Privacy Notice

Website Privacy Notice

1. INTRODUCTION

This privacy notice provides you with details of how we collect and process your personal data through your use of our site www.navigatelifecoach.com.

By providing us with your data, you warrant to us that you are over 13 years of age.

Navigate Life Coach is the data controller and we are responsible for your personal data.

[We have appointed a Data Protection Officer who is in charge of privacy related matters for us. If you have any questions about this privacy notice, please contact the Data Protection Officer using the details set out below.

Contact Details

Our full details are:

Full name of legal entity: Sarisha Naidoo as Navigate Life Coach

Sarisha Naidoo

Email address: info@navigatelifecoach.com

Postal address: 48 Covenbrook, Brentwood, Essex, CM13 2TR

+44 7828 966817

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at

2. WHAT DATA DO WE COLLECT ABOUT YOU, FOR WHAT PURPOSE AND ON WHAT GROUND WE PROCESS IT

Personal data means any information capable of identifying an individual. It does not include anonymised data.

We may process the following categories of personal data about you:

• Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.

• Customer Data that includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.

• User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back- ups of our website and/or databases and to enable publication and administration of our website, other online services and business. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business.

• Technical Data that includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.
  

• Marketing Data that includes data about your preferences in receiving marketing from us and our third parties and your communication preferences. We process this data to enable you to partake in our promotions such as competitions, prize draws and free give-aways, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising. Our lawful ground for this processing is our legitimate interests which in this case are to study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.

• We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. Our lawful ground for this processing is legitimate interests which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is either consent or legitimate interests (namely to grow our business). [NOTE SEE SECTION 4 BELOW]

Sensitive Data

We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences. 

We require your explicit consent for processing sensitive data, so when you submit your details, we will send you a further communication asking for you to confirm your consent to this processing.

Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.

We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at info@nlc.capsag.com. In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.

We may process your personal data without your knowledge or consent where this is required or permitted by law.

3. HOW WE COLLECT YOUR PERSONAL DATA

We may collect data about you by you providing the data directly to us (for example by filling in forms on our site or by sending us emails). We may automatically collect certain data from you as you use our website by using cookies and similar technologies.

We may receive data from third parties such as analytics providers such as Google based outside the EU, advertising networks such as Facebook based outside the EU, such as search information providers such as Google based outside the EU, providers of technical, payment and delivery services, such as data brokers or aggregators.

We may also receive data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.

4. MARKETING COMMUNICATIONS 

 Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business). 

Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However you can still opt out of receiving marketing emails from us at any time.

Before we share your personal data with any third party for their own marketing purposes we will get your express consent.

You can ask us or third parties to stop sending you marketing messages at any time [by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences] OR [by following the opt-out links on any marketing message sent to you or] OR by emailing us at info@nlc.capsag.com at any time.

If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.

5. DISCLOSURES OF YOUR PERSONAL DATA

We may have to share your personal data with the parties set out below:

• Other companies in our group who provide services to us.
• Service providers who provide IT and system administration services.
• Professional advisers including lawyers, bankers, auditors and insurers
• Government bodies that require us to report processing activities.
• Third parties to whom we sell, transfer, or merge parts of our business or our assets.

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

6. INTERNATIONAL TRANSFERS

We are subject to the provisions of the General Data Protection Regulations that protect your personal data. Where we transfer your data to third parties outside of the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:

• We may transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
• If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place; or
• Where we use certain service providers who are established outside of the EEA, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

7. DATA SECURITY

We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.

8. DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.

For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.

In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

9. YOUR LEGAL RIGHTS

Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.

You can see more about these rights at:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you wish to exercise any of the rights set out above, please email us at info@nlc.capsag.com.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

10. THIRD-PARTY LINKS

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

11. COOKIES

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

GDPR Compliant Cookie Policy

What’s a cookie?

• A “cookie” is a piece of information that is stored on your computer’s hard drive if you agree to this and which records how you move your way around a website so that, when you revisit that website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes.
• Cookies are used by nearly all websites and do not harm your system.

We are required to obtain your consent for all non-essential cookies used on our website. You can block cookies (including essential cookies) at any time by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block essential cookies you may not be able to access all or parts of our site.

How do we use cookies?

• We use cookies to track your use of our website. This enables us to understand how you use the site and track any patterns with regards how you are using our website. This helps us to develop and improve our website as well as products and / or services in response to what you might need or want.

• Cookies are either:

– Session cookies: these are only stored on your computer during your web session and are automatically deleted when you close your browser – they usually store an anonymous session ID allowing you to browse a website without having to log in to each page but they do not collect any personal data from your computer; or

– Persistent cookies: a persistent cookie is stored as a file on your computer and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again. [We use persistent cookies for Google Analytics.

• Cookies can also be categorised as follows:

– Strictly necessary cookies: These cookies are essential to enable you to use the website effectively, such as when buying a product and / or service. Without these cookies, the services available to you on our website cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.

– Performance cookies: These cookies enable us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of the site are most popular.

– Functionality cookies: These cookies allow our website to remember choices you make and provide enhanced features. For instance, we may be able to provide you with news or updates relevant to the services you use. They may also be used to provide services you have requested such as viewing a video or commenting on a blog. The information these cookies collect is usually anonymised.

– Targeting cookies: These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests.

– First and third party cookies: First party cookies are cookies set by our website. Third party cookies are cookies on our website that are set by a website other than our website, such as where we have adverts on our website or use Facebook pixels so that we can show you relevant content from us when you are on Facebook.

We use only first party cookies on this website.

1. Introduction

This Policy sets out the obligations of Navigate Life Coach regarding retention of personal data collected, held, and processed by the Company in accordance with EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).

This policy does not form part of any employment contract and we may amend it at any time.

The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The GDPR also addresses “special category” personal data (also known as “sensitive” personal data). Such data includes, but is not necessarily limited to, data concerning the data subject’s race, ethnicity, politics, religion, trade union membership, genetics, biometrics (if used for ID purposes), health, sex life, or sexual orientation.

Under the GDPR, personal data shall be kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

In addition, the GDPR includes the right to erasure or “the right to be forgotten”. Data subjects have the right to have their personal data erased (and to prevent the processing of that personal data) in the following circumstances:

1. Where the personal data is no longer required for the purpose for which it was originally collected or processed;
2. When the data subject withdraws their consent;
3. When the data subject objects to the processing of their personal data and the Company has no overriding legitimate interest;
4. When the personal data is processed unlawfully (i.e. in breach of the GDPR); or
5. When the personal data has to be erased to comply with a legal obligation.

This Policy sets out the type(s) of personal data held by the Company, the period(s) for which that personal data is to be retained, the criteria for establishing and reviewing such period(s), and when and how it is to be deleted or otherwise disposed of.

2. Aims and Objectives

The aims of this Policy are (i) to set out limits for the retention of personal data; (ii) to ensure that those limits, as well as further data subject rights to erasure, are complied with; (iii) to ensure that the Company complies fully with its obligations and safeguard the rights of data subjects under the GDPR; and (iv) to improve the speed and efficiency of managing data.

3. Scope

This Policy applies to all personal data held by the Company which is stored in the following ways and in the following locations:

1. Computers permanently located in the Company’s premises at 48 Covenbrook, Brentwood, Essex, CM13 2TR;
2. Laptop computers and other mobile devices provided by the Company to its employees;
3. Computers and mobile devices owned by employees, agents, and contractors;
4. Physical records stored in 48 Covenbrook, Brentwood, Essex, CM13 2TR;

4. Data Disposal

Upon the expiry of the data retention periods set out below in Part 7 of this Policy, or when a data subject exercises their right to have their personal data erased, personal data shall be deleted, destroyed, or otherwise disposed of as follows:

• Personal data stored electronically (including any and all backups thereof) shall be permanently deleted; and
• Personal data stored in hardcopy form shall be shredded and securely disposed of.

5. Data Retention

• As stated above, and as required by law, the Company shall not retain any personal data for any longer than is necessary in light of the purpose(s) for which that data is collected, held, and processed.
• Different types of personal data, used for different purposes, will necessarily be retained for different periods (and its retention periodically reviewed), as set out below.
• When establishing and/or reviewing retention periods, the following shall be taken into account:
  1. The objectives and requirements of the Company;
  2. The type of personal data in question;
  3. The purpose(s) for which the data in question is collected, held, and processed;
  4. The Company’s legal basis for collecting, holding, and processing that data; and
  5. The category or categories of data subject to whom the data relates.
• If a precise retention period cannot be fixed for a particular type of data, criteria shall be established by which the retention of the data will be determined, thereby ensuring that the data in question, and the retention of that data, can be regularly reviewed against those criteria.
• Notwithstanding the following defined retention periods, certain personal data may be deleted or otherwise disposed of prior to the expiry of its defined retention period where a decision is made within the Company to do so (whether in response to a request by a data subject or otherwise).

6. Roles and Responsibilities

• The Company’s Data Protection Officer is Sarisha Naidoo.
• The Data Protection Officer shall be responsible for overseeing the implementation of this Policy and for monitoring compliance with this Policy, the Company’s other Data Privacy-related policies (including, but not limited to, its Privacy Policy), and with the GDPR and other applicable data protection legislation.
• The Data Protection Officer shall be directly responsible for ensuring compliance with the above data retention periods throughout the Company.
• Any questions regarding this Policy, the retention of personal data, or any other aspect of GDPR compliance should be referred to the Data Protection Officer.

7. Implementation of Policy

This Policy shall be deemed effective as of [No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.

This Policy has been approved and authorised by:

Email sending Privacy Notice

Dear Member

You may be aware that on 25 May 2018, certain legal changes will come into effect concerning data protection and privacy.

Under the General Data Protection Regulation (or GDPR as it is more commonly known), we are required, as are all businesses that hold your personal data, to provide you with certain information in relation to the lawful grounds for our ongoing processing of your personal data.

In order to fulfill that obligation, we have put together a new privacy notice that clearly sets out how we collect and process your personal data, for what purposes we use your data, the legal grounds of processing such data, how we keep your data secure and your rights in relation to such data.

In relation to our direct marketing communications sent by email [text, or fax], you have previously opted in to receive such communications. However, we would like you to confirm that you would still like to receive such communications [and provide us with more details about what you would like to receive so that we can tailor our communications for you. Please tick the relevant boxes below to confirm your consent to receive our following email communications:

•  details of products and services and events that we think will enhance your life
•  offers from carefully selected third parties that we think are awesome
•  free resources that we make available from time to time such as ebooks
•  free educational videos about life challenges
•  details of our upcoming podcast / webinars / books
•  our blog posts about life

We work hard to create content that we hope will be of value to you. Saying that, if you don’t think it’s awesome, you can opt out of our marketing emails at any time by clicking on the unsubscribe link at the bottom of every email.

Your obligations don’t end when you get consent. You should view consent as a dynamic part of your ongoing relationship of trust with individuals, not a one-off compliance box to tick and file away. To reap the benefits of consent, you need to offer ongoing choice and control. It is good practice to provide preference-management tools like privacy dashboards to allow people to easily access and update their consent settings. If you don’t offer a privacy dashboard, you will need to provide other easy ways for people to withdraw consent at any time they choose.

You should keep your consents under review. You will need to refresh them if anything changes – for example, if your processing operations or purposes evolve, the original consent may not be specific or informed enough.

If you rely on parental consent, you will also need to refresh consent as the children grow up and can consent for themselves.

If you are in any doubt about whether the consent is still valid, you should refresh it. You should also consider whether to automatically refresh consent at appropriate intervals. How often it’s appropriate to do so will depend on the particular context, including people’s expectations, whether you are in regular contact, and how disruptive repeated consent requests would be to the individual. If in doubt, we recommend you consider refreshing consent every two years – but you may be able to justify a longer period, or need to refresh more regularly to ensure good levels of trust and engagement. If you are not in regular contact with individuals, you could also consider sending occasional reminders of their right to withdraw consent and how to do so.

Email sending Privacy Notice and Opt Out

Dear Member

You may be aware that on 25 May 2018, certain legal changes will come into effect concerning data protection and privacy.

Under the General Data Protection Regulation (or GDPR as it is more commonly known), we are required, as are all businesses that hold your personal data, to provide you with certain information in relation to the lawful grounds for our ongoing processing of your personal data.

In order to fulfill that obligation, we have put together a new privacy notice that clearly sets out how we collect and process your personal data, for what purposes we use your data, the legal grounds of processing such data, how we keep your data secure and your rights in relation to such data.

You have previously been receiving details of our offers and special promotions and other marketing emails because you are either a customer of ours or have previously agreed to receive such emails.

If you would prefer to not receive these emails, you can opt out at any time by going to our preference center by emailing us at info@navigationlifecoach.com.

SOFT OPT IN:

Although organisations can generally only send marketing texts or emails with specific consent, there is an exception to this rule for existing customers, known as the ‘soft opt-in’. This means organisations can send marketing texts or emails if:

• they have obtained the contact details in the course of a sale (or negotiations for a sale) of a product or service to that person;
• they are only marketing their own similar products or services; and
• they gave the person a simple opportunity to refuse or opt out of the marketing, both when first collecting the details and in every message after that.

The texts or emails must be marketing products or services, which means that the soft opt-in exception can only apply to commercial marketing. Charities, political parties or other not for-profit bodies will not be able to rely on the soft opt-in when sending campaigning texts or emails, even to existing supporters. In other words, texts or emails promoting the aims or ideals of an organisation can only be sent with specific consent.

The contact details must be obtained directly from the individual by the organisation who wishes to engage in the marketing and the marketing must be in relation to that organisation’s similar products and services. Therefore the soft opt-in can only be relied upon by the organisation that collected the contact details. This means organisations cannot rely on a soft opt-in if they obtained a marketing list from a third party – they will need specific consent. See the section on indirect (third party) consent for more on this.

The customer does not actually have to have bought anything to trigger the soft opt-in. It is enough if ‘negotiations for a sale’ took place. This means that the customer should have actively expressed an interest in buying an organisation’s products or services – for example, by requesting a quote, or asking for more details of what it offers. There must be some sort of express communication:

Example A customer logs into a company’s website to browse its range of products. This is not enough to constitute negotiations. But if the customer completes an online enquiry form asking for more details about a product or range of products, this could be enough.

The communication must be about buying products or services. It is not enough simply to send any query:

Example A customer sends an online enquiry to ask if the company can order a particular product. This could constitute negotiations for a sale. But an enquiry asking if the company is going to open more branches in a particular location would not.

Organisations can only send texts or emails about similar products or services. We consider that the key question here is whether the customer would reasonably expect messages about the product or service in question. This is likely to depend on the context – including the type of business and the category of product.

For example, someone who has shopped at a supermarket might reasonably expect messages about a much wider range of goods than someone who has shopped at a specialist store for a specialist product.

Example A customer buys groceries online from a large supermarket chain. Although they only bought bread and bananas on that occasion, they might reasonably expect emails about a wide range of products – including bread, fruit, and other groceries, but also books, dvds, kitchen equipment and other everyday goods commonly sold in supermarkets. However, they are unlikely to expect emails about banking or insurance products sold under the supermarket brand. These products are not bought and sold in a similar context.

Organisations must give the customer the chance to opt out – both when they first collect the details, and in every email or text. Organisations should not assume that all customers will be happy to get marketing texts or emails in future, and cannot rely on the soft opt-in rule unless they provided a clear opportunity to opt out first.

It must be simple to opt out. When first collecting a customer’s details, this should be part of the same process (eg online forms should include a prominent opt-out box, and staff taking down details in person should specifically offer an opt-out). In subsequent messages, we consider that the individual should be able to reply directly to the message, or click a clear ‘unsubscribe’ link. In the case of text messages, organisations could offer an opt-out by sending a stop message to a short code number: eg ‘text STOP to 12345’. The only cost should be the cost of sending the message.

CONSENT:

Your obligations don’t end when you get consent. You should view consent as a dynamic part of your ongoing relationship of trust with individuals, not a one-off compliance box to tick and file away. To reap the benefits of consent, you need to offer ongoing choice and control. It is good practice to provide preference-management tools like privacy dashboards to allow people to easily access and update their consent settings. If you don’t offer a privacy dashboard, you will need to provide other easy ways for people to withdraw consent at any time they choose.

You should keep your consents under review. You will need to refresh them if anything changes – for example, if your processing operations or purposes evolve, the original consent may not be specific or informed enough.

If you rely on parental consent, you will also need to refresh consent as the children grow up and can consent for themselves.

If you are in any doubt about whether the consent is still valid, you should refresh it. You should also consider whether to automatically refresh consent at appropriate intervals. How often it’s appropriate to do so will depend on the particular context, including people’s expectations, whether you are in regular contact, and how disruptive repeated consent requests would be to the individual. If in doubt, we recommend you consider refreshing consent every two years – but you may be able to justify a longer period, or need to refresh more regularly to ensure good levels of trust and engagement. If you are not in regular contact with individuals, you could also consider sending occasional reminders of their right to withdraw consent and how to do so.