GDPR Compliance

Our Commitment to Data Protection

Fresh Mentoring is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This document outlines how we fulfill our obligations as a data controller and explains your rights under current data protection legislation.

We process personal data fairly, lawfully, and transparently. We collect only the information necessary to provide our services and maintain it securely throughout its lifecycle.

Data Controller Information

Fresh Mentoring is the data controller responsible for your personal information. Our contact details are:

Fresh Mentoring
42 Wellington Street
Leeds
LS1 4HZ
United Kingdom
Email: [email protected]

Legal Basis for Processing

We process personal data under several legal grounds depending on the context:

Contract Performance

When you engage our services, we process your personal and financial information to fulfill our contractual obligations. This includes scheduling sessions, providing mentoring guidance, and maintaining records necessary for service delivery.

Legitimate Interest

We may process certain data based on legitimate interests, such as improving our services, ensuring website security, or preventing fraud. We balance these interests against your rights and only proceed when appropriate.

Consent

For specific activities like marketing communications or certain types of cookies, we rely on your explicit consent. You can withdraw consent at any time without affecting other services.

Legal Obligation

Some data processing is necessary to comply with legal requirements, such as financial record-keeping or responding to lawful requests from authorities.

Categories of Personal Data

We process the following categories of personal information:

Identity Data

Full name, title, date of birth, and other identifiers you provide when engaging our services.

Contact Data

Email address, postal address, telephone number, and preferred communication methods.

Financial Data

Information about income, expenses, debts, assets, savings, and financial goals shared during mentoring sessions.

Technical Data

IP address, browser type, device information, and usage patterns collected when you visit our website.

Communication Data

Records of correspondence between you and Fresh Mentoring, including emails and notes from sessions.

Your Rights Under GDPR

UK GDPR grants you several important rights regarding your personal data:

Right to Information

You have the right to clear information about how we collect, use, and protect your personal data. This document, along with our Privacy Policy, provides that transparency.

Right of Access

You can request access to the personal data we hold about you. We will provide a copy free of charge within one month of your request, along with details about how we use that information.

Right to Rectification

If personal data we hold is inaccurate or incomplete, you have the right to have it corrected. We will update our records promptly and notify any third parties if necessary.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances. This right is not absolute—we may need to retain some information for legal or regulatory reasons.

Right to Restriction of Processing

You can ask us to limit how we use your data in specific situations, such as when you dispute the accuracy of information or object to processing.

Right to Data Portability

You can request a copy of your personal data in a structured, commonly used, machine-readable format. This allows you to transfer information to another service provider if desired.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that significantly affects you. If this changes, we will inform you and provide appropriate safeguards.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected] or write to the address provided above. Please include sufficient information to help us locate your records and verify your identity.

We will respond to requests within one month. In complex cases or during periods of high demand, we may extend this by up to two additional months, but we will inform you if an extension is necessary.

You will not be charged a fee for exercising your rights unless your request is clearly unfounded or excessive. In such cases, we may charge a reasonable fee or refuse the request.

Data Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, destruction, or damage:

Technical Safeguards

Encryption of sensitive data during transmission and storage, secure authentication protocols, regular security updates and patches, and firewalls and intrusion detection systems.

Organizational Safeguards

Staff training on data protection principles, access controls limiting who can view client information, confidentiality agreements with employees and service providers, and regular reviews of data protection procedures.

Incident Response

We maintain procedures to detect, report, and investigate suspected data breaches. If a breach occurs that poses a risk to your rights, we will notify you and the ICO without undue delay, typically within 72 hours of discovery.

Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy or as required by law:

Client Records

Financial mentoring records are typically retained for seven years after the conclusion of services, in line with professional standards and regulatory requirements.

Website Data

Technical data collected through our website is retained for up to two years for analysis and security purposes.

Marketing Data

If you consent to marketing communications, we retain your contact information until you withdraw consent or we determine the data is no longer relevant.

After retention periods expire, we securely delete or anonymize personal data so it can no longer identify you.

International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom. Some service providers we use may process data in other countries.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as adequacy decisions recognizing equivalent data protection standards, standard contractual clauses approved by regulatory authorities, or binding corporate rules.

We will not transfer your data to countries without adequate protection unless necessary and with appropriate safeguards in place.

Third-Party Data Processing

We work with carefully selected service providers who process personal data on our behalf. These data processors are contractually obligated to:

• Process data only according to our instructions
• Implement appropriate security measures
• Maintain confidentiality
• Assist with fulfilling data subject rights
• Delete or return data when services end

We conduct due diligence before engaging processors and regularly review their compliance with data protection obligations.

Children's Data

Our services are intended for adults aged 18 and over. We do not knowingly collect or process personal data from children without parental consent. If we become aware that we have inadvertently collected such data, we will delete it promptly.

Changes to Our GDPR Practices

We regularly review our data protection practices to ensure ongoing compliance with UK GDPR. When we make significant changes, we will update this page and notify active clients.

We encourage you to review this information periodically to stay informed about how we protect your personal data.

Complaints and Regulatory Authority

If you have concerns about how we handle your personal data, please contact us first so we can address the issue. We take complaints seriously and will investigate thoroughly.

If you remain dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

Contact for GDPR Matters

For questions about our GDPR compliance, to exercise your rights, or to raise concerns, contact us:

Email: [email protected]
Post: Fresh Mentoring, 42 Wellington Street, Leeds, LS1 4HZ, United Kingdom

We aim to respond to all GDPR-related inquiries within one month.