Privacy policy

1. General Information

This privacy policy explains how personal data is collected, used, and protected when you use this website.
It is intended to provide clear and transparent information about what data is processed, for what purposes, on what legal basis, and what rights you have in relation to your personal data.

Personal data is processed in accordance with applicable UK data protection laws, including the UK GDPR and the Data Protection Act 2018.
By using this website, you acknowledge and accept the terms of this privacy policy.

2. Data Controller

The data controller responsible for the processing of personal data collected through this website is:
ProcessWalk, St Margaret’s House,151 London Road, Room 2.01, Edinburgh EH7 6AE, email: gdpr@processwalk.com
The data controller determines the purposes and means of processing personal data in accordance with applicable data protection laws.
No Data Protection Officer (DPO) has been appointed, as this is not required under applicable law.

3. Data Collected

3.1 Data provided by you

When you contact us via the contact form available on this website, we may collect the following personal data:

  • first name and last name
  • email address
  • telephone number

Providing this data is voluntary, but necessary to respond to your enquiry.

3.2 Data collected automatically

When you use this website, certain information may be collected automatically, including:

  • IP address
  • browser type and version
  • device type
  • basic technical and usage data
  • cookies (see section 10 for more information)

3.3 Special category data

This website is not intended to collect special category data, including information relating to your health.

Users are asked not to submit sensitive personal data through the contact form. However, if such data is provided, it may be processed where necessary in order to respond to your enquiry and in accordance with applicable law, including Article 9 of the UK GDPR.

4. How Data Is Collected

Personal data is collected in the following ways:

4.1 Contact form

When you submit an enquiry via the contact form, the information you provide is:

  • stored within the website’s content management system (WordPress) on secure servers, and
  • sent to the data controller via email

4.2 Cookies and similar technologies

Certain data is collected automatically through the use of cookies and similar technologies when you browse the website. This includes technical and usage-related information.

Further details are provided in section 10.

4.3 Embedded content

This website may include embedded content (such as videos). Such content may set cookies or collect data when it is activated by the user following consent via the cookie banner.

5. Purposes and Legal Bases for Processing

Personal data is processed for the following purposes and on the following legal bases:

5.1 Responding to enquiries

Data submitted via the contact form is processed in order to respond to enquiries and provide requested information.

Legal basis: consent (Article 6(1)(a) of the UK GDPR)

5.2 Provision of services

Personal data may be processed where necessary for the provision of services, including arranging and delivering sessions.

Legal basis: performance of a contract or steps taken prior to entering into a contract (Article 6(1)(b) of the UK GDPR)

5.3 Compliance with legal obligations

Personal data may be processed where necessary to comply with legal and regulatory obligations, including accounting and tax requirements.

Legal basis: compliance with a legal obligation (Article 6(1)(c) of the UK GDPR)

5.4 Ensuring the security of the website

Data may be processed to maintain the security and proper functioning of the website, including preventing misuse.

Legal basis: legitimate interests (Article 6(1)(f) of the UK GDPR)

Where personal data provided includes special category data, it will be processed only where necessary and in accordance with applicable law, including Article 9 of the UK GDPR.

6. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

In particular:

  • data submitted via the contact form is retained for a period of up to 12 months from the date of the last correspondence, unless further contact or a service relationship is established
  • personal data related to the provision of services is retained for up to 6 years following the end of the service relationship
  • accounting and invoicing data is retained for 6 years in accordance with applicable legal obligations
  • technical data, including server logs, is retained for a limited period, typically between 30 and 90 days

Data may be retained for a longer period where necessary to establish, exercise, or defend legal claims.

7. Data Recipients

Personal data may be shared with third parties where necessary for the operation of the website and the provision of services.
In particular, data may be shared with:

  • hosting provider, which provides server infrastructure and email hosting within the European Economic Area
  • providers of website infrastructure, including the WordPress content management system
  • payment service providers, including Stripe (Stripe Payments Europe Ltd) and PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A.), for the purpose of processing payments
  • accounting service provider

All third-party providers process personal data in accordance with applicable data protection laws and only to the extent necessary to perform their services.
Personal data is not sold or shared with third parties for marketing purposes.

8. International Data Transfers

Personal data is generally processed within the United Kingdom and the European Economic Area (EEA).

However, where this website includes embedded content (such as video players), personal data may be transferred to countries outside the UK and EEA, including the United States, once such content is activated by the user following consent via the cookie banner.

Where such transfers occur, they are carried out in accordance with applicable data protection laws, including the UK GDPR, and are subject to appropriate safeguards, such as standard contractual clauses or other lawful transfer mechanisms.

9. Your Rights

Under applicable data protection laws, including the UK GDPR, you have the following rights in relation to your personal data:

  • the right to access your personal data
  • the right to request rectification of inaccurate or incomplete data
  • the right to request erasure of your personal data
  • the right to request restriction of processing
  • the right to object to the processing of your personal data
  • the right to data portability

Where processing is based on consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing carried out before withdrawal.

If you believe that your data has been processed in breach of applicable law, you have the right to lodge a complaint with the Information Commissioner’s Office.

10. Cookies and Tracking Technologies

This website uses cookies and similar technologies to ensure its proper operation, enhance user experience, and provide basic functionality.

10.1 What are cookies

Cookies are small text files stored on your device when you visit a website. They allow the website to recognise your device and remember certain information about your preferences or past actions.

10.2 Types of cookies used

The website may use the following types of cookies:

  • essential cookies – necessary for the proper functioning of the website, including security and basic features
  • functional cookies – used to support website functionality, such as form handling
  • security cookies – used to protect the website from spam and abuse, including those set by hCaptcha

The website does not use third-party analytics or advertising cookies.

10.3 Embedded content

The website may include embedded content (such as videos provided by third-party platforms). Such content is not hosted on this website and is only activated after you provide consent via the cookie banner.

Once activated, the third-party provider may:

  • place cookies on your device
  • collect information about your interaction with the content
  • process your data in accordance with their own privacy policies

This may include the transfer of personal data outside the United Kingdom and the European Economic Area, including to countries such as the United States.

The data controller has no control over the data processing carried out by these third-party providers.

10.4 Managing cookies

You can manage or disable cookies through your browser settings. Please note that restricting cookies may affect the functionality of the website.
In addition, you can manage your preferences at any time via the cookie consent banner available on the website.

11. Data Security

Appropriate technical and organisational measures are implemented to ensure the security of personal data and to protect it against unauthorised access, loss, misuse, or alteration.

In particular:

  • the website is hosted on secure servers located within the European Economic Area
  • the website uses SSL encryption to protect data transmitted online
  • access to personal data is restricted and protected by strong authentication measures, including two-factor authentication (2FA)
  • personal data received via the contact form is stored within the website system and transmitted via secure email services
  • email access is secured and limited to authorised devices only
  • no access to personal data is granted to unauthorised third parties
  • systems and software are regularly updated and maintained to ensure ongoing security

While appropriate safeguards are in place, no method of transmission over the internet or electronic storage can be guaranteed to be completely secure.

12. Changes to This Privacy Policy

This privacy policy may be updated from time to time to reflect changes in legal requirements, technical solutions, or the way personal data is processed.

Last updated: 2026-04-01

The current version of the privacy policy will always be available on this website.

Where changes are significant, appropriate notice may be provided on the website.

Continued use of the website after any changes have been made constitutes acceptance of the updated privacy policy.

13. Contact

If you have any questions about this privacy policy or the way your personal data is processed, you can contact the data controller at: gdpr@processwalk.com

You may also use this contact to exercise your rights in relation to your personal data.