Privacy Policy

1. Who We Are

Howarth Bishopp is an independent executive coaching practice operated by Ben Cook. References to "we", "us", or "our" in this policy refer to Howarth Bishopp.

We are the data controller for any personal data collected in connection with our coaching services and related business activities. This means we are responsible for deciding how and why your personal data is used.

You can contact us at:

Website: howarthbishopp.com
Email: info@howarthbishopp.com

2. Scope of This Policy

This policy applies to all personal data we collect and process in the course of our coaching practice. This includes data relating to:

Prospective clients (contacts who have enquired about or expressed interest in coaching)
Active coaching clients
Former clients
Organisational sponsors (where an employer or third party is funding or arranging coaching)
Contacts made through networking, referrals, or professional outreach

3. Legal Framework

We process personal data in accordance with UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to handling your data lawfully, fairly, and transparently.

4. What Personal Data We Collect

4.1 Contact and identity data

Full name
Job title and organisation
Email address
Telephone number
Postal address

4.2 Professional background data

Employment history and role context, shared voluntarily during coaching conversations
Career goals, challenges, and development objectives
Organisational context relevant to the coaching engagement

4.3 Coaching session data

Notes, reflections, and records created during or after coaching sessions
Assessment or questionnaire responses completed as part of a coaching programme
Progress reviews and goal-tracking records

4.4 Financial and contractual data

Invoice and payment records
Signed agreements and coaching contracts

4.5 Communication data

Correspondence by email, phone, or other channels in connection with enquiries or coaching

5. How We Collect Personal Data

We collect personal data in the following ways:

Directly from you, when you contact us to enquire about coaching, complete a form on our website, or engage in a chemistry or discovery call
From an organisational sponsor, where your employer or another party has arranged coaching on your behalf
Through the course of a coaching engagement, as you share information relevant to your goals and development
Via our website and any associated forms or tools

6. Lawful Basis for Processing

We rely on the following lawful bases under UK GDPR:

6.1 Contract

Processing is necessary for the performance of a coaching contract with you, or to take steps at your request before entering into one. This covers session records, billing, and communication necessary to deliver coaching services.

6.2 Legitimate interests

We process contact and professional background data to manage enquiries, maintain our client relationships, and develop our practice. We have carried out a Legitimate Interests Assessment and are satisfied that these interests are not overridden by your rights and interests.

6.3 Legal obligation

We may need to process certain data to comply with applicable legal or regulatory requirements, such as financial record-keeping.

6.4 Consent

Where we send marketing or newsletter communications, we will ask for your consent explicitly and you may withdraw it at any time without affecting any other aspect of your relationship with us.

7. Special Category Data

Coaching conversations may occasionally involve sensitive topics that touch on health, mental wellbeing, or other matters classified as special category data under UK GDPR. Where you share such information in the course of coaching, we process it on the basis of your explicit consent, given through the terms of your coaching agreement.

We do not proactively seek to collect special category data and we do not use it for any purpose other than supporting your coaching work directly.

8. Confidentiality

All coaching conversations are confidential. We will not disclose what you share in sessions to third parties, including to your employer or sponsor, without your explicit consent. The only exceptions are:

Where you ask us to share specific information or a progress summary with a sponsor
Where we have a legal or safeguarding obligation to disclose information (for example, if there is a serious and immediate risk of harm to you or others)

9. How We Use Your Personal Data

We use the personal data we collect to:

Respond to enquiries and arrange initial calls
Set up and manage coaching engagements
Prepare for, conduct, and follow up on coaching sessions
Maintain session records and track progress against your goals
Issue invoices and manage payments
Comply with our legal and professional obligations
Improve and develop our coaching practice (using anonymised or aggregated information only)

10. Who We Share Data With

We do not sell, rent, or trade personal data. We may share your data in limited circumstances:

10.1 Organisational sponsors

If your coaching has been arranged by your employer or another sponsor, we may share agreed summary information (such as attendance or high-level progress) with them, subject to your agreement and the terms of any coaching contract.

Where a sponsor organisation is involved in arranging coaching, there may be circumstances in which both we and the sponsor are acting as data controllers in relation to the same personal data. In such cases, we will put a written arrangement in place with the sponsor that sets out the respective data controller responsibilities of each party, in accordance with Article 26 UK GDPR.

10.2 Professional supervisors

As a professional coach, we participate in supervision in line with the ethical standards of the Association for Coaching. Supervision conversations may involve anonymised case material. We ensure any information shared is appropriately de-identified.

10.3 Service providers

We use a small number of trusted third-party services to operate our practice, including for scheduling, invoicing, and document storage. These processors act only on our instructions and are bound by appropriate data processing agreements.

10.4 Legal requirements

We may disclose data where required by law, regulation, or a court order.

11. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law:

Enquiry and pre-contract data: up to 12 months from last contact if no engagement commences
Session notes and records: 2 years from the date of the last session of the coaching engagement
Financial and contractual records (invoices, signed agreements): 6 years after the engagement closes, in line with the Limitation Act 1980
Marketing and communications preferences: until you withdraw consent or request deletion

We will securely delete or anonymise data once the relevant retention period has passed.

12. Data Security

We take the security of your personal data seriously. We use appropriate technical and organisational measures to protect data against unauthorised access, loss, or disclosure. These include:

Password-protected and encrypted digital storage
Secure email practices
Limited access to personal data on a need-to-know basis

We will notify you and, where required, the Information Commissioner's Office (ICO) in the event of a data breach that is likely to affect your rights and freedoms.

13. International Data Transfers

Personal data processed in the course of our practice is stored in Microsoft 365. Microsoft acts as a data processor on our behalf under a Data Processing Agreement that is incorporated into the Microsoft Services Agreement. For transfers of UK personal data outside the UK or EEA, Microsoft uses the ICO's International Data Transfer Addendum to the EU Standard Contractual Clauses as the applicable transfer safeguard.

14. Data Protection Officer

We are not required to appoint a Data Protection Officer under Article 37 UK GDPR. This is because we are not a public authority, and our processing of personal data does not involve large-scale systematic processing of special category data or large-scale monitoring of individuals. Data protection matters are handled directly by Ben Cook as the principal of the practice.

15. Your Rights

Under UK GDPR, you have the following rights:

Right of access: to request a copy of the personal data we hold about you
Right to rectification: to ask us to correct inaccurate or incomplete data
Right to erasure: to ask us to delete your data, where there is no compelling reason for us to continue processing it
Right to restrict processing: to ask us to limit how we use your data in certain circumstances
Right to data portability: to receive your data in a structured, commonly used format
Right to object: to object to processing based on legitimate interests; we will stop unless we can demonstrate compelling legitimate grounds that override your interests
Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal
Rights related to automated decision-making: we do not use your data for automated decision-making or profiling

To exercise any of these rights, please contact us at the details in Section 1. We will respond within one calendar month.

16. Complaints

If you have concerns about how we handle your personal data, we would always prefer to hear from you first so we can try to resolve the matter. If you remain unhappy, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113

17. Changes to This Policy

We may update this policy from time to time to reflect changes in our practice or legal requirements. The current version will always be available on our website. We will notify active clients of any material changes.

V1.0 May 2026