Privacy Policy

1. Data Controller

As the data controller, we are responsible for deciding how and why your personal data is processed. If you have any questions about this policy or our data practices, please contact us using the details above.

2. Data We Collect

We collect the following categories of personal data:

2.1 Data You Provide Directly

• Full name — provided when completing the contact form
• Email address — provided when completing the contact form
• Message content — the enquiry or message you submit via the contact form
• GDPR consent record — your confirmation that you have accepted our privacy policy

2.2 Data Collected Automatically

• IP address and browser type — collected via server logs for security purposes
• Cookie data — as described in our Cookie Policy
• Pages visited and session duration — if analytics cookies are accepted

We do not collect sensitive personal data (also called "special category" data) such as data revealing racial origin, political opinions, religious beliefs, or data concerning physical condition.

3. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR Article 6:

• Consent (Article 6(1)(a)): When you tick the consent checkbox on our contact form, or when you accept optional cookies via our cookie banner.
• Contract (Article 6(1)(b)): When processing is necessary to respond to your enquiry, confirm a booking, or deliver a coaching session you have requested.
• Legitimate Interests (Article 6(1)(f)): We have a legitimate interest in maintaining basic website security logs and ensuring the technical operation of our website, provided this does not override your rights.
• Legal Obligation (Article 6(1)(c)): Where we are required to retain certain records to comply with UK law, including tax and accounting requirements.

4. Purposes of Processing

We process your personal data for the following purposes:

• Responding to your enquiries and messages submitted via the contact form
• Managing and scheduling coaching sessions, if booked
• Maintaining records of consent for compliance purposes
• Improving the website experience through aggregated, anonymised analytics (only when analytics cookies are accepted)
• Maintaining website security and preventing fraudulent activity

We will not use your data for automated decision-making or profiling.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy:

• Contact form data: Retained for up to 24 months from the date of submission, or until you request deletion.
• Coaching session records: Retained for up to 36 months following the conclusion of the coaching relationship.
• Consent records: Retained for up to 36 months from the date of consent as required for compliance demonstration.
• Server logs: Retained for up to 90 days for security purposes.
• Cookie preference data (localStorage): Stored locally on your device and retained until you clear your browser data or withdraw consent.

After the applicable retention period, data is securely deleted or anonymised.

6. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We may share data in the following limited circumstances:

• Service providers: Hosting providers and IT service providers who process data on our behalf under data processing agreements.
• Legal requirements: Where required to disclose data to comply with a legal obligation, court order, or regulatory requirement under UK law.
• Business transfers: In the event of a merger or acquisition, your data may be transferred to the successor entity, subject to the same privacy protections.

Any third parties who process data on our behalf are contractually obliged to maintain appropriate security measures and may not use your data for their own purposes.

7. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• HTTPS encryption for all data transmitted via our website
• Access controls limiting who within our organisation can access personal data
• Regular review of our data handling practices
• Secure deletion procedures for data that is no longer required

While we take all reasonable precautions, no method of internet transmission is entirely secure. If you have concerns about data security, please contact us directly.

8. Your Rights Under UK GDPR

As a data subject under UK GDPR, you have the following rights:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of any inaccurate or incomplete data we hold.
• Right to Erasure: You may request deletion of your personal data where there is no longer a lawful basis for us to retain it.
• Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances.
• Right to Data Portability: Where processing is based on consent, you may request a copy of your data in a structured, machine-readable format.
• Right to Object: You may object to processing based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@purificationvypl.world. We will respond within one calendar month (extendable by a further two months for complex requests, in which case we will notify you). We may request reasonable information to verify your identity before processing a request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection: ico.org.uk/make-a-complaint.

9. Children

Our website and services are not directed at children under 16, and we do not knowingly collect personal data from anyone under 16. If you believe we have collected data from a child under 16, please contact us immediately and we will delete it without undue delay.

10. Marketing Communications

We will only send you marketing emails if you have given explicit consent or if you are an existing client and we have a lawful basis under PECR. You may withdraw consent or opt out at any time by using the unsubscribe link in any marketing email or by contacting us. We do not sell your data to third parties for marketing purposes.

11. Data Breaches

We maintain procedures to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours where required by law, and inform you without undue delay when we are legally required to do so.

12. Complaints

If you have concerns about how we handle your personal data, please contact us first using the details in Section 16. We aim to acknowledge complaints within five working days and provide a substantive response within 30 days. If you remain dissatisfied, you may contact the ICO as set out in Section 8.

13. Cookies

Our website uses cookies. For full details on the types of cookies we use, their purposes, and how to manage your preferences, please read our Cookie Policy.

14. International Data Transfers

We primarily process data within the United Kingdom. If any data is transferred outside the UK, we ensure that appropriate safeguards are in place, such as UK adequacy decisions or Standard Contractual Clauses, to ensure your data remains protected to the standards required by UK GDPR.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website following any changes constitutes your acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us: