If you would like to update or delete your personal information, or if you have any questions regarding how we handle your data, please contact our Data Protection Officer at [email protected]
1. Introduction
This Privacy Statement explains how The Preston Associates (“we”, “us”, or “TPA”) collects, processes, stores, and protects your personal data in compliance with UK data protection laws, including the UK GDPR and the Data Protection Act 2018.
Contact Information
The Preston Associates and The Preston Associates USA
Ground Floor, 13 Lowndes Square,
London SW1X 9HB, UK
Email: [email protected]
2. Personal Data We Collect and Why We Collect It
Personal Data We Collect
- Client Data: Names, contact details, job titles, organisation details, session notes, and contracts.
- Financial Data: Payment details, invoices, and related financial records.
- Marketing Data: Email addresses and consent records.
- Employee Data: Employment history, payroll information, and HR records.
- Recruitment Data: Applicant information and CVs.
- Website Data: IP addresses, cookies, and analytical data.
Why We Collect Your Data
- To fulfil contractual obligations: To provide coaching and consulting services.
- Marketing and communication: With your explicit consent, to send newsletters and promotional materials.
- Legal obligations: To comply with applicable laws (e.g., tax regulations, employment law).
3. Consent
We only use your data with your explicit consent for purposes beyond legitimate interests or contractual obligations (e.g., marketing communications). You can withdraw your consent easily via the unsubscribe link in marketing emails or by contacting us directly.
4. Data Sharing
We may share your data with:
- Trusted associates who provide coaching services.
- IT service providers for secure storage, scheduling, and CRM services.
- Marketing platforms (e.g., Mailchimp) to deliver communications.
We ensure these parties handle your data securely and only for the specified purposes.
5. International Transfers
We may transfer personal data internationally, including to service providers based outside the UK/EU, such as cloud platforms (AWS, Microsoft Azure). We protect your data through:
- Standard Contractual Clauses approved by the European Commission.
- Transfers to countries deemed to have adequate data protection standards.
If you have concerns about international data transfers, contact us directly for further information or alternative arrangements.
6. Data Retention
We retain your personal data:
- Client Data: During the coaching relationship and up to 6 years afterwards.
- Financial Data: 7 years for tax compliance.
- Employee Data: Duration of employment plus 6 years.
- Recruitment Data: 1 year for unsuccessful candidates.
- Marketing Data: Until you unsubscribe or consent is withdrawn.
- Website Data: Up to 12 months for analytics purposes.
Data no longer required is securely deleted or anonymised.
7. Children’s Data
We do not knowingly collect personal data from children under the age of 13. Our website and services are not directed at children, and we take steps to prevent the inadvertent collection of children’s data. If we become aware we have collected personal data from a child without parental consent, we delete it immediately. Parents or guardians can contact us to review or delete any inadvertently collected data.
8. Data Security
We employ robust security measures including TLS encryption, secure cloud storage, and strict internal data management policies to protect your data from unauthorised access or disclosure.
9. Data Breach Notification
In the event of a data breach:
- We will notify the Information Commissioner’s Office (ICO) within 72 hours.
- Affected individuals will be informed promptly if the breach poses a high risk to their rights or freedoms.
- Notifications will detail the nature of the breach, affected data, potential impacts, and the measures being taken to address the issue.
If you suspect a breach or have concerns, please contact us immediately at [email protected]
10. Your Data Protection Rights
You have the right to:
- Access, rectify, or erase your personal data.
- Restrict or object to processing.
- Request data portability.
- Withdraw consent at any time.
- Lodge complaints with the ICO if unsatisfied with our handling of your data.
11. Complaints and Queries
We are committed to protecting your personal information and handling your data in a way that is transparent, fair, and secure. If you ever have concerns about how we use your data, you have the right to tell us — and we take those concerns seriously.
Your Right to Complain
Under the UK Data Use and Access Act 2025, you have a legal right to complain directly to any organisation about how your personal data is being handled. This includes issues such as data breaches, how long we keep your information, or how we respond to your privacy rights requests.
In most cases, the Information Commissioner’s Office (ICO) expects you to raise your concern with us first so we can try to resolve it. You can contact us by Email, Post or Telephone,
What Happens Next
When you submit a privacy complaint:
1. We will acknowledge your complaint within 30 days.
This acknowledgement period is a legal requirement under the DUA Act.
2. We will look into the issue without undue delay.
This may involve checking our systems, records, or processes and following up with you if we need more information.
3. We will keep you informed.
If the issue takes time to investigate, we’ll update you along the way.
4. We will provide you with an outcome as soon as possible.
ICO guidance suggests organisations should aim to resolve complaints within approximately three months unless there are exceptional circumstances.
If You’re Still Not Happy
If you feel we haven’t resolved your concern properly, you can contact the Information Commissioner’s Office (ICO). They oversee data protection in the UK and can review your complaint. However, they will normally check that you have tried to resolve the issue with us first.
What Isn’t Considered a Privacy Complaint
Certain issues — like coaching, contracts or HR grievances — may not fall under data protection rules even if they involve your personal information. For example:
- dissatisfaction with how quickly we processed a contract,
- coaching complaints paired with a request to delete your data.
These are not considered data protection complaints under ICO guidance. If we’re unsure which category your issue fits into, we may ask you for clarification.
