GET IN TOUCH!

PRIVACY AND COOKIES POLICY

1. Introduction

Cognitive Keys Coaching (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal information.

This Privacy Policy explains how we collect, use, and safeguard the personal data of our clients, parents/guardians, and website visitors, in line with the UK GDPR, EU GDPR, and the Data Protection Act 2018.

Cognitive Keys Coaching is operated by Catherine Kelly, trading as Cognitive Keys Coaching. For the purposes of data protection law, Catherine Kelly is the data controller responsible for your personal information.

We work primarily with young people, parents, and families, and take special care when handling children’s information.

2. Who We Are

Cognitive Keys Coaching provides teen and parent coaching services online and in person.

Contact details: Email: [email protected] Address: West Sussex, United Kingdom Website: www.cognitivekeyscoaching.com We are registered with the Information Commissioner’s Office (ICO) as a data controller under the Data Protection Act 2018 (registration number: [insert if applicable]).

3. Personal Data We Collect

We may collect and process the following types of personal data:

  • Contact details (re. minor clients): parent/guardian’s name, email and postal address, phone number; child’s name, age, date of birth, email address and school.
  • Contact details (re. young adult clients over 18 years old): client’s name, email and postal address, phone number, date of birth, college or university; additionally parent/guardian’s details as above, where they are the sponsor.
  • Coaching-related information: intake assessments, notes from coaching sessions, consent forms, school/college reports, correspondence, SEND documentation (e.g. EHCP, IEP, 504 plan) and any shared reports (e.g. neurodevelopmental or mental health assessments).
  • Professional contacts: details of therapists, teachers, or other professionals working with the young person (when relevant and consented).
  • Payment details: information needed to process payments (handled securely by third-party providers such as Stripe or PayPal).
  • Communications: messages, feedback, surveys, or testimonials.
  • Technical data: website usage, cookies, IP address, browser type, and analytics data.

We collect this information directly from you (or your parent/guardian if you are under 18) and, where appropriate, from other professionals you authorise us to liaise with.

You should notify us of any changes in circumstances to ensure personal records are kept up to date.

4. How We Use Your Information

We use personal data to:

  • Deliver and manage coaching sessions.
  • Communicate with clients, parents, and guardians.
  • Arrange bookings, payments, and scheduling.
  • Maintain session records, intake assessments, and progress notes.
  • Send newsletters or resources (only with your consent).
  • Ensure the safety and wellbeing of young people.
  • Improve our website, services, and client experience.
  • Comply with legal, regulatory, or safeguarding obligations.

We only process personal data where we have a lawful basis, such as consent, contractual necessity, legitimate interest, or legal obligation.

5. Lawful Bases for Processing

We rely on one or more of the following lawful bases under UK and EU GDPR:

  • Consent: for sharing information or receiving communications.
  • Contract: to deliver coaching services and manage bookings.
  • Legal obligation: for safeguarding or accounting compliance.
  • Legitimate interests: to operate our business effectively and provide high-quality services.

You may withdraw consent at any time by contacting us at [email protected].

6. How We Store and Protect Data

We take data security seriously and use appropriate measures to protect personal information, including password protection, encryption, and restricted access.

Client records are stored securely using encrypted devices and cloud-based services such as Apple iCloud, which comply with UK and EU data protection standards.

We may also use a secure, GDPR-compliant client management system (CRM) to manage client information and communications. Only authorised personnel will have access, and data will be protected by strong passwords and encryption.

Some data may be stored or processed on servers outside the UK or EEA. Where this occurs, we rely on Standard Contractual Clauses (SCCs) or other recognised safeguards to ensure compliance with GDPR requirements. These SCCs are legal agreements that ensure your personal data is protected to the same standard as it would be in the UK or EU, even when it is stored or processed in another country.

We retain client data for 7 years after the end of the coaching relationship, unless a longer period is required by law or for safeguarding purposes. After this period, data will be securely deleted or anonymised.

7. Sharing Personal Data

We share personal data only when necessary and always securely.

We may share information with:

  • Parents or guardians (for under-18 clients, as appropriate).
  • Other professionals involved in the young person’s care (with consent).
  • Payment providers (Stripe, PayPal).
  • Communication and scheduling tools (Zoom, Calendly, Voxer).
  • Email and hosting providers (Bluehost, Gmail, MailerLite).
  • Transcription or note tools (OtterAI).
  • Safeguarding authorities, if we believe a young person is at risk or if required by law. Any sharing in these circumstances is limited to what is necessary to protect the safety and wellbeing of the child or young person.

All third-party providers are required to protect personal data and comply with GDPR.

8. International Data Transfers

Our services and third-party tools (e.g., Gmail, MailerLite, Zoom) may transfer data outside the UK or EEA.

Where this occurs, we rely on Standard Contractual Clauses (SCCs) or other recognised safeguards to ensure compliance with GDPR requirements. These SCCs are legal agreements that ensure your personal data is protected to the same standard as it would be in the UK or EU, even when it is stored or processed in another country.

9. Your Rights Over Your Data

Under data protection law, you have the right to:

  • Access a copy of your personal data.
  • Request correction or deletion of your data (although the right to deletion does not include data we are obliged to keep for administrative, legal, or security purposes.)
  • Object to processing or withdraw consent.
  • Request restriction or portability of your data.
  • Lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk if you’re unhappy with how we handle your data.

10. Children’s Data

We collect and process data relating to children only with explicit parental or guardian consent.

Children under 13 This website is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete it promptly.

We handle children’s data with extra care, ensuring it is stored securely and shared only when necessary and with permission. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at [email protected].

11. Cookies Policy

Our website uses cookies to help it function effectively and improve your browsing experience.

Cookies are small files placed on your device that store preferences and enable analytics.

We use:

  • Essential cookies (for basic site functionality).
  • Analytics cookies (e.g. Google Analytics, to understand site performance).
  • Marketing cookies (only with your consent).

You can manage or disable cookies through your browser settings at any time. By continuing to use our site, you consent to the use of cookies as described in this policy.

12. Embedded Content from Other Websites

Articles or pages on this website may include embedded content (e.g. videos, images, articles, social media feeds, etc.). Embedded content from other websites behaves in the same way as if the visitor has visited the other website directly.

These external websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction if you have an account and are logged in to that website.

Cognitive Keys Coaching is not responsible for the privacy practices or content of these third-party websites. We encourage you to review their individual privacy policies for more information.

13. Email Communications and US Clients

If you receive newsletters or promotional emails from Cognitive Keys Coaching, you have the right to unsubscribe at any time.

All emails sent to clients in the United States comply with the CAN-SPAM Act, which requires:

  • A clear and simple method to opt out of emails.
  • Accurate header information (From, To, and subject line).
  • Identification of the message as an advertisement where applicable.

You can unsubscribe from any email by clicking the unsubscribe link in the email or contacting us at [email protected].

14. Changes to This Policy

We may update this policy occasionally. The latest version will always be available on our website, and significant updates will be communicated to clients where relevant.

15. Contact Us

If you have any questions about this Privacy and Cookies Policy or wish to exercise your rights, please contact:

Cognitive Keys Coaching (operated by Catherine Kelly)

Email: [email protected]

Website: www.cognitivekeyscoaching.com

Address: West Sussex, United Kingdom

Last Updated: November 2025