Privacy Policy

Last updated: 11th April, 2025

This privacy policy will tell you about how I look after your personal data when you visit my website (regardless of where you visit it from), and tell you about your privacy rights and how the law protects you.

It contains important information on who I am, how and why I collect, store, use, disclose and safeguard your personal and other information, your rights in relation to your personal information, and on how to contact me and supervisory authorities in the event you have a complaint. 

This policy sets out my commitment to protecting the privacy of personal information and other information provided to me, or collected by me, when interacting with you.

Who Sallt Sisters is

I am Laura Corrales, trading as Sallt Sisters (“I”, “me”, “my”) and this privacy policy relates to your use of my website www.salltsisters.com (the “site”), and my services.

I handle personal information in compliance with applicable data protection laws, including the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR) as it applies in the European Union and the United Kingdom. 

As the ‘controller’ of this information, I am responsible for ensuring its protection under these regulations and I am registered as a Data Controller with the Information Commissioner’s Office Registration Number ZB887364.

When you visit this site, you are agreeing to this privacy policy, the collection of information identified in this policy, and your rights to opt out. By providing me with your data, you also authorise to me that you are over 13 years old.

Any questions regarding my processing of personal data should be directed to me via info@salltsisters.com, or Unit 142779, PO Box 7169, Poole BH15 9EL.

How Sallt Sisters handles your data

This policy explains how I handle personal data when I am responsible for it, either as the controller, or with others. This includes collecting, using, transferring, storing, and deleting information that can identify a person, along with any related details. It applies to any data I collect, whether actively (like through forms), or passively (like through website activity), from people anywhere in the world.

I follow these rules when handling your personal data:

• I only collect data for clear, specific purposes and process it under lawful bases, including:
  • Your consent (e.g., marketing emails).
  • Contractual necessity (e.g., fulfilling orders).
  • Legitimate interests (e.g., preventing fraud, improving my website, or sending service-related emails)
  • Legal obligations (e.g., tax records).
• I limit data collection to what’s necessary to provide my services.
• I use your information only for valid business reasons, like delivering my products, or services.
• I won’t use your data for anything else without your consent, or as explained in this policy.
• I keep your data accurate and update it when needed; you can request changes at any time.
• I prioritise data security by applying strong technical protections.
• I store your data only as long as necessary for its purpose or as legally required.

What information Sallt Sisters collects

I only collect and process information which is necessary to deliver my products and services. The information I may collect about you could include, but is not limited to:

• Identity data, like your name, pronouns, gender, age, address and email;
• Financial data, like bank account, payment card details and other payment information, processed via my third party payment processor, who stores such information, such as Thrivecart or Stripe;
• Purchase history and transactional data for products or services purchased via my site;
• Marketing and communications data including your preferences in receiving marketing from me and my third parties and your communication preferences.
• Details of any information or feedback you give me by email, post, or via social media
• Profile data from posting comments to my site, such as name, email and profile picture;
• Technical and usage data collected when you access my website or platforms:
  • Internet protocol (IP) address (anonymised where possible)
  • Login and browser session data
  • Geo-location data (approximate, city-level only)
  • Device and network information (e.g., OS, browser type)
  • Acquisition sources (e.g., search engines, social media)
  • Browsing behaviour and page interactions  
  • Cookie identifiers (see cookie policy)
  • Analytics data (using IP-anonymised Google Analytics 4 (GA4))

*Note: Google Analytics anonymises IPs by default in the EU/UK. Full technical details are available [here]. 

Please do not volunteer any personal data or special category data which I do not ask for.

If you voluntarily share sensitive special category data (e.g., mental health history, trauma details) during coaching sessions or communications, I process it only with your explicit consent, or as necessary to deliver my services. Such data is stored securely and retained only as long as needed (see ‘Data Retention’).

How Sallt Sisters collects your information 

Most personal information is provided directly and voluntarily by you when you engage with me, or my site in order to enquire about, or purchase, my services or products. I will collect information from you when:

• You sign up to my mailing list;
• You download an opt-in;
• You purchase my services, or a product through my website;
• You interact with me as a client;
• You join an online event, course, or programme I am running;
• You contact me for information, to schedule a discovery call or session via my website, or social media channels, by email or direct message;
• You post a comment on my blog, website or social media channels;
• You work with me in a commercial capacity.
• Your information is made publicly available, like social media.

How Sallt Sisters uses your information

I may use your information for the following purposes, under the legal bases noted:

1. Providing products and services (legal basis: contractual necessity)

• Processing transactions and orders you purchase, including invoicing and billing.
• Formalise a contract between us
• Informing you about updates or changes to my services or products.
• Delivering content and managing user subscriptions.
• Contacting you about services or products, including responding to inquiries.
• Ensuring my website functions properly on your device.

2. Improving your experience (legal basis: legitimate interest)

• Monitoring and analysing trends, usage, and activities.
• Tracking analytics to improve my business, website, and social media
• Collecting feedback on the quality of my services.
• I do not use automated decision-making or profiling, in ways that produce legal/significant effects. Analytics tools (e.g., Google Analytics) are used only for aggregated trend analysis, not individual tracking. 

3. Marketing and Advertising (legal basis: consent)

• Sending weekly emails, updates, or offers (only with your opt-in consent).
• Advertising promotions and additional benefits (you may opt out anytime)

4. Compliance and Legal Obligations (legal basis: legal obligation)

• Complying with applicable laws (e.g., tax, data protection regulations). 

5. Testimonials (with consent)

• With your written consent, testimonials may include your first name and last initial (e.g., “Jane D.”). You may revoke consent anytime.

Sharing your information

I only share your personal data with third parties when strictly necessary to deliver my services or comply with legal obligations. All third parties are vetted to ensure they meet GDPR and UK data protection standards.

Categories of Recipients

1. Payment Processors:

• Stripe [Privacy Policy] 
• ThriveCart [Privacy Policy] 

Purpose: Secure payment processing.

2. Email Marketing:

• MailerLite [Privacy Policy]

Purpose: Managing newsletters (only with your explicit consent).

3. Analytics Providers:

• Google Analytics [Data Processing Terms]

Purpose: Website performance tracking with IP anonymisation enabled.

4. Advertising Partners:

• Meta (Facebook/Instagram) [Data Policy] 
• Google Ads [Policy]

5. Service Providers for Coaching & Scheduling:  

• Google Calendar [Privacy Policy]    

Purpose: Scheduling sessions and sending reminders 

• Google Meet [Privacy Policy] 
• Zoom [Privacy Policy]

Purpose: Conducting virtual coaching sessions (end-to-end encrypted for confidentiality).

International data transfers

When your data is transferred outside the UK (e.g., via Stripe, MailerLite, or Zoom), I ensure protection through:

Legal Safeguards:

• UK International Data Transfer Agreement (IDTA) for transfers to non-EEA countries (e.g., USA).
• UK Addendum to EU SCCs for transfers via EEA-based providers (e.g., Zoom).
• Adequacy Regulations for transfers to the EU/EEA.

Strict Limitations:

• Your data will never be sold to third parties.
• Third parties are prohibited from using your data for:
  • AI training or profiling.
  • Secondary purposes beyond my instructions.
• Audio/video recordings (if applicable) are stored securely and never shared without your explicit consent.

Legal Disclosures:

I may disclose your data only if:

• Required by law (e.g., court orders).
• Necessary to protect vital interests (e.g., safety emergencies).

A list of third-party providers (sub-processors) and copies of their data safeguards (e.g., SCCs, UK IDTA) are available on request to info@salltsisters.com.

Data retention

I will keep your data secure, and retain it only as long as is necessary to complete the services and meet any legal or regulatory obligations. This will vary depending on the nature of the requirements and the processing:

Data Type	Retention Period	Reason for Retention
Orders & payments	7 years from transaction	UK tax compliance (HMRC requirements)
Coaching client records	7 years after last session	Insurance/tax obligations
Marketing data	Until unsubscribe or 2 years inactive	Consent-based processing
Website analytics	26 months (Google Analytics)	Aggregated trend analysis
Legal dispute records	Until case resolution + appeal periods (if any)	Potential litigation requirements

*Note:

• Periods may extend if required by law (e.g., ongoing investigations).
• Data is securely deleted/anonymised after retention periods expire.

User rights

Under the UK GDPR and Data Protection Act 2018, you have the following rights regarding your personal information:

• Access a copy of your personal data.  
• Request corrections to any inaccurate or incomplete information.  
• Request deletion of your data in certain situations.  
• Receive your data in a structured, machine-readable format.  
• Object to certain types of processing (e.g., direct marketing).  
• Withdraw consent at any time (e.g., via unsubscribe links). 

To exercise these rights, email: info@salltsisters.com with ‘Data Subject Request’ in the subject line. I will respond within 30 days and may request proof of identity to protect your data.

Complaints: If unsatisfied, you may lodge a complaint with the UK ICO (ico.org.uk).

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.  

For details about the specific cookies I use (including analytics and essential cookies), see my cookie policy here. 

Children’s privacy

This website is not intended for use by children. And I do not knowingly collect personal information from children under the age of 13. If you believe I have collected such information, please contact me immediately, and I will take steps to delete the information.

Security measures

I implement appropriate technical and organisational measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. All coaching session notes and recordings are encrypted at rest and in transit. I use SSL encryption, password-protected systems, and regular security audits to protect your data. While no system is 100% secure, I adhere to industry best practices.

In the event of a personal data breach:

• I will notify the UK ICO within 72 hours if the breach risks rights/freedoms.
• Affected users will be notified without undue delay if the breach poses a high risk.
• All breaches are documented internally per ICO breach reporting guidelines.

Changes to this privacy policy

I may update this Privacy Policy from time to time in order to reflect changes, or for other operational, legal, or regulatory reasons. Any changes will be posted on this page with an updated “Last Updated” date. I encourage you to review this Privacy Policy periodically to stay informed about how I protect your data.

The date at the top of this Privacy Policy indicates when it was last updated.

Contact information

If you have any questions or concerns about this Privacy Policy, or if you wish to exercise any of your rights related to your personal information, please contact me at:

• Email: info@salltsisters.com, or
• Address: Unit 142779, PO Box 7169, Poole BH15 9EL