Privacy Policy & Data Handling

1. Introduction

This Privacy Policy explains how personal data is collected, used, stored, and protected in connection with private mentoring services.

This policy applies to all clients, prospective clients, and individuals who interact with the mentorship through questionnaires, email, messaging platforms, payment systems, or sessions.

The Mentor is committed to handling personal data responsibly, transparently, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

The data controller for the purposes of UK data protection law is:

Jackie Cowie
Business Address: York, England
Email: hello@jackiecowie.co.uk

3. Personal Data Collected

The following categories of personal data may be collected:

  • Identification data (name, email address, contact details)

  • Questionnaire responses and written communications

  • Session-related notes and reflections

  • Messaging communications (e.g. Telegram messages)

  • Payment and transaction records (processed via third-party providers)

  • Scheduling information

No unnecessary personal data is collected.

4. Special Category Data

Mentorship conversations may involve the voluntary sharing of sensitive or personal information.

Such information is:

  • Shared at the client’s discretion

  • Not used for diagnosis or treatment

  • Handled confidentially and respectfully

The Mentor does not intentionally collect medical records or provide healthcare services.

5. Purpose & Legal Basis for Processing

Personal data is processed for the following purposes:

  • Delivering mentorship services

  • Communication and scheduling

  • Providing support between sessions

  • Record keeping and business administration

  • Compliance with legal and accounting obligations

The lawful bases for processing include:

  • Performance of a contract

  • Legitimate interests

  • Legal obligation

  • Explicit consent (where applicable)

6. Data Storage & Security

Reasonable and appropriate measures are taken to protect personal data, including:

  • Secure password-protected systems

  • Limited access to data

  • Use of reputable third-party service providers

Data is retained only for as long as necessary for the purposes for which it was collected, or as required by law.

7. Third-Party Service Providers

The following third-party providers may process personal data:

  • Payment processors (e.g. Stripe)

  • Scheduling tools (e.g. Acuity)

  • Messaging platforms (e.g. Telegram)

  • Email service providers

These providers act as independent data processors or controllers and have their own privacy policies.

8. Confidentiality & Session Records

Sessions are not recorded unless expressly agreed in advance.

Any notes kept by the Mentor are for professional reference only and are not shared with third parties.

Clients are asked not to record or distribute session content without permission.

9. Data Subject Rights

Under UK GDPR, individuals have the right to:

  • Access their personal data

  • Request correction of inaccurate data

  • Request erasure of data (where applicable)

  • Restrict or object to processing

  • Data portability (where applicable)

Requests may be made in writing using the contact details above.

10. Data Transfers

Where data is transferred outside the UK, reasonable safeguards are used to ensure appropriate protection.

11. Cookies & Tracking

If a website is used, cookies or tracking tools may