Privacy Policy

Here is the privacy policy for Tracy Heatley Limited.

Tracy Heatley Limited

Tracy Heatley Limited is registered with the ICO and has a full data protection policy in place.

Tracy Heatley Limited will not share personal data with any third parties, other than Business Over Breakfast (North West) Ltd, which is owned by Tracy Heatley, and our professional service providers that we use to help run the business.   All our professional service providers are GDPR compliant and non-disclosure agreements are in place with all service providers who may have access to our internal and IT systems.

As well as the main website, clients data will be held on our internal CRM for a maximum of ten years after our last communication, including social media.

Contact details will be added to our newsletters, with an option to unsubscribe from the newsletter at any time.


Data That We May Hold

Please remember that you can contact us to change the information at any time.


Contact Details:

  • Your first name
  • Your surname
  • Your photographs
  • Your business or company name
  • Your company logo
  • Your phone numbers
  • Your mobile phone numbers
  • Your email address (which is not shown on website)
  • Your business postal address
  • Your business description
  • Links to your social Media accounts


Additional personal data we may hold about you

  • Recommendations and testimonials that you have given to Tracy Heatley Limited
  • Training workshops you have attended
  • Invoices we have sent you
  • People you have referred us to
  • Training session notes
  • Authorisation documentation
  • Signed legal agreements
  • Business information that has been communicated by you
  • Documentation, included, but not limited to, information used to guide, mentor or complete marketing projects.


We may need to contact you to send you:

  • Emails
  • Inform you of training dates
  • Automated responses
  • Inform you of changes
  • Updates on future training
  • Invoices and other accounts related information
  • Details of recommendations that you need to approve
  • Confirmation of bookings
  • Updates on additional and/or optional benefits
  • Newsletter updates
  • Confirm meetings/appointments
  • Send relevant business information.


How we may communicate with you:

  • Email
  • Text
  • Mobile phone notification
  • Phone call
  • WhatsApp
  • Zoom
  • Microsoft Teams
  • Twitter
  • LinkedIn
  • Post
  • All other current and future social media platforms


We will only keep your data for a limited period:

  • We will keep members personal data up to six years from, unless there have been other on-going forms of communications after this period and/or we have been given permission by you to retain the data. On-going communications includes social media platforms.
  • Invoices and accounts documentation will be kept for the time-period dictated by law.
  • Any business cards that are kept on-site will be kept in a suitably secure cabinet, cupboard or draw that will be kept locked when not in use.
  • Business cards and any other marketing literature will be shredded securely when they are no longer in use.

Requesting that personal data be removed from the website earlier than 6 years:

  • If you would like us to remove your data from our database, you must send an email to clearly stating your full name, company, your email address and why you want us to remove your data.  Your data will be permanently removed within thirty days from request. Please note that some financial data, such as invoices must be retained for the legal amount of time stipulated by HMRC and  legislation.

The Data Controller for Tracy Heatley Ltd is:

  • Tracy Heatley is the data controller and can be contacted on 07812 076946 or by email


* Please Note: 

If a data request is received from any law enforcement agency, court, regulator, government authority or other third party, where it is considered necessary to comply with a legal or regulatory obligation, your data may be shared.

Where We Store Personal Data

All data you provide to us is stored on our internal CRM, which is GDPR compliant. Any data relating to invoices is stored on our internal network, which is backed-up offsite using a GDPR compliant supplier.  Accounts data is shared with our accountants and they are GDPR compliant.

All information you provide to us is processed and is stored on a secured server.

As the transmission of information via the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Card payment, direct debit and online booking companies are used to process some of our payments. We do not hold any sensitive payment card data in our database.

All the third party companies we use are covered by their own PCI and GDPR compliance.


Your Rights

In preventing the use or processing of your personal data, it may delay or prevent us from fulfilling our contractual obligations to you, including but not limited to providing training services.

You have the right to object to our use of your personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it. This is known as your right to be forgotten. There are legal and accountancy reasons why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly.


Accessing, Updating and Reviewing Your Business and Personal Data

It is your responsibility to maintain the accuracy of your information and ensure all your details, including, but not limited to, name, address, title, phone number and e-mail address is kept up to date with us. You must do this by emailing with any changes.


Cookie Policy

Cookies enable us to identify your device, or you when you have logged in. We may use cookies that are strictly necessary to enable you to move around the site or to provide certain basic features. We may use cookies to enhance the functionality of the website by storing your preferences. We may also use cookies to help us to improve the performance of our website to provide you with a better user experience.

We do not sell the information collected by cookies, nor do we disclose the information to third parties, except those third parties outlined in our terms and conditions and where required by law to do so to law enforcement agencies and legal authorities.

The website uses Google Analytics to provide entirely anonymous information about how many people visit it. This helps us to improve the website. If you do not accept cookies, you will not be included in these statistics from Google Analytics. You will still be able to use the website; however, a regular message may will continue to appear at the top of the screen.


Website Links

Tracy Heatley Limited may provide links to other third-party websites.  These websites are not under the control of Tracy Heatley Limited.  Therefore, it is strongly recommended that you review the privacy policies of any third-party website.


Data Breaches

In the event of an unlikely data breach, Tracy Heatley shall ensure that its obligations under applicable data protection laws are complied with.


Contact Us

To contact us regarding this Privacy Policy, please e-mail any questions or comments you have about privacy to us at with the subject header titled Privacy Policy.


Your Right to Make A Complaint

You have the right to make a complaint to the Information Commissioner regarding how we process your personal data:

Information Commissioner’s Office
Wycliffe House
Water Lane

Tel: 0303 123 1113