top of page

Privacy Policy

Last updated: 28.11.25

This Privacy Policy explains how I collect, use and protect your personal information when you visit my website, access my resources, or work with me through my own services or via partner organisations.

I am committed to protecting your privacy and handling your data fairly and transparently.

1. Who I am

Business name: The Cholesterol Coach
Website: https://www.thecholesterolcoach.co.uk
Email: hello@thecholesterolcoach.co.uk
Location: United Kingdom

For the purposes of data protection law (including the UK GDPR and Data Protection Act 2018), I am the data controller for the personal information you provide via this website and in connection with my services.

2. What data I collect

I may collect and process the following types of personal data:

a) Information you provide directly

  • Contact details – name, email address, phone number.

  • Booking / enquiry information – details you share in forms, emails, discovery calls or questionnaires (for example, your goals, lifestyle, or high-level health concerns).

  • Client information – if you become a client, I may collect additional information you share as part of coaching, such as lifestyle, diet and exercise habits, relevant medical history that you choose to disclose, and coaching notes about your progress.

  • Payment details – if you purchase a product or service, payment is processed securely via third-party providers (e.g. Stripe, PayPal, Wix / GoDaddy Payments). I do not store your full card details.

 

b) Information collected automatically

When you visit my website, certain information is collected automatically, such as:

  • IP address

  • Device and browser type

  • Pages visited and time spent on the site

  • Referring website

 

This information is typically collected through cookies and similar technologies for analytics and performance.

 

c) Information received from third-party partners

If you access my services or resources via a partner organisation (for example, a home blood test provider, a private clinic, or a workplace / pilot programme), I may receive limited information from them, such as:

  • Your name and contact details

  • Confirmation that you have been referred to me or have access to my resources

  • Confirmation that you have completed a particular test or purchased a package

  • A unique code or reference that links your redemption or access to that partner

  • High-level information about why you were referred (for example, that your lipid profile suggests you may benefit from heart-healthy lifestyle support)

 

I do not routinely receive your full test results directly from partners unless:

  • you choose to share them with me; or

  • there is a specific arrangement in place that you have been clearly informed about and have consented to.

 

If you upload or send your results to me yourself, they are treated as information you have chosen to provide as part of coaching.

In this policy, a “Testing Partner” means any third-party provider or clinic that carries out your blood tests and works with me as part of a programme.

 

3. Special category data (health information)

Some of the information you provide or choose to share with me may relate to your health, which is classed as “special category data” under data protection law.

I will only process this type of information when:

  • You voluntarily provide it in the context of coaching or enquiries, and

  • It is necessary for me to deliver my services (for example, to tailor lifestyle advice to your needs), and

  • You give your explicit consent for me to use it for this purpose.

 

You can withdraw your consent at any time by contacting me (see section 12). However, this may mean I am unable to continue providing coaching safely or effectively.

4. How I use your data

I use your personal data for the following purposes:

  • To respond to enquiries – answering questions you send via contact forms, email or social media.

  • To provide coaching services – delivering my heart-healthy and wellbeing programmes and related support.

  • To manage bookings and payments – including confirming appointments, sending reminders and processing transactions.

  • To provide access to digital products and toolkits – for example, granting access to members’ areas and tracking coupon / discount code redemptions.

  • To fulfil partner and pilot programmes – where you access my services through a third-party organisation (see section 7).

  • To send resources you’ve requested – such as toolkits, handbooks, downloads or email series.

  • To send marketing emails (with your consent) – such as newsletters, programme updates, offers and helpful content. You can unsubscribe at any time using the link in any email.

  • To improve my website and services – using anonymised or aggregated data from analytics and feedback.

  • To comply with legal or regulatory obligations – such as record-keeping or responding to lawful requests.

 

5. Lawful bases for processing

I rely on the following lawful bases under UK data protection law:

  • Consent – for email marketing, and for processing special category data (health information).

  • Contract – where processing is necessary to provide the services you’ve requested (e.g. coaching, purchases, access to toolkits).

  • Legitimate interests – for running and improving my business, managing partner/pilot programmes, basic client communication, and analytics, where this does not override your rights.

  • Legal obligation – where I am required to keep certain records or share information with authorities.

 

Where I run joint or pilot programmes with partner organisations, I rely on consent, contract and/or legitimate interests as appropriate, always balancing these with your rights and expectations.

 

6. Cookies and analytics

My website may use cookies and similar technologies to:

  • Make the site work properly and securely

  • Remember your preferences

  • Understand how visitors use the site (for example, via Google Analytics or built-in Wix analytics)

 

You can control cookies through your browser settings and, where available, through any cookie banner on the site. Disabling certain cookies may affect the functionality of the website.

 

7. Partnerships, referrals and pilot programmes

From time to time, you may access my services via third-party organisations, such as:

  • home or remote blood test providers;

  • private clinics and healthcare providers;

  • corporate / workplace partners running wellbeing pilots or staff programmes.

 

In these situations:

  • your use of my services is governed by this Privacy Policy and my Terms & Conditions; and

  • the partner’s services (such as blood tests, lab work or employment benefits) are governed by their own terms and privacy policy.

 

a) Data sharing with partners

To deliver and evaluate some partnership or pilot programmes, I may:

  • share limited information with the referring organisation, such as whether you redeemed a code, activated access or broadly engaged with the programme; and

  • receive limited information from them, such as confirmation that you meet eligibility criteria to access an offer.

 

I may also provide partners with anonymised or aggregated information about programme performance (for example, participation rates or overall trends), which does not identify you personally.

 

b) Sharing identifiable health information

Where any identifiable health information (such as your blood test results) is shared between me and a Testing Partner, this will only happen where:

  • it is necessary for the programme (for example, to tailor your support or monitor outcomes); and

  • you have been clearly informed; and

  • you have given your explicit consent for this specific data sharing.

 

This consent may be collected:

  • by the Testing Partner (for example, during their checkout or results process); and/or

  • by me (for example, via a consent form or tick box on my website).

 

You can withdraw this consent at any time by contacting either me or the Testing Partner, although this may affect your ability to continue in the particular pilot or programme.

 

8. How I share your data more generally

I do not sell your personal data.

I may share your information with trusted third parties where necessary to run my business, including:

  • Website and hosting providers (e.g. Wix)

  • Payment processors (e.g. Stripe, PayPal, Wix / GoDaddy Payments)

  • Email marketing platforms 

  • Scheduling tools (e.g. Calendly)

  • Third-party partners and pilot organisations as described in section 7

  • Accountants or professional advisers – where required for lawful business purposes

 

These third parties are only allowed to process your data on my instructions and must keep it secure.

I may also share information if required to do so by law, regulation, or to protect my rights and the safety of others.

9. International transfers

Some of the third-party services I use may be based outside the UK (for example, in the EU or US).

 

Where this is the case, I take steps to ensure your data receives an appropriate level of protection, such as using providers that rely on approved transfer mechanisms (e.g. standard contractual clauses) or are otherwise compliant with data protection requirements.

 

10. Data retention – how long I keep your data

I keep personal data only for as long as reasonably necessary for the purposes explained in this policy, including:

  • Enquiry data: usually up to 12–24 months after our last contact if you do not become a client.

  • Client records: typically up to 7 years after the end of our working relationship, to comply with professional, legal and insurance requirements.

  • Email marketing data: until you unsubscribe or your email address repeatedly bounces.

  • Partner / pilot programme data: for the duration of the programme and any reasonable evaluation period, and in line with the general retention periods above.

 

When data is no longer needed, it will be securely deleted or anonymised.

 

11. How I protect your data

I take appropriate technical and organisational measures to keep your data secure, including:

  • Using reputable platforms with secure logins

  • Limiting access to systems and data on a need-to-know basis

  • Using strong passwords and, where available, two-factor authentication

  • Keeping software and devices up to date

 

However, no system can be guaranteed 100% secure, and you share information at your own risk.

 

12. Your rights

Under UK data protection law, you have the following rights in relation to your personal data:

  • Right of access – to request a copy of the personal data I hold about you.

  • Right to rectification – to ask me to correct inaccurate or incomplete data.

  • Right to erasure – to ask me to delete your personal data in certain circumstances.

  • Right to restrict processing – to ask me to limit how I use your data.

  • Right to data portability – to request a copy of your data in a structured, commonly used format.

  • Right to object – to object to processing based on legitimate interests or to direct marketing.

  • Right to withdraw consent – where I rely on consent (for example for health data or marketing), you can withdraw this at any time.

 

To exercise any of these rights, please contact me at:  hello@thecholesterolcoach.co.uk

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are unhappy with how I handle your data:
Website: https://ico.org.uk

 

13. Children’s privacy

My services and website are not intended for children under 18. I do not knowingly collect personal data relating to children without appropriate consent. If you believe a child has provided me with personal information, please contact me so I can delete it where appropriate.

 

14. Changes to this policy

I may update this Privacy Policy from time to time. The “Last updated” date at the top will show when it was most recently revised.

Significant changes may be communicated via email or a notice on the website where appropriate.

15. Contact

If you have any questions about this Privacy Policy or how your data is handled, please contact me at:

Email: hello@thecholesterolcoach.co.uk
Website: https://www.thecholesterolcoach.co.uk

bottom of page