Privacy Policy

This Privacy Policy explains how Laura Masson Ltd ("we", "us", "our") collects, uses and protects your personal data when you use our website (lauramasson.co.uk), buy our products or services, subscribe to our newsletter, or engage us as a consultant or coach. We are the data controller. Our company is registered in England and Wales (company number 17253933), with registered office at 1 Church Holme, High Street, Mayfield, England, TN20 6AL. We comply with our obligations under the UK GDPR and the Data Protection Act 2018. If you have any questions about this policy or about how we use your data, contact us at laura@lauramasson.co.uk.

1 · WHAT PERSONAL DATA WE COLLECT

Depending on how you interact with us, we may collect the following:

  • Name, email address, postal address, telephone number — when you fill in a contact form, buy a product, or engage us as a consultant.

  • Setting / employer name and role — when you contact us in a professional capacity.

  • Payment information — processed by our payment providers (Squarespace Payments and PayPal). We do not store full card details.

  • Communication history — emails between you and us.

  • Website usage data — pages visited, time on site, referring URL. Collected via Squarespace's built-in, anonymised analytics.

  • Course progress data — if you are enrolled on one of our courses, we collect data on which modules you have accessed and completed.

  • Operational or safeguarding information about your setting — only where this is shared with us as part of a consultancy engagement, and only for the duration of that engagement.

2 · LAWFUL BASIS FOR PROCESSING

We process personal data under the following lawful bases (UK GDPR Article 6):

  • Performance of a contract — where you have engaged us as a consultant or bought a product or course.

  • Consent — where you have actively opted in (e.g. to the newsletter, to receive marketing emails).

  • Legitimate interests — for limited business operations (responding to enquiries, billing, basic website analytics). We balance these against your rights and freedoms.

  • Legal obligation — where required by law (e.g. retaining accounting records for HMRC).

3 · HOW WE USE YOUR DATA

We use your personal data to:

  • Provide the services you have requested.

  • Process payments and issue invoices and receipts.

  • Communicate with you about your engagement, purchase, or enquiry.

  • Send you the newsletter or marketing emails, but only if you have opted in.

  • Improve our website and services (anonymised analytics).

  • Comply with legal, tax and accounting obligations.

4 · WHO WE SHARE YOUR DATA WITH

We do not sell your data. We share it only with:

  • Service providers we use to run the business — Squarespace Payments and PayPal for payments, and Squarespace for the website, email and newsletter. Each has its own privacy policy and processes data on our behalf as a data processor.

  • Our accountant, for invoice and tax processing.

  • Authorities — only where required by law (HMRC for tax, ICO if requested, safeguarding authorities under our statutory duties).

5 · INTERNATIONAL TRANSFERS

Some of our service providers are based outside the UK or EU (for example, PayPal). These transfers are protected by Standard Contractual Clauses or by adequacy decisions where applicable. We rely on the providers' contractual commitments under UK GDPR Article 46.

6 · HOW LONG WE KEEP YOUR DATA

  • Marketing list data — for as long as you remain subscribed, plus 24 months after unsubscribe (for re-engagement only).

  • Client engagement data — for 6 years after the engagement ends (HMRC requirement for accounting records).

  • Enquiry data with no engagement — 12 months from enquiry, then deleted.

  • Course access data — for the duration of your access plus 12 months.

  • Website analytics — anonymised at collection; retained in anonymised form.

7 · YOUR RIGHTS

Under UK GDPR you have the right to:

  • Access the personal data we hold about you (Subject Access Request — free of charge, response within 30 days).

  • Have inaccurate data corrected.

  • Have your data deleted in certain circumstances ("right to be forgotten").

  • Restrict how we process your data.

  • Object to processing based on legitimate interests.

  • Data portability — receive your data in a portable format.

  • Withdraw consent at any time where consent is the lawful basis.

  • Complain to the Information Commissioner's Office (ico.org.uk · 0303 123 1113).

To exercise any of these rights, email laura@lauramasson.co.uk.

8 · COOKIES

Our website uses cookies. See our separate Cookies Policy at lauramasson.co.uk/cookies for the detail.

9 · SECURITY

We take reasonable technical and organisational measures to protect your data, including encrypted email, secure cloud storage with two-factor authentication, password-protected work devices, and prompt patching of software. In the unlikely event of a data breach affecting your rights, we will notify the ICO within 72 hours and you without undue delay, as required by UK GDPR Article 33-34.

10 · CHILDREN'S DATA

Our services are aimed at adults (parents, practitioners, leaders). We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact laura@lauramasson.co.uk and we will delete it.

11 · CHANGES TO THIS POLICY

We may update this policy from time to time. Material changes will be notified by email to subscribers. The 'last updated' date below shows when the policy was most recently revised.

Last updated: 14 June 2026 · Version 1.0 Laura Masson Ltd · Company number 17253933