At ProActa H&S Consultancy, we value your privacy and are committed to safeguarding your personal information. This section outlines the type of personal data we collect from users, detailing both identifiable and non-identifiable information, to ensure transparency in our data collection practices. 

We collect data through a variety of means including forms, website interactions, and cookies. Identifiable information may include your name, email address, and telephone number, which are gathered when you subscribe to our newsletter, request information about our coaching services, or book a session with one of our professional coaches. 

Non-identifiable information, which may include your IP address and browser type, helps us assess the effectiveness of our website and improve user experience. Rest assured, we are committed to protecting your data in compliance with the UK General Data Protection Regulation (GDPR). 

We implement appropriate technical and organisational measures to ensure your personal information is processed securely. Your trust is important to us, and we are dedicated to maintaining a high level of data security to provide you with peace of mind while engaging with our services. 

By using our website, you consent to our data collection practices as outlined in this policy.

_________________________________________________________________________________________________________

Privacy Policy for ProActa H&S Consultancy 

Last Updated: 6 April 2026 

1. Introduction ProActa H&S Consultancy ("we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.proacta.co.uk, engage our Health & Safety consultancy services, or participate in our professional coaching programmes. We act as a Data Controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy focuses on the personal data we commonly handle as a small consultancy (especially names, email addresses and other contact details) while delivering Health & Safety consultancy and professional coaching services. 

2. Information We Collect We may collect and process the following types of personal data (depending on how you interact with us): • Identity Data: Name, title, job role, employer/organisation (if applicable). 

• Contact Data: Email address, telephone number, and postal address. • Enquiry & Service Data: Information you provide when you enquire, book, or receive services (e.g., scope of H&S support needed, session goals, availability). 

• Coaching Data (special care): Information you choose to share during coaching (e.g., career his tory, aspirations, challenges, notes/action plans). We treat this as sensitive in practice and limit ac cess on a strict need-to-know basis. 

• H&S Consultancy Data: Information provided by you or your organisation in relation to health & safety support (e.g., policies and procedures, training records, audit findings, incident/accident investigation information, risk assessment information). Where these include personal data (names, email addresses), we process them for the purpose of delivering our services. 

• Website/Technical Data: IP address, device and browser information, time zone and approximate location, and information about how you use our site (collected via cookies/analytics where enabled).

 • Marketing & Communications Data: Your preferences in receiving marketing from us and your communication preferences. 

• Payment/Invoice Data (where relevant): Billing name, billing address, email, invoice history, and payment status. (We do not intentionally collect or store full card details; card payments are handled by our payment provider when used.) 

Children’s Data

 Our services are not aimed at children, and we do not knowingly collect personal data relating to children. Please do not provide children’s data to us. 

3. How We Collect Your Data We collect data through: 

• Direct interactions: When you complete website forms, email us, call us, book services, or provide information as part of delivering our services. 

• Service provision: During Health & Safety audits, site visits, training, incident investigations, and coaching sessions (face-to-face or online). 

• Automated technologies: When you use our website, we may collect certain technical data via cookies or similar technologies (depending on your cookie choices). 

• Third parties: From organisations you represent (e.g., your employer) where they engage us, and from service providers we use to operate our business (see Section 9). 

4. How We Use Your Information (Purposes & Lawful Bases) We use your personal data to provide a supportive and professional service. We will only use your personal data when the law allows us to. Below are the common purposes and lawful bases we rely on: 

• To respond to enquiries and provide the ,information you request ◦ Lawful basis: Legitimate interests (running our business and responding to requests) and/or steps prior to entering a contract. 

• To deliver Health & Safety consultancy services and professional coaching services ◦ Lawful basis: Performance of a contract (where you contract with us directly) and/or legitimate interests (where we are delivering services via your organisation). • To manage our relationship with you (admin, scheduling, service messages) ◦ Lawful basis: Contract and/or legitimate interests. 

• To invoice, take payments, and keep accounting records ◦ Lawful basis: Contract and legal obligation. 

• To comply with legal and regulatory obligations (e.g., H&S related legal duties where applicable, tax/accounting obligations) ◦ Lawful basis: Legal obligation. 

• To improve our website and services ◦ Lawful basis: Legitimate interests (and consent where cookies/analytics require it). • To send marketing communications (where applicable) ◦ Lawful basis: Consent (where required) and/or legitimate interests (where permitted by law). You can opt out at any time. Special Category Data We do not intentionally seek to collect special category data (e.g., health information) as part of our normal processes. 

However, during coaching or H&S work you may choose to share information that could be special category data. Where we process special category data, we will only do so where we have a lawful basis under UK GDPR and an appropriate Article 9 condition (for example, explicit con sent where appropriate, or where necessary for establishing, exercising or defending legal claims). If special category data is required for a specific service, we will explain what we need and why. 

5. Data Security We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. Where we store your personal data Personal data (such as names and email addresses) may be stored on: • our CRM lite system (used for managing enquiries, client contacts, and service administration); and • our business laptop (for day-to-day delivery and secure storage of working documents). This includes: • Encryption of hardware (laptops and mobile devices). • Secure password protection and multi-factor authentication where available. • Restricted access to coaching notes and H&S compliance records on a need-to-know basis. • Secure storage and controlled sharing of documents. 

6. Data Retention We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Unless a shorter period applies, we generally keep relevant business records for up to 6 years. Regular data clean-ups We carry out regular reviews and data clean-ups to help ensure personal data is not kept longer than necessary, and to remove or anonymise information when it is no longer in use (for example, where an enquiry does not proceed or where records are no longer required). We may retain information for longer where required to deal with complaints, claims, or where we reasonably believe there is a prospect of litigation. 

7. Disclosure of Your Information We do not sell your personal data. We may share your information where necessary with: • Professional advisers (e.g., lawyers, auditors, insurers). • Service providers who provide IT, website, email, scheduling, file storage, video conferencing, or system administration services (see Section 9). • Regulators and authorities (e.g., the HSE) where required by law or where necessary to protect legal rights. • Client organisations (where your employer/organisation engages us): we may share relevant de liverables and communications with the nominated contact(s). For coaching, we will not share coaching content with an employer unless you ask us to, or we are legally required to. 

8. Your Legal Rights Under the UK GDPR, you have the right to: 

• Request access to your personal data. 

• Request correction of inaccurate or incomplete data. 

• Request erasure of your personal data (in certain circumstances). 

• Object to processing of your personal data (in certain circumstances). 

• Request restriction of processing (in certain circumstances). 

• Request data portability (in certain circumstances). 

• Withdraw consent at any time where we rely on consent. 

You also have the right to complain to the Information Commissioner’s Office (ICO) if you are unhap py with how we use your data (www.ico.org.uk). We’d appreciate the chance to help first, so please contact us in the first instance. 

9. Third-Party Tools, Processors & International Transfers (Placeholders) We may use trusted third-party suppliers (“processors”) to help run our business and deliver services (for example: website hosting, email, analytics, CRM, online scheduling, video calls, cloud storage, e signing, accounting, and invoicing). Third-party tools we may use (placeholders – to be completed): 

• Coaching Mastery: For gold star accreditation training, community support, and website develop ment. 

• Constant Contact & Marblism: for marketing outreach. 

• Wix: For publishing blogs. 

• Ionos: Our email platform, used for email hosting, digital archiving, and premium virus protection. 

• Website hosting: Ionos & The Coaching Masters 

• Website analytics/cookies: Google Analytics & Ionos & The Coaching Masters 

• Email marketing/newsletters: Ionos & Marblism 

• CRM / client records: Marblism • Online booking/scheduling: Marblism 

• Video conferencing (online coaching & H&S consultancy calls): Microsoft Teams/Zoom 

• Cloud storage/file sharing: Ionos

 • Accounting/invoicing: Xero • Payment processing: Stripe 

• E-signature (if used): Adobe DocuSign 

Where suppliers process personal data on our behalf, we require appropriate contractual protections (including UK GDPR-compliant data processing terms). Security Measures (Email Protection) We use advanced protection against viruses, worms, and Trojans. Attachments are automatically scanned and cleaned or deleted if malware is detected to help ensure data safety. International Data Transfers Some suppliers may process personal data outside the UK. Where this happens, we will ensure appropriate private safeguards are in place, such as: 

- UK adequacy regulations, and/or  the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs, and/or other lawful transfer mechanisms. 

10. Cookies & Similar Technologies We may use cookies and similar technologies to help our website function and to understand how it is used. Where required, we will ask for your consent before placing non-essential cookies. You can manage cookie settings through your browser and/or our cookie banner (if enabled). 

11. Email Archiving With Email Archiving, you can archive your complete emails digitally in a highly secure and automat ed process. It is suitable for both companies and private users. All emails are archived that are already in the mailbox at the time of activation as well as those that are subsequently sent or received. 

12. Third-Party Links Our website may include links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. 

Contact Details If you have any questions about this Privacy Policy or our privacy practices, or you’d like to exercise your rights, please contact; ProActa Legal Team, Lyonshall, Kington, Herefordshire, United Kingdom 

Email: legal@proacta.co.uk 

Phone: +442045099796 

Website: www.proacta.co.uk 

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk)