Connah Anders

Privacy Notice (UK)

Last updated: 27 April 2026

This privacy notice explains how Connah Anders ("I", "me", "my") collects, uses, stores, and shares your personal information when you enquire about, book, purchase, or use my services. My services include health, nutrition, and lifestyle coaching, as well as disability advocacy, education, inclusion support, document review, meeting support, speaking, and training.

If you have questions, contact me using the details below.

1. Who I am (the "controller")

Controller: Connah Anders (sole trader)
Email: coach@connahanders.com
Phone: 07545775630

I am the "data controller" for your personal information. That means I decide how and why your information is used.

2. What information I collect

I may collect and use the following categories of personal data:

A. Identity and contact details

  • Name, email address, phone number
  • Date of birth or age (if relevant for screening, safeguarding, or confirming who the service is for)
  • Address (only if needed for invoicing, in-person work, safeguarding, or where you provide it)
  • Parent, guardian, responsible adult, representative, or organisational contact details where relevant

B. Booking and service details

  • Appointment details, attendance, session notes, meeting notes, and action points
  • Your chosen meeting method (for example, video call platform, phone, email, messaging, or in-person meeting)
  • The service you have enquired about or booked, such as coaching, advocacy support, document review, speaking, or training

C. Coaching and lifestyle information

  • Training history, current activity levels, preferences, and goals
  • Nutrition habits, dietary preferences, intolerances/allergies (if relevant)
  • Sleep, stress, routine, and lifestyle factors that affect coaching

D. Disability, access, advocacy, and inclusion information

If relevant to the service, I may collect information about:

  • Disability-related needs, access needs, reasonable adjustments, communication preferences, and support requirements
  • Education, employment, training, sport, service, or organisational background where it relates to the advocacy or inclusion support requested
  • Barriers you have experienced, concerns you want to raise, outcomes you are seeking, and steps already taken
  • Documents you ask me to review, such as letters, emails, complaints, policies, meeting notes, accessibility information, or correspondence with schools, colleges, universities, services, employers, clubs, charities, or other organisations
  • Details of people or organisations involved in the issue, where this is necessary to provide the service

Some disability-related, health-related, or access-related information may be special category data and is protected more strictly (see Section 6).

E. Health information (special category data)

If you provide it, I may collect information about:

  • Injuries, pain, symptoms, medical conditions, disabilities, access needs, or support needs
  • Medications
  • PAR-Q and health screening responses
  • Progress metrics (for example, bodyweight, measurements) where relevant

Health information is special category data and is protected more strictly (see Section 6).

F. Children and young people information

Where a parent, guardian, responsible adult, school, college, or organisation asks me to support a child or young person, I may collect information that is necessary for that service, such as the child or young person's name, age, relevant needs, access requirements, school/college or organisation, meeting details, documents, and communications. I will only collect what is necessary and appropriate for the service.

G. Payments and transactions

  • Payment status, subscription status, invoices/receipts, amounts, dates
  • I do not store full card details. Card payments are handled by Stripe (see Section 8).

H. Communications

  • Emails, messages, call notes, meeting notes, document-review notes, and other communications between you and me
  • Where you ask me to communicate with a third party, I may keep records of that communication.

3. Where I collect it from

I collect personal data from:

  • You directly (for example, intake forms, enquiries, check-ins, emails/messages, calls, bookings, payments, documents you send me, or information you tell me in meetings)
  • A parent, guardian, responsible adult, representative, or organisation contacting me on your behalf or arranging services
  • My service providers when you use them (for example, Calendly booking details; Stripe payment status)
  • Third parties where you have asked me to communicate with them or have provided their correspondence/documents to me (for example, schools, colleges, universities, healthcare professionals, services, charities, clubs, employers, or other organisations)

4. Why I use your information (purposes)

I use your information to:

  • Provide health, nutrition, and lifestyle coaching services, including onboarding, planning, delivery, check-ins, and support
  • Provide disability advocacy, education, and inclusion support, including document review, preparation for meetings, attendance at meetings where agreed, and practical communication support
  • Prepare and deliver speaking, training, workshops, or educational sessions
  • Tailor services to your needs, goals, circumstances, communication preferences, and access requirements
  • Support safety screening, safeguarding, reasonable adjustments, and appropriate signposting/referrals
  • Communicate with third parties where you have asked me to do so or where it is necessary for the service and you have given permission
  • Manage bookings, reminders, service communications, and administration
  • Process payments and maintain accounting/tax records
  • Handle complaints, disputes, legal/insurance matters, or safeguarding concerns if needed
  • Send service updates (for example, scheduling changes)
  • Send marketing (only where allowed; see Section 7)

I do not use automated decision-making or profiling that has legal or similarly significant effects on you.

5. Lawful bases for processing (UK GDPR)

UK GDPR requires a lawful basis for using personal data. I rely on:

A. Contract

Where processing is necessary to provide the service you have asked for (for example, delivering coaching, advocacy support, document review, meeting support, speaking/training, managing bookings, or providing agreed support).

B. Legal obligation

Where I must keep certain records for legal/tax purposes or comply with legal duties.

C. Legitimate interests

Where it is necessary to run and improve my business (for example, maintaining records of communications, basic administration, service quality, insurance, complaints, and business planning), provided your rights do not override these interests.

D. Consent

Where I ask for consent (for example, marketing preferences, permission to share information with a nominated third party, or where required for special category data such as health or disability-related information; see Section 6).

6. Health, disability-related, and other special category information

Health information, disability-related information, and some information about support needs or access requirements may be special category data. Special category data is protected more strictly under UK GDPR.

If you provide special category information, I will only process it when:

  • it is necessary for the service you have requested, such as coaching, safety screening, disability advocacy, inclusion support, document review, meeting support, speaking/training arrangements, or safeguarding considerations, and
  • you have given explicit consent where this is required (for example, by ticking a clear consent box in an intake form, giving written permission, or otherwise clearly confirming that you agree).

Withdrawing consent: You can withdraw explicit consent at any time by contacting me. If you withdraw consent for health, disability-related, or access-related information, it may limit my ability to provide coaching, advocacy, inclusion support, meeting support, or document review safely and effectively. In some cases I may need to pause or end the service if I cannot deliver it responsibly without that information.

Third-party sharing: If you ask me to communicate with or share information with another person or organisation, I will usually ask for clear permission first and will only share what is reasonably necessary for that purpose. This might include sharing information with a school, college, university, service provider, healthcare professional, charity, club, employer, local authority, or another organisation involved in the matter.

7. Marketing and preferences

I may send you marketing messages (for example, coaching availability, advocacy availability, speaking/training availability, new services, or useful content) only where permitted and in line with your preferences.

You can opt out at any time by:

I do not sell your personal data.

8. Who I share your information with

I keep sharing to the minimum necessary. I may share data with:

A. Service providers ("processors") I use to run the business

  • Microsoft 365 / Teams: Email, documents, secure file storage, and video calls.
  • Calendly: Booking and scheduling information.
  • Stripe: Payments and subscription management (I do not receive or store your full card details).
  • Video conferencing platforms (for example Zoom, Google Meet, or Microsoft Teams): If we use these platforms for sessions, meetings, advocacy support, training, or speaking, your name and image/audio may be processed by them to facilitate the call.

These providers process personal data as processors and/or independent controllers depending on the service. Where they act as controllers, their own privacy notices apply.

B. With your permission (where relevant)

If you ask me to, I may share information with a healthcare professional, school, college, university, local authority, support service, charity, employer, club, organisation, family member, representative, or another professional/person you nominate, to support the service you have requested.

C. Organisations booking or receiving speaking/training services

Where an organisation books a talk, workshop, or training session, I may process practical information needed to deliver it, such as organiser details, attendee access requirements, attendance information, safeguarding arrangements, location details, and communications about the event.

D. Where legally required or necessary to protect people

I may share information if required by law, a court order, to protect legal rights, or where there is a serious risk of harm to you or others. If safeguarding concerns arise, I may need to share relevant information with appropriate professionals, services, or authorities.

9. International transfers

Some of my service providers may store or process data outside the UK. Where this happens, appropriate safeguards are used (such as contractual protections or other recognised transfer mechanisms).

If you want more detail about safeguards for a specific provider, contact me.

10. How long I keep your information (retention)

I keep personal data only for as long as necessary for the purposes described in this notice, then securely delete or anonymise it.

Typical retention approach:

  • Enquiries (no client relationship): kept for 6-12 months after last contact, then deleted.
  • Active clients/service users: kept for the duration of the service relationship.
  • Coaching and advocacy records (notes, check-ins, plans, document-review notes, meeting notes, relevant screening information, correspondence, consent records, and action points): kept for 7 years after the service ends for insurance and legal purposes.
  • Speaking/training records: practical booking, attendance, access, contract, invoice, and delivery records are kept only as long as necessary for administration, insurance, legal, and tax purposes.
  • Invoices and accounting/tax records: kept for the minimum period required by UK tax law/HMRC (typically 6 years).

If there is an unresolved complaint, dispute, safeguarding issue, legal issue, or insurance matter, I may keep relevant information longer until it is resolved or for as long as reasonably necessary.

11. How I keep your information secure

I use appropriate measures to protect personal data, such as:

  • Account access controls and strong passwords
  • Multi-factor authentication where available
  • Reputable cloud services (Microsoft 365, Calendly, Stripe)
  • Limiting access to only what is needed for delivery of services
  • Keeping sharing to the minimum necessary, especially where documents contain health, disability-related, safeguarding, or other sensitive information

No system is 100% secure, but I take reasonable steps to reduce risk and respond appropriately if issues arise.

12. Your rights

You have rights under UK GDPR, including:

  • Right of access: request a copy of your data
  • Right to rectification: correct inaccurate/incomplete data
  • Right to erasure: ask for deletion in certain circumstances
  • Right to restrict processing: ask me to limit how I use your data
  • Right to object: object where I rely on legitimate interests
  • Right to data portability: receive certain data in a usable format
  • Right to withdraw consent: where I rely on consent, including explicit consent for health, disability-related, access-related, or other special category data

To exercise your rights, email coach@connahanders.com. I may need to verify your identity before responding.

13. Complaints

If you have concerns, please contact me first and I will do my best to resolve them.

You also have the right to complain to the Information Commissioner's Office (ICO), the UK data protection regulator.

14. Children's data

My services are primarily intended for those over the age of 18. I may work with or support those under the age of 18 where a parent, guardian, responsible adult, school, college, or organisation is appropriately involved. A parent, guardian, responsible adult, or relevant organisational contact must give permission before a child or young person takes part in my services, unless another lawful basis applies.

Where I process children's data, I will only collect what is necessary for the service, such as contact details, access needs, support needs, meeting details, documents, communications, and relevant background information. A responsible adult should usually be included in sessions and written communications involving a child or young person.

If safeguarding concerns arise, I may need to share relevant information with appropriate professionals, services, or authorities.

15. Changes to this privacy notice

I may update this privacy notice from time to time. The latest version can be provided by email and/or via the link I share in my intake forms and booking communications.

Address:
17 Sunleigh Road
Wigan
WN2 2RE

Back to home