Privacy Policy

Privacy Policy
Tomlin & Co Ltd

1. Introduction
Tomlin & Co Ltd (“we”, “us”, “our”) is committed to protecting and respecting your privacy.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and services, including purchasing hourly business coaching sessions online.
We operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are
Tomlin & Co Ltd is the data controller responsible for your personal data.
Company details:
Tomlin & Co Ltd
Fulford House
CV32 4EA

3. What Data We Collect
We may collect and process the following data:
a) Information you provide directly

• Full name

• Email address

• Phone number (if provided)

• Billing address

• Business information (if shared during booking or coaching)

• Any information you submit via forms, emails, or during coaching sessions

b) Payment information
Payments are processed via third-party providers. We do not store full card details.
c) Usage data

• IP address

• Browser type and version

• Pages visited and time spent on site

• Device information

d) Communication data

• Emails and messages sent to us

• Notes taken during coaching sessions

4. How We Use Your Data
We use your data for the following purposes:

• To provide and manage coaching services

• To process payments and bookings

• To communicate with you about your sessions

• To respond to enquiries and provide support

• To improve our website and services

• To comply with legal and regulatory obligations

5. Legal Basis for Processing
We process your personal data under the following legal bases:

• Contractual necessity – to deliver services you have purchased

• Legitimate interests – to improve services and manage operations

• Legal obligation – to comply with applicable laws

• Consent – where required (e.g. marketing communications)

6. How We Share Your Data
We do not sell your data. However, we may share it with:

• Payment processors (e.g. Stripe, PayPal)

• Website hosting providers

• Email and communication platforms

• Professional advisors (e.g. legal, accounting)

• Regulatory authorities if required

All third parties are required to respect the security of your data.

7. International Transfers
If any data is transferred outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent protections.

8. Data Retention
We retain your data only as long as necessary:

• Client records: typically up to 6 years (for legal and tax purposes)

• Communications: as needed for business operations

• Marketing data: until you withdraw consent

9. Your Rights
Under UK GDPR, you have the right to:

• Access your personal data

• Correct inaccurate data

• Request deletion of your data

• Restrict or object to processing

• Data portability

• Withdraw consent at any time

To exercise these rights, contact us at:
[Insert Contact Email]
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

10. Data Security
We implement appropriate technical and organisational measures to protect your data, including:

• Secure servers

• Encrypted communications where applicable

• Restricted access to personal data

However, no system is completely secure, and we cannot guarantee absolute security.

11. Cookies
Our website may use cookies to:

• Improve user experience

• Analyse website traffic

• Support functionality

You can control cookies through your browser settings.

12. Marketing Communications
We may send you marketing emails if you have opted in. You can unsubscribe at any time using the link in our emails.

13. Third-Party Links
Our website may contain links to other websites. We are not responsible for their privacy practices.

14. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date.