data on our behalf as a data processor. Bluehost is headquartered in the United States. Where data is transferred outside the European Economic Area (EEA), appropriate safeguards apply (see Section 9).
  • Automattic / WordPress.com: Our website is built on WordPress software (wordpress.org). The core WordPress software is self-hosted on Bluehost and does not independently transfer your data to Automattic unless you use specific WordPress.com-connected services.
  • Legal obligations: We may disclose your data if required to do so by law, regulation, or a court order, or to protect our legal rights.

We require all third-party service providers to respect the security of your personal data and to treat it in accordance with applicable law.

7. Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected:

  • Contact form data (email address and enquiry): Retained for as long as is necessary to respond to and resolve your enquiry, or as required by applicable law. If you do not proceed to engage our services, we will delete your enquiry data within 12 months of last contact.
  • Server log data: Typically retained by Bluehost in accordance with their own data retention policies, generally for a limited operational period. Please refer to the Bluehost Privacy Policy for details.

When personal data is no longer needed, we will securely delete or anonymise it.

8. Your Rights Under the GDPR

As a data subject located in the European Economic Area (EEA), you have the following rights under the GDPR:

  • Right of access (Article 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): You may request that we correct inaccurate or incomplete personal data.
  • Right to erasure (Article 17): You may request that we delete your personal data, subject to certain conditions.
  • Right to restriction of processing (Article 18): You may request that we restrict how we use your data in certain circumstances.
  • Right to data portability (Article 20): Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21): You may object to processing based on our legitimate interests.
  • Right to withdraw consent (Article 7(3)): Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us using the details in Section 2. We will respond to your request within one month, as required by the GDPR (Article 12). In complex or high-volume cases, this period may be extended by a further two months, and we will notify you accordingly.

We may need to verify your identity before fulfilling a request.

9. International Data Transfers

Our hosting provider, Bluehost, is based in the United States. When your data is processed on Bluehost’s servers, it may be transferred to and stored in the United States, which is outside the European Economic Area (EEA).

We rely on appropriate safeguards to ensure that such transfers comply with the GDPR, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms. You may request further information about these safeguards by contacting us.

10. Security of Your Personal Data

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

  • Secure HTTPS encryption on our website
  • Password-protected access to administrative systems
  • Reliance on Bluehost’s physical and infrastructure security measures

While we take reasonable steps to protect your data, please be aware that no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Third-Party Links

Our website may contain links to third-party websites. This Privacy Notice applies solely to our website. We are not responsible for the privacy practices of any third-party websites and encourage you to review their respective privacy notices before providing any personal data.

12. Right to Lodge a Complaint

If you believe that we have processed your personal data in a manner that is inconsistent with the GDPR or your data protection rights, you have the right to lodge a complaint with your local supervisory authority.

If you are based in Luxembourg, the relevant supervisory authority is:

Commission Nationale pour la Protection des Données (CNPD)

15, Boulevard du Jazz

L-4370 Belvaux, Luxembourg

Website: https://cnpd.public.lu

If you are based in another EU/EEA member state, you may also contact the supervisory authority in the country where you reside, work, or where the alleged infringement occurred.

We would, however, appreciate the opportunity to address your concerns directly before you approach a supervisory authority. Please contact us first using the details in Section 2.

13. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The “Last updated” date at the top of this notice will reflect the most recent revision.

We encourage you to review this Privacy Notice periodically. Continued use of our website after any changes constitutes acceptance of the updated notice.

Privacy Notice | Last updated: 5 June 2026

In accordance with GDPR (EU) 2016/679