Privacy Policy

Last Updated: June 2025

Theta Waves HR & Coaching Ltd (“we”, “our”, or “us”) is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.

Theta Waves HR & Coaching Ltd is a company registered in England and Wales with company number 16305338.

1. Data Controller Contact Information

Theta Waves HR & Coaching Ltd

Registered Office: 3 Woodmancote Gardens, West Byfleet, England, KT14 6JP

Email: mailto: Kate@thetawaves.co.uk

Phone: 07747 844769

2. What Personal Data We Collect

We may collect and process the following personal data:

• Identity Data: Name, title, date of birth, gender.

• Contact Data: Email address, telephone number, postal address.

• Employment Data: Role, job title, employer name, professional history.

• Financial Data: Bank details for invoicing/payment purposes (B2B).

• Usage Data: Information on how you use our website and services.

• Marketing Data: Preferences in receiving communications from us.

3. How We Collect Your Personal Data

We collect personal data through:

• Direct interactions (e.g. consultations, onboarding, email or phone communication).

• Website interactions (via contact forms or cookies).

• Professional referrals or networking events.

• Third parties or publicly available sources (e.g. LinkedIn, business directories).

4. Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so, including:

• Performance of a contract: When delivering our HR and coaching services.

• Consent: For marketing communications.

• Legal obligation: For compliance with laws and regulations.

• Legitimate interests: To grow our business and develop our services, unless your rights override those interests.

5. How We Use Your Personal Data

We may use your personal data to:

• Provide HR and coaching services tailored to your business.

• Respond to enquiries or provide requested information.

• Process invoices, payments, and business agreements.

• Send relevant updates or marketing (where permitted).

• Maintain records for compliance and audits.

6. Data Sharing and Disclosure

We do not sell or rent your data. We may share data with trusted third parties, including:

• Service providers (IT support, CRM platforms, email hosts).

• Legal, accounting, or regulatory bodies if legally required.

• Third-party partners engaged in delivering joint services (under agreement).

All third parties are required to respect the confidentiality of your data and comply with data protection laws.

7. International Transfers

We primarily store data in the UK or EEA. If data is transferred outside of the UK/EEA, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions

• Standard contractual clauses (SCCs)

8. Data Security

We use robust security measures to prevent your data from being lost, misused, or accessed unlawfully. Measures include:

• Encrypted data transmission and secure storage

• Access controls and staff confidentiality training

• Regular system audits and updates

9. Data Retention

We retain personal data only as long as necessary to fulfil the purpose we collected it for, including legal, accounting, or regulatory requirements. In general:

• Client data: Retained for 6 years after the end of the business relationship.

• Enquiry data (non-clients): Retained for up to 12 months.

• Marketing data: Until you unsubscribe or opt out.

10. Your Legal Rights Under UK GDPR

You have rights regarding your personal data:

• Right to access – Request a copy of the data we hold about you.

• Right to rectification – Correct inaccurate or incomplete data.

• Right to erasure – Request deletion of your data where appropriate.

• Right to restrict processing – Ask us to pause processing of your data.

• Right to data portability – Request a copy of your data in a usable format.

• Right to object – Object to processing based on legitimate interests or for marketing.

• Right to withdraw consent – At any time, where processing is based on consent.

To exercise your rights, please contact us at mailto: Kate@thetawaves.co.uk

11. Cookies and Website Tracking

Our website uses cookies and similar technologies to improve functionality and understand usage patterns. You can manage cookie preferences via your browser settings.

For more detail, see our [Cookie Policy].

12. Marketing Communications

You may receive marketing communications from us if you have:

• Opted in via our website or consultations

• Previously engaged with our services

You can unsubscribe at any time via the link in our emails or by contacting us.

13. Changes to This Privacy Policy

We may update this policy to reflect legal or operational changes. The latest version will always be available on our website. Significant changes will be notified via email or website notice.

14. Complaints

If you are concerned about our handling of your personal data, you can lodge a complaint with:

The Information Commissioner’s Office (ICO)

Website: https://ico.org.uk

Phone: 0303 123 1113

We encourage you to contact us first to resolve any concerns.

Thank you for trusting Theta Waves HR & Coaching Ltd with your data.