Client Privacy Notice

Last updated: July 2025

Amy Carter Health Ltd is a company incorporated and registered in England & Wales (company number 15835369, with its registered offices at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ) (“ACH”).

ACH provides health coaching and wellbeing services to individual clients (“1-1 Clients”) & businesses (“Corporate Clients”) (such as senior personnel or HR professionals who may be one of ACH’s points of contact for a business), providing education & support to help people make positive lifestyle & nutrition changes. ACH also delivers presentations and workshops regarding health & wellness in group settings at events, and sometimes collaborates with other businesses/individuals whether at such events or otherwise (“Business Associates”) in connection with these activities. ACH operates a website: amycarterhealth.co.uk (the “Website”).

This Privacy Notice explains how ACH processes information relating to: (a) 1-1 Clients, (b) individuals representing Corporate Clients (“Corporate Representatives”), (c) Business Associates and (d) attendees of presentations or webinars hosted by ACH, either independently or at third-party events ("Event Attendees") in compliance with the UK GDPR (the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) as it forms part of the law of England and Wales, Scotland and Northern Ireland and as defined in section 3(10) of the Data Protection Act 2018 (DPA 2018), supplemented by section 205(4)) and related data protection and e-privacy laws.

For information regarding ACH’s processing of personal data in connection with the Website, please refer to the Website Privacy & Cookie Notice: https://www.amycarterhealth.co.uk/privacy.

Any references to “you”, “your” or similar refer to 1-1 Clients, Corporate Representatives, Event Attendees and/or Business Associates, as indicated. Any references to “our”, “we” or similar are references to ACH.

If you have any questions about this Privacy Notice, the information we process about you, or if you would like to exercise one of your data protection rights, please contact us at info@amycarterhealth.co.uk, including “PRIVACY” in the subject line, where possible.

Information we may collect about you

a. 1-1 Clients

ACH processes the following information in relation to 1-1 Clients before you have been onboarded as a client and during the onboarding process (“Onboarding Information”): first name, last name, email address, contact number, information relating to any discovery call held with the individual, interest in / purchase of a particular coaching programme, information contained in email correspondence between ACH and the 1-1 Client, agreement to ACH’s Terms and Conditions and payment information. For further information about the information which ACH processes as part of a 1-1 Client’s booking of coaching services, please refer to the Website Privacy & Cookie Notice: https://www.amycarterhealth.co.uk/privacy

We collect Onboarding Information from 1-1 Clients directly. There is no statutory or contractual obligation for 1-1 Clients to provide Onboarding Information, save that (a) without it, ACH will not be able to onboard the 1-1 Client and provide them with health coaching services, and (b) if a 1-1 Client does sign the Terms and Conditions, you will be under a contractual obligation to pay ACH the fee for the coaching programme you are seeking to purchase.

ACH also processes the following information in relation to 1-1 Clients after you have been onboarded as a client (“Coaching Information”):

i. Basic Personal Details, including your name, age, email address, contact number, email address, occupation, height, weight, GP details and whether we have permission to contact your GP if it becomes necessary to do so.

ii. Health Review Information, including your key health & wellness goals, health concerns, significant illnesses, medications & supplements, allergies or sensitivities, symptoms you are experiencing, sleep patterns, morning & night-time routines, stress level & stressors, support network, eating patterns & cravings, alcohol and smoking habits, fitness and any lifestyle changes you are looking to make.

iii. Coaching Plan Information: your goal(s), agreed action(s) to be taken between sessions and related suggestions, tools & resources to help you achieve your actions/goals.

iv. Food, Exercise & Sleep Diary Information: a summary of your food, exercise & sleep habits over the course of three days of the week.

v. Check-in Information: any information you provide to me during our remote check-ins between sessions, via email, WhatsApp or otherwise.

We collect Coaching Information from 1-1 Clients directly. Clients may be required to provide this information as a result of the contract between us; if a 1-1 Client fails to provide this information when requested, we may be unable to provide health coaching services to the 1-1 Client.

b. Corporate Representatives

ACH may process the following information in relation to Corporate Representatives (“Corporate Representative Information”): name, email address, contact number, employer, occupation & any information included in email correspondence between us.

We collect Corporate Representative Information from Corporate Representatives directly or from the Corporate Client from whom you work. There is no statutory or contractual obligation for Corporate Representatives to provide this information.

c. Business Associates

ACH may process the following information in relation to Business Associates (“Business Associate Information”): name, email address, contact number, WhatsApp, social media profiles (Instagram and/or LinkedIn), payment details & any information included in correspondence between us.

We collect Business Associate Information from Business Associates directly; there is no statutory or contractual obligation for Business Associates to provide this information.

d. Event Attendees

ACH may process the following information in relation to Event Attendees (“Event Attendee Information” ) when collecting feedback: degree of satisfaction with the talk, what you found to be most interesting, engaging & helpful, whether there was anything you didn’t understand or would have liked further discussion of, whether you would be interested in working with ACH in the future, whether you would like to receive marketing emails from ACH, any other comments provided within feedback, whether you’re happy for ACH to anonymously share your feedback for promotional & marketing purposes across the Website & social media, your name & email address.

Why do we collect this information, and what is our lawful basis for doing so?

1:1 Clients

We process Onboarding Information in order to onboard you as a Client, as per your request to work with ACH.

Lawful Basis: In accordance with UK GDPR, we process Onboarding Information for the above purpose on the lawful basis of: legitimate interests, being to: (a) provide you with health coaching services.

We process Coaching Information in order to provide you with health & wellbeing coaching services, as per the contract between us.

Lawful Basis: In accordance with UK GDPR, we process Coaching Information for the above purposes on the lawful basis of: performance of contract.

Corporate Representatives

We process Corporate Representative Information to facilitate conversation and negotiation between ACH and Corporate Clients, so that ACH may deliver appropriate services to such Corporate Clients.

Lawful Basis: In accordance with UK GDPR, we process Corporate Representative Information for these purposes on the lawful basis of performance of contract.

Business Associates

We process Business Associate Information in order to facilitate conversation and planning between ACH and Business Associates, allowing us to run events and collaborate effectively.

Lawful Basis: In accordance with UK GDPR, we process Business Associate Information for these purposes on the lawful basis of legitimate interests, being to: (a) facilitate business relationships; (b) improve the quality of our services; and (c) promote our commercial interests.

Event Attendees
We process Event Attendee Information in order to understand what worked well / what could be improved in respect of ACH’s presentation and improve the quality of our offering.
Lawful Basis: In accordance with UK GDPR, we process Event Attendee Information for these purposes on the lawful basis of legitimate interests, being to: (a) improve the quality of our services; and (b) promote our commercial interests.

Special Category Data

Under UK GDPR, ‘special category data’ includes data concerning health. Because this information is particularly sensitive, it requires additional protection and we must have a further justification for processing it. The Coaching Information which we process largely comprises of data concerning health i.e., special category data, as set out above.

In compliance with data protection regulation, our additional grounds for processing this information for the purpose listed above (in addition to our lawful basis set out above) is explicit consent.

Please note that if you have provided ACH with your consent to process your health information, you have the right to withdraw your consent at any time. If you would like to exercise this right, please email info@amycarterhealth.co.uk, including “PRIVACY” in the subject line, where possible.

Will we share your information with any third parties?

We take confidentiality and protection of your personal data very seriously; information will only be shared with your express consent, with the exception of the following categories:

Professional advisors: We may share information with professional advisors (for example, legal or financial advisors or our insurers) where this is reasonably necessary in order to obtain professional advice, manage business risk or for the establishment, exercise or defence of legal claims and on the condition that they process this information in compliance with confidentiality and the UK GDPR.
IT Service & Software Providers: We use a range of IT service providers to help us to process your data and run our business efficiently and securely. For example, email service providers & document software providers such as Google Workspace and Microsoft 365.
Merger or Acquisition: If we are involved in a merger or acquisition, you will be notified via a clear notice on our Website of any changes in ownership of your information, as well as any options you might have regarding this.
Legal or Regulatory Requirement: We may share information where we are required to by law, in connection with current or prospective legal proceedings & in the exercise, establishment or defence of our legal rights.
General Practitioner: We may share information relating to 1-1 Clients with your General Practitioner if this is reasonably necessary. We will seek your express consent before sharing this information; however, if you do provide consent (or you withdraw your consent), we may share your information with your GP or other appropriate authority if we believe that your life may be in danger, relying on the lawful basis of vital interests.

International Data Transfers

As set out above, we use a range of IT service providers to help us deliver our services to you effectively and securely – these providers process data using the cloud, using data centres around the world. If we or our service providers transfer personal data out of the UK, we have agreements in place with them which provide that personal data shall stay adequately protected, in line with UK GDPR.

Retention

We will retain personal data for only as long as is reasonable and necessary, taking into account our legal obligations, insurance obligations, guidance from relevant professional associations and business practice.

Security

We take your privacy and our data protection very seriously and, therefore, take a range of reasonable measures in order to ensure that personal data is processed securely and compliantly.

Your Rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Informed: The right to be informed about the collection and use of your personal data (as provided in this Website Privacy Notice).
Access: The right to ask us for copies of your personal data, along with some supplementary information. This right always applies, although there are some exemptions which could mean that you might not always receive all the information that we process.
Rectification: The right to have your personal data rectified if you believe that it is inaccurate. You also have the right to ask us to complete information which you believe is incomplete. This right always applies. If you believe that any of your personal data which we are processing is incomplete or inaccurate, please let us know by emailing info@amycarterhealth.co.uk, including “PRIVACY” in the subject line, where possible.
Erasure: The to request the deletion or removal of your personal data in certain circumstances.
Restriction: The right to ‘block’ or restrict processing of your personal data in certain circumstances.
Objection: The right to object to the processing of your personal data in certain circumstances.
Data portability: In respect of information which you have provided, the right to obtain and reuse your personal data for your own purposes across different services in certain circumstances (none of which currently apply to Website Users’ information which we process).
Automated-Decision Making: Rights in relation to automated decision making and profiling; however, ACH does not carry out any automated decision making and profiling.
Withdraw Consent: When we rely on your consent in order to process information, you have the right to withdraw your consent at any time. If you would like to exercise this right, please email info@amycarterhealth.co.uk, including “PRIVACY” in the subject line, where possible.
Complaint: The right to raise a complaint with a data protection supervisory authority. The Information Commissioner’s Office (“ICO”) is the data protection supervisory authority in the UK; it’s contact details can be found here: https://ico.org.uk/make-a-complaint/.

Children

We do not knowingly process data from, offer services or market to children under the age of 18. If you are under the age of 18, or if you are a parent/guardian who is aware that their child has provided us with information, please contact us at info@amycarterhealth.co.uk, including “PRIVACY” in the subject line, where possible.