Privacy Policy

Privacy Statement

Introduction

Nicola Headley is a sole trader based in West Sussex (“we”, “our”, “us” in this Privacy Statement).

Nicola Headley is responsible for collecting, processing, storing and safeguarding personal and other information as part of providing services and carrying out regular business activities. We manage personal information in accordance with applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Any questions regarding our processing of personal data should be directed to:
hello@nicolaheadley.co.uk

Data processing principles

We take protecting online privacy and data security seriously. Please read the whole of this Privacy Statement carefully, as it sets out our approach to processing personal data, including what information we may collect from you, how we may use it, store it and protect it, and your rights as a data subject.

This Privacy Statement outlines our approach to any kind of data processing where we are acting as a data controller or co-controller (including collection, use, transfer, storage and deletion) of personally identifiable information (any information that may be used to identify a physical person, and any other information associated therewith) about natural persons. This statement applies to our processing of data collected through any means, actively as well as passively, from persons located anywhere in the world.

We are guided by the following principles when processing data:

  • We will only collect data for specific and specified purposes;

  • We will not collect data beyond what is necessary to accomplish those purposes and will minimise the amount of information collected;

  • We will collect and use personal information only where we have legitimate business reasons for doing so;

  • We will not use data for purposes other than those for which it was collected without prior consent;

  • We will seek to verify and update data where appropriate and accept requests for amendment;

  • We will apply appropriate technical and organisational measures to keep data secure;

  • Except where required by law, we will not retain identifiable data for longer than necessary.

What information we collect

In accordance with data protection legislation, we only collect and process information required to meet the purposes outlined above. This may include, but is not limited to:

  • Contact details;

  • Personal details and identifiers;

  • Bank details and financial information;

  • Details about your occupation and business;

  • Information about how you use our website, including technical data such as IP address.

We encourage you not to provide personal data that we do not request.

How we collect, use and share personal data

Most personal information is provided directly by you when you engage with us or make an enquiry. We collect information when:

  • You sign up to our mailing list or newsletter;

  • You download a resource or opt-in;

  • You enquire about or purchase services;

  • You contact us via the website, email or social media;

  • You work with us in a commercial capacity.

We collect this information to:

  • Respond to enquiries;

  • Deliver services;

  • Create and manage client records;

  • Send newsletters or relevant communications where consent has been given;

  • Improve website performance and user experience.

We will not sell or lend your personal data to third parties. We only share personal data with trusted third-party service providers where necessary for business operations and where appropriate safeguards are in place.

Use of AI and automated tools

We may use AI-assisted tools to support certain business processes, such as drafting content, organising information or improving efficiency. These tools are used responsibly and do not replace human judgement.

We will not:

  • Use personal data to train AI models;

  • Permit third-party platforms to use personal data, audio or video recordings for AI training or development;

  • Rely solely on automated decision-making where it would have a legal or significant effect on individuals.

All personal data remains subject to the same data protection principles outlined in this policy.

How we store and transfer your information

We have appropriate technical and organisational measures in place to protect personal data. Information is stored securely and is only accessible where necessary.

Your data may be stored using trusted third-party platforms, including:

  • MailerLite (email marketing);

  • Secure cloud-based storage;

  • Other authorised service providers supporting business operations.

Some service providers may store data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place to maintain an equivalent level of protection in line with UK data protection requirements.

We will retain personal data for up to 3 years, unless a longer retention period is required for legal or legitimate business reasons.

Legal basis for processing your data

We process personal data under the following lawful bases:

  • Consent;

  • Performance of a contract;

  • Compliance with a legal obligation;

  • Legitimate business interests.

Where special category data is collected, this will only be with explicit consent and handled in line with applicable regulations.

Your legal rights

You have the right to:

  • Access personal data we hold about you;

  • Withdraw consent where processing is based on consent;

  • Request correction of inaccurate data;

  • Request erasure of data in certain circumstances;

  • Request restriction of processing;

  • Object to processing based on legitimate interests;

  • Lodge a complaint with the Information Commissioner’s Office (ICO).

Requests should be made to:
hello@nicolaheadley.co.uk

Links from our website

Our website may contain links to third-party sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies separately.

Marketing emails

We may send marketing emails where you have opted in. You can unsubscribe at any time using the link provided in the email or by contacting us at hello@nicolaheadley.co.uk. Please allow up to 24 hours for changes to take effect.

Cookies and website analytics

We use cookies and analytics tools to understand how visitors use our website and to improve user experience. Data collected is generally anonymised and aggregated.

You can manage cookie preferences through your browser settings. Restricting cookies may affect website functionality.

Changes to this policy

This Privacy Policy was last updated on 15 December 2025 and is reviewed periodically. We reserve the right to update this policy as required. Any significant changes will be communicated where appropriate.

If you have concerns about how your data is handled, please contact us at hello@nicolaheadley.co.uk. You may also contact the ICO at:
https://ico.org.uk