Privacy Notice

Last updated: 24th October 2025

Carly Ferguson Consulting Ltd ("we", "us", "our") is committed to protecting your privacy and handling personal data responsibly and transparently.

This Privacy Notice explains what personal data we collect, how and why we use it, and your rights under UK data protection law.

Who we are

Carly Ferguson Consulting Ltd is a UK-registered limited company providing leadership coaching, facilitation, workshops and consultancy services.

Data Controller: Carly Ferguson Consulting Ltd
Contact email: carly@carly-ferguson.com

What personal data we collect

Depending on how you engage with us, we may collect the following personal data:

  • Name, job title and organisation

  • Email address and other contact details

  • Billing and invoicing information

  • Information you choose to share during coaching, consultancy or workshops

  • Workshop-related information required to deliver services effectively

For certain workshops, this may include date, time and place of birth, where this information is necessary to prepare individualised workshop materials.

We do not intentionally collect special category data unless it is voluntarily shared and relevant to the service being provided.

How we use your data

We use personal data only where necessary and proportionate, including to:

  • Deliver coaching, facilitation, consultancy and workshop services

  • Prepare and deliver individualised workshop materials and insights

  • Communicate with you about sessions, projects or enquiries

  • Manage contracts, invoicing and payments

  • Comply with legal and regulatory obligations

We do not use personal data for automated decision-making or profiling.

Legal basis for processing

Under UK GDPR, we rely on the following lawful bases to process personal data:

  • Performance of a contract – where data is needed to deliver agreed services

  • Legitimate interests – for business administration and professional communication

  • Consent – where you have explicitly agreed to provide specific information

  • Legal obligation – where required by law

Where consent is relied upon, it may be withdrawn at any time.

Data sharing

We do not sell personal data.

Personal data is not shared with third parties except where:

  • Required to deliver services (e.g. secure scheduling or invoicing systems)

  • Required by law or regulation

Any third-party services used are selected for their compliance with UK data protection standards.

Data storage and security

Personal data is stored securely using reputable, cloud-based systems with appropriate technical and organisational safeguards.

Access to personal data is restricted to the director of the company.

Data retention

Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected, including:

  • Delivery of services

  • Legal, accounting or regulatory requirements

Workshop-specific personal data is deleted once it is no longer required for delivery of the service.

Your rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure of your data

  • Object to or restrict processing

  • Request data portability

  • Withdraw consent at any time

To exercise your rights, please contact us using the details above.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Changes to this Privacy Notice

We may update this Privacy Notice from time to time. The most recent version will always be available on our website.

If you have any questions about this Privacy Notice or how your data is handled, please get in touch.