Latimer Ltd, trading as The Whole Life, (“we”, “us”, or “our”) is committed to protecting and respecting your privacy. This privacy notice explains how we collect, use, store, and protect your personal information.
This privacy notice tells you what to expect us to do with your personal information.
Contact details:
For any privacy or data protection queries, please contact us at: Email: hello@thewholelife.co.uk
What information we collect, use, and why
We collect or use the following information to provide and improve products and services for clients:
Names and contact details
Addresses
Payment details (including card or bank information for transfers and direct debits)
Transaction data (including details about payments to and from you and details of products and services you have purchased)
Usage data (including information about how you interact with and use our website, products and services)
Health information (such as medical records or health conditions)
Records of meetings and decisions
We collect or use the following personal information for the operation of client or customer accounts:
Names and contact details
Addresses
Purchase/service history
Account information, including registration details
Marketing preferences
Technical data, including information about browser and operating systems
We collect or use the following personal information for information updates or marketing purposes:
Names and contact details
Addresses
Profile information
Marketing preferences
Purchase or account history
Website and app user journey information
IP addresses
We collect or use the following personal information for dealing with queries, complaints or claims:
Names and contact details
Lawful bases and data protection rights
Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.
Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.
If you make a request, we must respond to you without undue delay and in any event within one month.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
Our lawful bases for the collection and use of your data
Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:
Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
We collect and use personal information to deliver high quality, tailored coaching services that meet the individual needs of our clients. This includes gathering relevant details about a client’s goals, challenges, motivational preferences and context in order to provide a personalised and effective coaching experience. Our legitimate interest lies in the ability to improve client outcomes, track progress, ensure continuity between sessions and enhance the overall quality of our services. This benefits our clients by ensuring they receive support that is relevant, respectful and aligned with their personal or professional development goals. We only collect information that is necessary for this purpose and take care to minimise any potential impact on clients\’ privacy. We never use this information in ways that clients would not reasonably expect. Additionally, we maintain robust safeguards to ensure all personal data is handled responsibly, securely and with full respect for clients’ confidentiality and autonomy.
Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:
Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
We collect and use personal information to create and manage client accounts in order to deliver an organised, reliable and personalised coaching experience. This includes storing essential contact information, session notes, service preferences, and appointment history to ensure continuity of care, timely communication and service quality. Our legitimate interest is to operate efficiently as a professional coaching business, while supporting clients with a consistent, confidential and well-documented journey. The benefit to clients is a seamless and tailored service that reflects their progress, goals, and individual needs. We minimise risk by collecting only the information necessary for account operation, storing it securely and giving clients access to update or request removal of their data. We do not use account information for unrelated marketing without explicit consent. The interests of our clients remain central, and we ensure our practices do not override their rights or expectations of privacy.
Our lawful bases for collecting or using personal information for information updates or marketing purposes are:
Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
We collect and use personal information to share relevant updates about our coaching services, resources, events and offerings that support personal and professional development. Our legitimate interest is to stay connected with existing or past clients and others who have shown interest in our services, by providing value-driven content that aligns with their original engagement. This communication may include insights, tools or updates likely to benefit the individual based on their previous interaction with us. We ensure this is proportionate, non-intrusive and always includes the ability to opt out. We minimise impact by only sending updates when there is a relevant and reasonable connection, and we never share information with third parties for marketing. Clients and contacts always have full control over their preferences. The benefit of staying informed about supportive coaching opportunities outweighs any minimal risk of inconvenience, which we mitigate with clear transparency and control
Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:
Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
We collect and use personal information to effectively respond to queries, complaints or claims in a way that ensures clear communication, client support and professional accountability. Our legitimate interest lies in being able to address concerns fairly, resolve misunderstandings, improve our services and maintain accurate records of communications. This benefits both the individual and our business by ensuring we can respond appropriately, honour any service obligations and safeguard both parties should a dispute arise. We only collect the minimum necessary information, store it securely and retain it for as long as needed to meet our legal, ethical or contractual obligations. We ensure this use does not override the individual’s rights or expectations and we treat all personal information with sensitivity and care.
Where we get personal information from:
Directly from you
How long we keep information:
Retention Schedule for The Whole Life:
Data Type
Purpose
Retention Period
Reason
Client records (notes, assessments)
Coaching records and continuity
7 years after service ends
Insurance and legal compliance
Contact forms / enquiries
Responding to initial queries
12 months
Business need and audit trail
Contracts and invoices
Fulfilling financial and legal requirements
7 years
HMRC / tax law
Marketing consent records
Evidence of consent for marketing
Until withdrawn or inactive 2 yrs
GDPR compliance
Email correspondence
Supporting queries, coaching process, evidence
7 years
Insurance and continuity
Website analytics (anonymised)
Improving website performance
26 months (Google default)
Business interest, anonymised
Who we share information with:
Data processors
Acuity Scheduling (Squarespace), USA
This data processor does the following activities for us: Provides online appointment scheduling and booking management.
MailerLite, Lithuania (EU compliant)
This data processor does the following activities for us: Manages email marketing campaigns and subscriber communications.
Stripe, USA
This data processor does the following activities for us: Payment Processing.
Paypal, USA
This data processor does the following activities for us: Payment Processing.
Others we share personal information with
Professional or legal advisors
Organisations we’re legally obliged to share personal information with
Publicly on our website, social media or other marketing and information media: only where we have received clear, informed consent from the individual involved. This applies to client testimonials, whether written or video-based, which may include the client’s name, general description of their experience or video footage. These materials are shared for the purpose of promoting our services and building trust with prospective clients. Individuals have the right to withdraw their consent at any time, and we will remove their testimonial promptly if requested.
Suppliers and service providers
Sharing information outside the UK
Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.
For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.
Organisation name: Mailerlite
Category of recipient: Email marketing provider
Country the personal information is sent to: Lithuania
How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)
Category of recipient: Booking and appointment management
Country the personal information is sent to: USA
How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)
Organisation name: Stripe
Category of recipient: Payment Processor
Country the personal information is sent to: USA
How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs)
Organisation name: Paypal
Category of recipient: Payment Processor
Country the personal information is sent to: USA
How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs)
Organisation name: Remarkable
Category of recipient: Cloud-based handwriting capture and client note storage platform.
Country the personal information is sent to: Norway
How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)
Organisation name: Google Suite
Category of recipient: Cloud-based productivity and communication tools provider (information technology / cloud services sector)
Country the personal information is sent to: USA
How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)
Organisation name: Zoom
Category of recipient: Video conferencing and communication service provider (telecommunications / digital communications sector)
Country the personal information is sent to: USA
How the transfer complies with UK data protection law: The country or sector has a UK data bridge (also known as Adequacy Regulations)
How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
