1. Who we are

• Data Controller: Chloe Harrison

• Contact Details:

• Business email: info@co-reg.co.uk

• Business mobile number: 07368222698

We have not appointed a DPO as we are a small business and not legally required to do so.

2. What personal data we collect and how we collect it

• Data we collect:

• Email communications: any personal data you supply when emailing us (e.g. name, email address, content you choose to provide).

• Mobile communications: any personal data included in SMS or phone call content (e.g. name, contact number, message content).

• How we collect it:
  All data is collected when you proactively contact us via email, SMS, or phone call, not through any forms or automated mechanisms on our website.

3. Why and how we use your personal data (Purpose and Lawful Basis)

We process the data you provide for the following purposes, on this lawful basis:

Purpose of processing

Responding to your enquiries and facilitating our therapeutic/coaching relationship

Data

Name, email, phone number, message content

Lawful Basis (UK GDPR – Article 6(1))

Legitimate interests (responding to your communication)

Legitimate interests means we need your contact details to communicate with you effectively. You initiate the contact, and responding is reasonable to fulfil your request.

4. Who we share data with

We only share your personal data if absolutely necessary - for example:

• With service providers (e.g., email hosting platform) strictly to enable us to send or receive your communications.

• We do not share your data with third parties for marketing or unrelated purposes.

5. Transfers to other countries

We do not transfer your personal data outside the UK or the European Economic Area. If this changes (e.g., external service providers located outside the UK), we’ll ensure appropriate safeguards and mention them here.

6. Data retention

• We retain your email and phone communication data only as long as necessary to respond to and manage your inquiry.

• After this, we securely delete or anonymise the data.

• If legal or contractual obligations require longer retention, we will retain data only for the minimum period allowed.

7. Your rights under UK GDPR

You have several rights in relation to your personal data:

• Right to be informed - to understand how your data is used (that’s what this policy is for).

• Access - you can request a copy of the personal data we hold about you.

• Rectification - request corrections if your data is inaccurate.

• Erasure (“right to be forgotten”) - ask us to delete your data where there is no legitimate reason for us to retain it.

• Restriction of processing - ask us to limit our use of your data in certain circumstances.

• Data portability - receive your data in a structured, machine-readable format or have it transferred to another controller (where applicable).

• Right to object - oppose our processing on grounds of legitimate interests.

• Withdraw consent - if we ever process data based on consent (not currently applicable), you have the right to withdraw it at any time.

To exercise any of these rights, please contact us via: info@co-reg.co.uk

8. Right to complain

If you feel we are not processing your personal data in compliance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):https://ico.org.uk