Lighter Coaching Privacy Policy

Effective date: May 13, 2024

1. Who we are

Lighter Coaching is a personal development coaching practice operated by Iela Chau, based in Amsterdam, the Netherlands. In this Privacy Policy, "Lighter Coaching," "we," "us," and "our" refer to this practice. "You" and "your" refer to clients, prospective clients, and visitors to our website.

Lighter Coaching is the data controller for the personal data described in this policy.

For all matters relating to this policy including data protection requests, business registration details (KvK / BTW), and questions about how we process your personal data, please contact us at iela@lightercoaching.nl.

2. What this policy covers

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights in relation to it. It applies to:

  • visitors to www.lightercoaching.nl;

  • people who book or take part in coaching sessions with us;

  • people who contact us by email, phone, or messaging app;

  • people who subscribe to our newsletter (when available).

We comply with the EU General Data Protection Regulation (GDPR), the Dutch Implementation Act (UAVG), and the UK GDPR where it applies to UK-based clients. For clients based in the United States or elsewhere, we apply the same standards.

3. What personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data.

Identity and contact details: your full name, email address, phone number, and country/city of residence.

Intake form information: before your first session you complete an intake form. The intake form may include your age, occupation, the reason you are seeking coaching, your goals, information about your work and personal life, major life changes, family background, previous coaching or therapy, and any other context you choose to share. The form is voluntary, you decide what and how much to share. Some of what you share may include special categories of personal data under Article 9 GDPR (for example information about your physical or mental health, or your private life). We only process special category data on the basis of your explicit consent.

Session content: brief handwritten notes we take during sessions (using your first name or initials only), and any written summary we email to you at your request.

Communication data: the content of emails, WhatsApp messages, or other messages you exchange with us for scheduling, follow-up, and general queries.

Payment data: Acuity Scheduling (operated by Squarespace, Inc.) processes payments on our behalf. We do not see or store your full card details. We receive confirmation of payment, the amount paid, and the name on the booking.

Website data: if you visit www.lightercoaching.nl, we collect limited information about your visit through cookies and similar technologies (e.g. analytics, session data). Squarespace, our website host, sets some cookies by default. You will be asked for cookie consent on your first visit and you can change your preferences at any time.

4. Why we use your data, and the legal basis for it

We process your personal data for the following purposes, each with a legal basis under Article 6 GDPR (and Article 9 where special category data is involved).

To deliver coaching services to you: responding to enquiries, scheduling and conducting sessions, sending session summaries on request, and managing payment. Legal basis: performance of a contract with you (Article 6(1)(b) GDPR).

To process sensitive information shared on the intake form or in sessions: for example information about your wellbeing, personal life, or health-adjacent topics. Legal basis: your explicit consent (Articles 6(1)(a) and 9(2)(a) GDPR). You can withdraw your consent at any time by contacting us, and we will stop processing and delete the relevant data (subject to retention obligations described below).

To meet our legal obligations: particularly to keep financial and tax records as required by Dutch law (such as the seven-year retention requirement under the Algemene wet inzake rijksbelastingen). Legal basis: legal obligation (Article 6(1)(c) GDPR).

To meet the requirements of our professional certifications: we are required by the European Mentoring and Coaching Council (EMCC) and the Nederlandse Orde van Beroepscoaches (NOBCO) to maintain reflective notes on our own coaching practice. These reflections are anonymised: they do not contain your name, contact details, employer, or any information that could reasonably be used to identify you. They focus on our own development as a coach (for example, how a moment in a session affected us and what we want to work on). Anonymised data is no longer personal data under the GDPR. Legal basis for the brief period before anonymisation: legitimate interest (Article 6(1)(f) GDPR), being the legitimate professional development of an accredited coach. We have weighed this interest against yours and consider the impact minimal, given the short retention period (two weeks maximum) and the anonymisation safeguard.

To send you marketing communications (when we offer this in future): such as a newsletter or updates about our services. Legal basis: your consent (Article 6(1)(a) GDPR). Newsletter signup is separate from booking and you can unsubscribe at any time.

To operate our website and understand how it is used: including basic analytics. Legal basis: your consent for non-essential cookies (Article 6(1)(a) GDPR); legitimate interest for strictly necessary cookies (Article 6(1)(f) GDPR).

5. Service providers we use

We rely on a small number of third-party tools to run the practice. Each acts as a data processor on our behalf and is bound by data processing terms, and does not use the data for their own purposes. Such tools include:

  • Booking tools, intake forms, payment processing

  • Email, communication, newsletter/marketing providers, and session documentation tools

  • Website hosting tools, website analytics, cookie technology providers

We do not sell your personal data, and we do not share it with third parties for their own marketing purposes.

6. International transfers

Several of the service providers above are based in the United States or transfer data outside the European Economic Area. Where this is the case, transfers are made under safeguards recognised by the GDPR (including the EU–US Data Privacy Framework (where the provider is certified)) and/or Standard Contractual Clauses approved by the European Commission, together with supplementary measures as appropriate.

You can request a copy of the safeguards in place by emailing us.

7. How long we keep your data

We keep your personal data only for as long as needed for the purposes described above:

  • Intake form information and any pre-anonymisation session notes: kept for a maximum of two weeks after the session, after which digital copies are deleted and any paper notes are destroyed. Anonymised reflections derived from these notes are retained as described above; once anonymised, they no longer identify you.

  • Session summaries we email to you at your request: a copy remains in our email "Sent" folder. We do not actively use this copy after sending. You can ask us to delete it at any time and we will do so within 30 days.

  • Identity and contact details, and basic correspondence: kept for the duration of the coaching engagement and for up to 12 months after the last session for practical follow-up, after which they are deleted unless you remain subscribed to our newsletter.

  • Financial and tax records (invoices, payment confirmations, names linked to invoices): kept for seven years, as required by Dutch tax law.

  • Anonymised reflection notes for certification purposes: retained for the period required by EMCC and NOBCO. Because these are anonymised, they are not personal data.

  • Newsletter subscription data (when available): kept until you unsubscribe.

  • Website cookies and analytics: retained for the lifespan set by each cookie, as described in our cookie banner.

8. How we protect your data

We take appropriate technical and organisational measures to protect your data, including:

  • limiting access: only Iela Chau handles client data;

  • using providers (Google, Squarespace, Acuity) that offer industry-standard encryption in transit and at rest;

  • two-factor authentication on the email and storage accounts that hold client data;

  • physical safeguards for paper notes during the brief retention window, and shredding on disposal;

  • minimisation: we do not collect more data than we need, and we anonymise as soon as we can.

No system is perfectly secure. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours and notify you directly where required by law.

9. Your rights

Under the GDPR (and the UK GDPR for UK clients), you have the following rights:

  • Access: to receive a copy of the personal data we hold about you.

  • Rectification: to have inaccurate or incomplete data corrected.

  • Erasure: to have your data deleted (the "right to be forgotten"), subject to our legal retention obligations (e.g. tax records).

  • Restriction: to limit how we process your data in certain circumstances.

  • Portability: to receive your data in a structured, machine-readable format.

  • Objection: to object to processing based on legitimate interest, or to direct marketing.

  • Withdrawal of consent: where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of processing done before withdrawal.

  • Not to be subject to automated decision-making: we do not use automated decision-making or profiling.

To exercise any of these rights, email iela@lightercoaching.nl. We will respond within one month. There is no fee for reasonable requests.

10. Complaints

If you are unhappy with how we handle your personal data, we would like to hear from you first so we can try to put things right.

You also have the right to lodge a complaint with the Dutch Data Protection Authority: Autoriteit Persoonsgegevens: autoriteitpersoonsgegevens.nl.

If you are based in the UK, you can contact the Information Commissioner's Office (ICO) at ico.org.uk.

If you are based in the United States or elsewhere, you can contact us first and we will work with you to resolve concerns and, where applicable, support your rights under your local law (such as the CCPA for California residents).

11. International clients

We work with clients based in the Netherlands, the wider EU/EEA, the United Kingdom, the United States, and other locations. Regardless of where you are based, we apply the standards in this policy. EU/EEA and UK clients have the rights described in section 9. US-based clients, including California residents, can exercise rights under applicable state law by contacting us in the same way.

12. Children

Our services are intended for adults. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have collected data from a minor, please contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post any updates on www.lightercoaching.nl with a revised "Last updated" date. For material changes that affect how we process your data, we will notify you directly where reasonably possible.

14. Contact

Lighter Coaching Iela Chau Amsterdam, the Netherlands

Email: iela@lightercoaching.nl

Website: www.lightercoaching.nl