Coach Ben Hamley

Dip. LC. ACCPH accredited

Privacy Policy

Last updated: June 2026

This Privacy Notice outlines how Ben Hamley (“we”, “our”, “us”) collects, stores, processes and protects your personal data. We are registered with the Information Commissioner’s Office (ICO) under registration number ZC079766.

1. The Data Controller

The Data Controller responsible for your personal data is Ben Hamley. If you have any questions about this privacy notice or how your data is handled, you can contact us at: ben@coachbenhamley.com.

2. The Types of Data We Collect

We collect and process both personal data and special category data:

      • Identity and Contact Data: Name, email address, phone number and billing/address details.

      • Financial Data: Payment details processed securely via our third-party merchant processor, Stripe. This includes your billing address, payment method type, transaction dates, and amounts. We do not store your raw credit card numbers on our servers; all payment processing is handled securely by Stripe.

      • Special Category Data (Health/Neurological Data): Information you choose to provide regarding your neurodivergence (ADHD/AuDHD traits), sensory experiences, mental health history or coping mechanisms via our intake forms, Google Forms, or documented within session notes.

    3. How We Collect Your Data

    We collect data from you when you:

        • Fill out forms on our website or submit information via our intake Google Forms.

        • Book a one off session, workshop or ongoing coaching package.

        • Communicate with us directly via email, phone or message.

      4. Our Lawful Bases for Processing Data

      Under the UK GDPR, we rely on the following legal bases to process your standard personal data:

          • Contractual Necessity (Article 6(1)(b)): To deliver the coaching services, process payments via Stripe, or manage workshops and sessions you have purchased.

          • Legal Obligation (Article 6(1)(c)): To keep financial records for UK tax (HMRC) purposes.

        For Special Category Data (your neurodivergent and health information), our lawful basis for processing is:

            • Explicit Consent (Article 9(2)(a)): By voluntarily inputting your neurodivergent profiles and traits into our registration forms, or sharing them during sessions, you give us explicit consent to process this data to tailor your somatic regulation sessions. You have the right to withdraw this consent at any time.

          5. Where Your Data is Stored and Kept Secure

          Your data is stored and managed across two secure, enterprise-grade cloud environments protected by mandatory Two-Factor Authentication (2FA) and strict access controls:

              1. Google Workspace: Used for email communication, intake form collection and administrative file storage.

              1. Trello (Atlassian): Used strictly for secure client session note management and administrative progress tracking.

              1. Stripe, Inc.: Used for secure payment processing, invoicing, and transactional fraud prevention.

            All client files and tracking boards are kept strictly confidential and are accessible only by the Data Controller.

            All client files, tracking boards, and financial logs are kept strictly confidential. Because Google, Atlassian (Trello), and Stripe utilize global server networks, data is transferred outside the UK to the US. These transfers are legally covered by all three providers’ active certification under the UK Extension to the EU-US Data Privacy Framework (the UK-US Data Bridge) and our respective Data Processing Addendums (DPAs) with them, ensuring your financial and personal data is protected to statutory UK GDPR standards.

            6. Data Retention

            We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting or reporting requirements. By UK law, we must keep basic information about our clients (including Contact, Identity and Financial Data) for six years after they cease being clients for tax and insurance purposes. Following this period, your data is permanently and securely deleted from both our Google and Trello systems.

            7. Your Legal Rights

            Under the UK GDPR, you have the right to:

                • Request access to the personal data we hold about you.

                • Request correction of inaccurate data.

                • Request erasure of your data (the “right to be forgotten”), subject to our statutory legal record-keeping obligations.

                • Withdraw your consent for us to process your health data at any time.

              To exercise any of these rights, please email us at ben@coachbenhamley.com. If you remain unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.