Privacy policy

Privacy Notice

Andy Nobes Coaching and Consultancy

Last updated: June 2026

Andy Nobes Coaching and Consultancy is committed to protecting your privacy and handling your personal information responsibly, lawfully, and transparently.

This Privacy Notice explains how I collect, use, store, and share personal information when you contact me, use my website, book coaching or consultancy services, take part in coaching sessions, or otherwise work with me.

For the purposes of UK data protection law, Andy Nobes, trading as Andy Nobes Coaching and Consultancy, is the data controller.

You can contact me at:

Andy Nobes Coaching and Consultancy
contact address available on request
Email: andynobes@gmail.com
Website: www.andynobes.co.uk

  1. Personal information I collect

I may collect and process the following types of personal information:

  • Contact details, such as your name, email address, telephone number, organisation, role, and postal address where needed.
  • Booking and administrative information, such as session dates, payment records, invoices, correspondence, and contractual information.
  • Coaching-related information, such as your goals, development priorities, reflections, notes from sessions, agreed actions, and information you choose to share during coaching.
  • Consultancy-related information, such as project correspondence, meeting notes, stakeholder information, research or workshop participation details, and organisational context.
  • Website information, such as your IP address, browser type, pages visited, and cookie preferences, where collected through website analytics or security tools.
  • Payment information, such as invoice status and payment records. I do not usually collect or store full card details myself. Where card payments are used, these are processed by a third-party payment provider.

I may occasionally process more sensitive information if you choose to share it during coaching or consultancy work. This may include information about health, neurodiversity, disability, work stress, family circumstances, or other personal matters. Under UK GDPR, some of this may be “special category data”, which requires additional protection. The ICO identifies special category data as including information about health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, sex life, and sexual orientation.

  1. How I collect personal information

I collect personal information when you:

  • contact me by email, telephone, social media, website form, or other communication channel;
  • book a coaching, consultancy, training, or workshop session;
  • complete an intake form, enquiry form, reflection form, survey, or feedback form;
  • take part in coaching, consultancy, research, training, or workshop activities;
  • make a payment or request an invoice;
  • use my website;
  • agree to the use of recording, transcription, or AI-assisted note-taking tools.

Most personal information is provided directly by you. In some consultancy or organisational work, information may also be provided by your employer, organisation, funder, project partner, or another relevant contact.

  1. Why I use your personal information

I use personal information to:

  • respond to enquiries;
  • arrange and deliver coaching, consultancy, research, facilitation, training, or related services;
  • manage bookings, contracts, payments, invoices, and records;
  • prepare for sessions, maintain appropriate professional notes, and support continuity of work;
  • communicate with you before, during, and after services;
  • meet legal, tax, accounting, insurance, safeguarding, and professional obligations;
  • maintain the safety, integrity, and security of my services and website;
  • improve my services, where appropriate;
  • send updates or marketing communications where you have agreed to receive them, or where this is otherwise permitted by law.
  1. Lawful basis for using personal information

I process personal information only where I have a lawful basis to do so.

For most coaching and consultancy clients, the main lawful bases are:

  • Contract: to provide services you have requested, arrange sessions, communicate with you, issue invoices, and manage the coaching or consultancy agreement.
  • Legitimate interests: to keep appropriate business and professional records, manage enquiries, maintain service quality, protect my business, and communicate with clients or potential clients in a proportionate way.
  • Legal obligation: to meet tax, accounting, data protection, safeguarding, or other legal duties.
  • Consent: where you have agreed to a particular activity, such as receiving certain marketing communications or using recording, transcription, or AI-assisted note-taking tools where consent is appropriate.

Where I process special category data, I will do so only where an additional condition applies, such as your explicit consent, the need to protect vital interests, or where processing is necessary in relation to legal claims, safeguarding, or professional obligations.

  1. Coaching notes, recordings, transcripts, and AI tools

I may keep brief coaching notes or summaries to support continuity, reflection, and professional record-keeping.

Sessions will not be recorded unless this has been discussed and agreed with you in advance. Where recording, transcription, note-taking, or AI-assisted tools are used, such as Otter.ai, Zoom AI Companion, or similar services, their use will be agreed with you before or at the start of the relevant session.

You may decline the use of recording, transcription, or AI-assisted tools. You may also withdraw consent to their use at any time by notifying me in writing.

Where such tools are used, they are intended to support accurate note-taking, reflection, and continuity of coaching. They are not used to make automated decisions about you.

You may request deletion of recordings, transcripts, or AI-generated notes at any time, subject to any legal, regulatory, safeguarding, insurance, or professional record-keeping obligations that may require limited information to be retained.

Third-party tools may process information in accordance with their own terms, privacy notices, and data-processing arrangements. I will take reasonable steps to use appropriate tools and settings, but I cannot control all aspects of third-party platforms.

  1. Who I share personal information with

I will not sell your personal information.

I may share personal information only where necessary and appropriate, including with:

  • professional service providers, such as accountants, insurers, legal advisers, IT providers, website hosts, email providers, or payment processors;
  • booking, video-conferencing, transcription, AI note-taking, cloud storage, or administrative platforms used to deliver services;
  • professional supervisors or mentors, where appropriate, with identifying information removed or minimised where reasonably practicable;
  • regulators, tax authorities, law enforcement, courts, insurers, or professional bodies where required or permitted by law;
  • organisational clients, where services are commissioned by an organisation, but only within the boundaries agreed at contracting stage.

In coaching, I treat the content of sessions as confidential. If an organisation pays for coaching, I will not normally share detailed session content with that organisation unless this has been explicitly agreed with you, or unless disclosure is required for legal, safeguarding, safety, or professional reasons.

  1. Confidentiality and limits

Coaching and consultancy discussions are treated as confidential.

Confidentiality may be limited where:

  • disclosure is required by law;
  • there is a serious risk of harm to you or another person;
  • safeguarding or professional obligations require action;
  • information is needed to defend or pursue legal claims;
  • disclosure is necessary for professional supervision, insurance, legal, or regulatory purposes.

Where possible, I will discuss any need to disclose information with you before doing so, unless that would be inappropriate, unsafe, or legally restricted.

  1. How long I keep personal information

I keep personal information only for as long as necessary for the purposes for which it was collected, including legal, tax, insurance, safeguarding, professional, and legitimate business purposes.

As a general guide:

  • enquiry emails that do not lead to work may be kept for up to 12 months;
  • client contracts, invoices, and payment records may be kept for at least six years for tax and accounting purposes;
  • coaching notes may usually be kept for up to six years after the end of the coaching relationship, unless a shorter or longer period is appropriate;
  • recordings, transcripts, and AI-generated notes will usually be deleted sooner than core professional records, unless there is a clear reason to keep them;
  • marketing consent records may be kept while you remain subscribed and for a reasonable period afterwards to evidence your preferences.

Where I do not have a fixed retention period, I use criteria such as the nature of the work, legal or insurance requirements, professional obligations, the sensitivity of the information, and whether the information may be needed to resolve a query, complaint, safeguarding matter, or legal issue. The ICO says privacy notices should explain retention periods or, where these are not fixed, the criteria used to decide them.

  1. How I protect personal information

I take reasonable technical and organisational measures to protect personal information from unauthorised access, loss, misuse, alteration, or disclosure.

These measures may include password protection, device security, secure storage, access controls, reputable service providers, and limiting access to personal information to what is necessary.

No method of electronic communication, online meeting, cloud storage, or internet transmission is completely secure, so I cannot guarantee absolute security.

  1. International transfers

Some service providers I use may process personal information outside the UK. Where this happens, I will take reasonable steps to check that the transfer is permitted under UK data protection law, for example because the country has been recognised as providing adequate protection or because suitable contractual safeguards are in place.

  1. Your rights

Depending on the circumstances and the lawful basis for processing, you may have the right to:

  • ask for access to your personal information;
  • ask for inaccurate information to be corrected;
  • ask for information to be deleted;
  • ask for processing to be restricted;
  • object to certain processing;
  • ask for information to be transferred to another provider;
  • withdraw consent where processing is based on consent;
  • complain to the Information Commissioner’s Office.

The ICO says privacy information should tell people about their rights, including the right to withdraw consent where consent is the lawful basis, and the right to complain.

To exercise your rights, contact me at: andynobes@gmail.com

You also have the right to complain to the Information Commissioner’s Office, the UK regulator for data protection. You can find information about how to complain at: https://ico.org.uk/make-a-complaint/

  1. Marketing communications

I will only send marketing emails where I have a lawful basis to do so.

You can unsubscribe or ask me to stop sending marketing communications at any time by contacting me at andynobes@gmail.com or using any unsubscribe link provided.

I will not sell your details to third parties for marketing purposes.

  1. Cookies and website analytics

My website may use cookies and similar technologies to make the website work, improve security, understand how visitors use the site, and improve the user experience.

Some cookies are necessary for the website to function. Others, such as analytics or marketing cookies, will only be used where required consent has been obtained.

The ICO says website visitors need to be told that cookies are being used and what they do, and that non-essential cookies usually require the user’s agreement.

More information is available in my Cookie Policy: https://andynobes.co.uk/cookie-policy-uk/

  1. Links to other websites

My website may contain links to other websites. I am not responsible for the privacy practices, content, or security of those external websites.

  1. Changes to this Privacy Notice

I may update this Privacy Notice from time to time. The latest version will be published on my website, with the date of the most recent update shown at the top.

Where changes are significant, I will take reasonable steps to bring them to the attention of affected clients or contacts.