top of page
21_edited_edited.jpg

Privacy Policy

 

Privacy Policy

​Last updated: 17 January 2026

​

1. Who we are

This Privacy Policy explains how Oak Tree Coaching (“we”, “us”, “our”) collects, uses, stores and shares personal data when you use our website www.oaktreecoaching.org and when you contact us or use our services.

This policy is written to meet the requirements of the UK GDPR and the Data Protection Act 2018.

We are the data controller for the personal data we process.

​

Contact details
Email: hello@oaktreecoaching.org
Website: www.oaktreecoaching.org
Location: Cottenham, Cambridge, United Kingdom

​

If you have questions about this notice or want to exercise your data rights, please contact us using the details above.

 

2. The personal data we collect

We may collect and process the following categories of personal data:

​

Identity and contact data
Name, email address, phone number, and (where relevant) postal address.

​

Business data
Business name, role, and business related information you share with us.

​

Enquiry and communications data
Information you provide when you contact us (for example via website forms, email, WhatsApp, social media messages, or phone), including the content of messages.

​

Coaching and service delivery data
Information you share during coaching, mentoring or training (for example goals, reflections, actions and progress). We may also hold session notes that support delivery of the service.

​

Financial and transaction data
Invoices, payments and payment status. Payments are processed by third parties and we do not store full card details.

 

Website usage and technical data
IP address, device and browser information, and information about how you use our website (including pages visited and interactions). This is collected through cookies and similar technologies (see section 9).

​

Blog comments and public content
If you comment on our blog, the information you submit may be published on the website (depending on site settings). Please avoid sharing information you would not want to be public.

​

3. How we collect your personal data

We collect personal data when you:

​

  • submit a form on our Wix website (for example a contact form or resource sign up)

  • comment on our blog

  • contact us by email, phone, WhatsApp or social media

  • purchase a service or resource

  • take part in coaching, mentoring or training sessions

  • use our website (via cookies and similar technologies)

 

4. How we use your personal data

We use your personal data to:

​

  • respond to enquiries and provide requested information

  • deliver coaching, mentoring, training and resources

  • send service communications (for example updates about a booking, a resource you requested, or programme information)

  • create invoices, process payments and keep business records

  • produce and share session summaries (see section 6)

  • manage and improve our business, including record keeping, troubleshooting and protecting our website and accounts from spam or misuse

  • send marketing emails where you have opted in (or where permitted by law), with an option to unsubscribe at any time

 

5. Our lawful bases for processing

Under UK GDPR, we process personal data only where we have a lawful basis. Common bases we rely on include:

​

Contract (or steps before entering a contract)
Where processing is necessary to provide the services you request (including managing delivery, support and administration).

 

Legitimate interests
Where processing is necessary to run our business effectively (for example responding to enquiries, keeping records, protecting against spam and misuse, and producing session summaries to support the service), balanced against your rights.

 

Consent
Where you choose to receive marketing emails, and for non essential cookies where required (see section 9). You can withdraw consent at any time.

​

Legal obligation
Where we must process data to meet legal requirements (for example accounting and tax).

 

6. Call recording and AI generated summaries (Zoom)

We use Zoom to deliver some calls. We may use Zoom’s recording and AI enabled features to create a helpful summary of the session, which may then be shared with you.

​

  • We use this to support service delivery and help you capture actions and reflections.

  • Where recording or AI features are used, we will be transparent about it and you can ask for an alternative (for example no recording and no AI summary).

  • Recordings and transcripts (where created) are kept only for as long as necessary for the purpose of creating and sharing the summary, handling follow up actions, and maintaining appropriate records.

 

7. Where your data is stored

We use secure systems to store business and client data. For example, we store session notes and files in Dropbox.

 

8. Who we share your personal data with

We share personal data only where necessary to operate our website and deliver services. This may include:

​

  • Wix (website hosting, forms and blog functionality)

  • Mailchimp (email marketing and email delivery)

  • Stripe (payment processing)

  • QuickBooks (invoicing/accounting)

  • Dropbox (file storage)

  • Zoom (video calls and, where enabled, recording/AI summaries)

 

We may also share information with professional advisers (for example an accountant) where needed, and with authorities if legally required.

​

9. Cookies and website analytics

Our Wix website uses cookies and similar technologies.

​

  • Essential cookies help the website function, stay secure, and enable core features.

  • We may enable analytics cookies to understand website performance and improve the site. Where required, these will be controlled via a cookie banner/consent settings.

 

You can also control cookies through your browser settings.

​

10. International transfers

Some of the services we use may process data outside the UK. Where personal data is transferred internationally, we rely on appropriate safeguards (such as adequacy regulations or UK approved contractual protections) where required.

 

11. Data security

We use appropriate technical and organisational measures to protect personal data and limit access to those who need it.

No system is completely secure, but we work to prevent unauthorised access, alteration, disclosure or loss.

 

12. How long we keep your data

We keep personal data only for as long as necessary for the purposes we collected it for, including legal and accounting requirements.

Typical retention periods:

​

  • Enquiries (non clients): up to 12 months after last contact

  • Clients: up to 6 years after the end of the client relationship (to meet tax and accounting obligations)

  • Marketing records: until you unsubscribe or we refresh our records

  • Call recordings/transcripts (where used): kept only as long as necessary for creating and sharing summaries and handling follow ups (see section 6)

 

13. Your rights

You have rights under UK data protection law, including the right to:

​

  • access your personal data

  • correct inaccurate data

  • request deletion in certain circumstances

  • restrict processing in certain circumstances

  • object to processing based on legitimate interests

  • withdraw consent at any time where processing is based on consent

  • request data portability in certain circumstances

 

We aim to respond to valid requests within one month, and we may ask for information to confirm your identity.

You also have the right to complain to the Information Commissioner’s Office (ICO).

 

14. Children

Our services and website are not intended for children and we do not knowingly collect personal data relating to children.

 

15. Automated decision making

We do not use automated decision making or profiling that produces legal or similarly significant effects.

 

16. Changes to this notice

We may update this privacy notice from time to time. The latest version will always be posted on this page, with the updated date at the top.

bottom of page