Effective From: 14th June 2026

Privacy Policy

Tracy Heatley Limited (“we,” “us,” “our”, or “the Company”) is committed to protecting your privacy and handling your personal information responsibly.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data, as well as your rights regarding your personal information.

Our Commitment to Your Data

Tracy Heatley Limited is registered with the ICO (Information Commissioner’s Office) and adheres to applicable data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Your personal data will only be used in line with this Privacy Policy, applicable legal obligations, and legitimate business requirements.

We will never sell your personal data to third parties.

Data Controller

Tracy Heatley Limited is the data controller responsible for the personal data collected through this website, our services, communications, bookings, training, mentoring, strategy sessions, programmes, and related business activities.

For questions about this Privacy Policy or how your personal data is used, please contact:

Tracy Heatley Limited

Email: info@tracyheatley.com

Phone: 07812 076946

Data We Collect

We may collect and store the following information:

Contact Details:

First and last name
Business or company name
Business postal address
Email address
Phone numbers, including mobile numbers
Links to your social media accounts
Business description
Website address
Communication preferences

Business and Service Information:

Information submitted through website forms or enquiries
Email correspondence
Booking information
Service history
Payment and invoice records
Notes from calls, meetings, mentoring, training, strategy sessions, workshops, webinars, or programmes
Business information shared for guidance, mentoring, training, strategy sessions, or consultancy
Documents, workbooks, files, or other materials shared with us during services
Training session attendance records and notes
Signed legal agreements and authorisation documentation
Documentation related to training, mentoring, strategy sessions, consultancy, workshops, webinars, programmes, and related services

Marketing and Website Information:

Newsletter subscriptions
Marketing preferences
Testimonials or recommendations provided by you
Website usage data, where applicable
Cookie data, where applicable
IP address, browser type, device information, and pages visited, where collected through website analytics or security tools

Special Category Data

We do not routinely collect special category personal data.

If you voluntarily provide sensitive information during a session, enquiry, communication, or service delivery, this will only be used where relevant to the service being provided or where required by law.

Please avoid sharing sensitive personal data unless it is necessary for the specific service or discussion.

Session Recordings

As part of our services, one-to-one sessions, group sessions, webinars, workshops, training events, and programmes may be recorded.

Recordings may be shared securely with:

Individual clients for one-to-one sessions.
Group participants where they attended the relevant group session, webinar, workshop, or programme.

Recordings are made available for 7 days to download and are deleted after 14 days, unless otherwise agreed in writing.

Clients and participants are responsible for downloading and securely storing recordings during the availability period.

Recordings are provided solely for the personal use of authorised participants and may not be shared, copied, reproduced, distributed, uploaded, or made available to any third party without prior written consent.

By participating in a recorded session, webinar, workshop, training event, or programme, you consent to session recordings and sharing with relevant participants.

How We Use Your Data

We may use your personal data for the following purposes:

To respond to enquiries.
To provide information about services.
To confirm bookings and agreed dates.
To deliver strategy sessions, mentoring, training, workshops, webinars, programmes, and related services.
To provide marketing recommendations, training resources, workbooks, templates, recordings, and follow-up materials.
To send invoices, payment information, and manage accounts.
To maintain client and business records.
To manage flexible payment plans, subscriptions, Direct Debits, BACS payments, or card payments where applicable.
To communicate with you about services, bookings, updates, or agreed work.
To share newsletters, updates, events, resources, or training opportunities where appropriate.
To request, store, or publish testimonials, case studies, or recommendations with your consent.
To improve our services, website, communications, systems, and client experience.
To comply with legal, tax, accounting, regulatory, and record-keeping obligations.
To protect our business, rights, systems, data, and legal interests.

Lawful Basis For Processing Your Data

We process personal data under one or more of the following lawful bases:

Contract:

Where processing is necessary to provide services you have requested, manage bookings, deliver training, mentoring, strategy sessions, programmes, workshops, webinars, or related services.

Legitimate Interests:

Where processing is necessary for the operation of our business, responding to enquiries, maintaining client records, improving services, protecting our business, and communicating with existing clients or contacts.

Consent:

Where you have given permission, such as subscribing to newsletters, receiving marketing updates, providing testimonials, or agreeing to specific uses of your information.

Legal Obligation:

Where processing is necessary to comply with accounting, tax, regulatory, legal, or record-keeping obligations.

Where we rely on consent, you may withdraw your consent at any time.

How We Communicate With You

We may contact you via:

Email
Phone or text
WhatsApp
Social media platforms, such as LinkedIn
Zoom or Microsoft Teams
Post

You can choose your preferred communication methods or opt out where applicable.

Marketing Communications

Where you have subscribed, opted in, or where it is otherwise lawful to do so, we may send you updates, newsletters, marketing insights, event information, podcast updates, resources, or information about relevant services.

You can unsubscribe from marketing emails at any time by using the unsubscribe link in the email or by contacting us directly.

We will not send you marketing emails where you have opted out.

Sharing Your Data

We will never sell your personal data to third parties.

We may share personal data with trusted third-party service providers where necessary to operate our business, deliver our services, manage communications, process payments, maintain records, comply with legal obligations, or protect our legitimate business interests.

These may include:

CRM and business management providers, such as Zoho One and Zoho CRM.
Email marketing providers, such as Zoho Campaigns.
Form and data collection providers, such as Zoho Forms.
Accounting and bookkeeping software providers, such as Zoho Books.
Project management and administrative systems, such as Zoho Projects.
Video conferencing providers, such as Zoom and Microsoft Teams.
Payment processing providers.
Direct Debit providers.
Accountants and bookkeepers.
Virtual assistants and administrative support providers.
Website hosting providers.
IT, security, backup, and website maintenance providers.
Cloud storage and business software providers.
Email, communication, and file-sharing providers.
Professional advisers, including legal, financial, tax, accounting, or business advisers.
HMRC, regulators, government agencies, legal authorities, law enforcement, or other authorities where required by law.

We only share personal data where necessary for the relevant purpose.

Where appropriate, third-party service providers are required to handle your data securely and in accordance with data protection law.

Use of AI Tools and Client Information

As part of our marketing and AI services, we may discuss, demonstrate, or provide guidance on the use of AI tools.

Clients and participants are responsible for ensuring that any personal data, confidential information, commercially sensitive information, intellectual property, or third-party data they enter into AI tools complies with applicable data protection, confidentiality, contractual, and legal obligations.

We do not intentionally enter confidential, sensitive, or personal client data into third-party AI tools unless this is necessary for the agreed service and appropriate safeguards, permissions, or instructions are in place.

Clients remain responsible for reviewing the privacy, data handling, storage, security, and usage policies of any AI tools or platforms they choose to use.

How We Protect and Store Your Data

We take reasonable steps to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure.

Data may be stored securely using GDPR-compliant business systems, including CRM systems, business software, cloud storage, offsite backups, and secure communication tools.

Accounts data is shared only with relevant accounting, bookkeeping, payment, or professional service providers where necessary.

Business cards and hard copies of documents are stored securely and shredded when no longer needed.

Card payments, Direct Debit information, and other payment information are processed securely by third-party payment providers. We do not store sensitive payment card details.

While we take appropriate steps to protect your data, no system or internet transmission can be guaranteed to be completely secure.

Retention Periods

We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, tax, contractual, and business record-keeping requirements.

Client records, contracts, invoices, and financial records may be retained for up to six years after the end of the client relationship or last transaction.

Enquiry records may be retained for a reasonable period to allow us to respond, follow up, and maintain business records.

Marketing subscription data is retained until you unsubscribe or request removal.

Session recordings are normally deleted after 14 days unless otherwise agreed in writing.

Testimonials may remain on the website or in marketing materials until you withdraw consent or request removal, where reasonable and practical.

Data stored on third-party platforms may remain subject to the relevant provider’s own retention and deletion policies.

International Data Transfers

Some of the third-party service providers we use may process or store data outside the United Kingdom.

Where this happens, we rely on appropriate safeguards, such as adequacy regulations, standard contractual clauses, data processing agreements, or other lawful transfer mechanisms required under data protection law.

Cookies and Website Data

Our website may use cookies and similar technologies to support website functionality, improve user experience, monitor website performance, support analytics, and maintain website security.

Where required, you will be asked to consent to non-essential cookies.

You can usually manage or disable cookies through your browser settings.

Automated Decision-Making

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.

Your Rights

Under data protection law, you may have the right to:

Request access to the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your data, where applicable.
Object to certain types of processing.
Request restriction of processing in certain circumstances.
Request transfer of your data, where applicable.
Withdraw consent where processing is based on consent.
Complain to the Information Commissioner’s Office if you are unhappy with how your data has been handled.

Your rights are not always absolute and may depend on the lawful basis for processing and any legal or regulatory obligations that apply.

To make a request, please email info@tracyheatley.com.

We aim to respond within one month, in accordance with applicable data protection law.

Your Data and Online Security

While we strive to protect your data, please note that internet transmissions are not 100% secure.

Data shared via our website, email, social media platforms, video conferencing platforms, online forms, or other online systems is transmitted at your own risk.

All sensitive payment data is handled securely by third-party processors. We do not store sensitive payment details.

Links To Other Websites

Our website may contain links to third-party websites, platforms, tools, podcast providers, social media platforms, or other external resources.

We are not responsible for the privacy practices, content, security, or data handling of third-party websites or platforms.

You should review the privacy policies of any third-party websites or platforms you visit or use.

Contact Us

For questions or concerns about this Privacy Policy, or to exercise your rights, please contact:

Tracy Heatley Limited

Email: info@tracyheatley.com

Phone: 07812 076946

Updates To This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, systems, suppliers, or legal requirements.

The latest version will always be available on our website.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 Years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors.
_gat_gtag_UA_153310371_1	1 Minute	Google uses this cookie to distinguish users.
_gid	1 Day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.