Effective date: 10 November 2025
Last updated: 10 November 2025
1. Who We Are
JYY Consulting Ltd (“JYY Consulting”, “we”, “us”, “our”) is a limited company registered in England & Wales (No. 16769308).
Registered office: 167–169 Great Portland Street, 5th Floor, London W1W 5PF, United Kingdom.
Administrative correspondence address: JYY Consulting Ltd (Admin Team)
330 Av Avro, Pointe-Claire, QC H9R 5W5, Canada
(Correspondence only — no service of legal proceedings. The data controller remains JYY Consulting Ltd, registered in England & Wales.)
Privacy contact: privacy@jyyconsulting.com
JYY Consulting Ltd is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Scope
This Privacy Policy explains how we collect, use, share, and protect personal data when you:
- visit our websites (including jyyconsulting.com and associated domains);
- subscribe to newsletters or updates;
- interact with us as a prospective or current client, vendor, or partner;
- participate in coaching sessions, consulting projects, or events; or
- otherwise communicate with us.
It applies to all personal data we process, whether collected online or offline.
Separate cookie-specific information is provided in our Cookie Policy.
3. The Data We Collect
We may collect:
- Identity & Contact Data – name, title, email address, telephone number, postal address, organization details.
- Engagement Data – coaching or consulting session notes, feedback, recordings (if consented), and communications.
- Financial Data – billing address and payment information (for invoicing or refunds).
- Marketing Preferences – newsletter subscriptions and opt-in status.
- Technical & Usage Data – IP address, browser type, pages visited, device information, cookies and similar technologies.
- Special Categories of Data – we do not routinely collect special category (sensitive) data. If shared voluntarily (for example in coaching conversations), it is kept confidential and processed only with explicit consent or as permitted by law.
4. How We Use Your Data and Our Lawful Bases
| Purpose | Typical Data Used | Lawful Basis | Indicative Retention |
|---|---|---|---|
| Deliver and manage coaching or consulting engagements | Identity, contact, engagement data | Contract performance | 7 years after final session |
| Invoicing and tax records | Identity, financial data | Legal obligation (HMRC) | 6 years from tax year end |
| Email marketing (newsletters & insights) | Contact, marketing prefs | Consent / Legitimate interest (PECR soft opt-in) | until opt-out or 24 months of inactivity |
| Client relationship management & quality assurance | Contact, engagement data, recordings | Legitimate interests (service quality & evidence) | 90–180 days for recordings; 7 years for notes |
| Website analytics and security | Technical & usage data | Legitimate interests (site improvement & security) | 12 months |
| Regulatory and insurance compliance | Identity & contract data | Legal obligation / Legitimate interest | as required by law |
We do not use your data for purposes incompatible with those stated above.
5. Marketing Communications (PECR)
We may send coaching or consulting insights and service updates if you:
- opted in to receive them; or
- are an existing client and we believe they are relevant to you (soft opt-in).
You can unsubscribe at any time using the link in our emails or by contacting privacy@jyyconsulting.com.
We do not use SMS or WhatsApp for marketing without explicit consent.
6. Cookies and Similar Technologies
Our websites use necessary cookies for functionality and security and optional cookies (analytics or media embeds) only after you consent.
You can change or withdraw consent at any time via the Cookie Settings link in the footer.
For details, see our Cookie Policy.
7. Sharing and Processors
We use trusted service providers under written agreements to process data on our behalf, including:
- Microsoft 365 (email, storage, video calls)
- Zoho Sign (e-signatures)
- Stripe / Wise (payment processing)
- MailerLite / Kit (email marketing)
- WordPress and related plugins (website hosting & security)
- Loom and Zoom (video recording / meeting tools)
These providers are bound by confidentiality and data-processing obligations consistent with UK GDPR.
We never sell personal data or share it for cross-context advertising.
8. International Transfers
Your data may be stored or processed outside the UK (for example, on Microsoft servers in the EU or Canada).
We use approved Standard Contractual Clauses with the UK Addendum or rely on UK adequacy regulations (such as for Canada’s commercial organisations).
Using a North American correspondence address does not change our status as a UK data controller.
9. Data Security
We apply technical and organisational measures to protect your data, including encryption in transit and at rest (where applicable), multi-factor authentication, access controls, back-ups, and employee confidentiality obligations.
No method of electronic transmission is completely secure, so we cannot guarantee absolute security.
10. Retention of Data
We retain personal data only as long as necessary for the purpose collected or to comply with legal, accounting, or reporting obligations.
After those periods expire, data is securely deleted or anonymised.
11. Your Rights (UK GDPR)
You have the right to:
- access a copy of your personal data;
- correct inaccurate or incomplete data;
- request erasure (“right to be forgotten”);
- restrict or object to processing;
- request data portability; and
- withdraw consent (where processing relies on it).
How to exercise: contact privacy@jyyconsulting.com. We respond within one month (extendable by two months for complex requests).
If you are unsatisfied, you may complain to the Information Commissioner’s Office (ICO) via ico.org.uk or 0303 123 1113.
12. Children’s Data
Our services are intended for adults. We do not knowingly collect data from children under 16. If you believe a child has provided data, please contact us to request deletion.
13. Session Recordings and Notes
Coaching sessions may be recorded only with prior notice and explicit consent. You may request that a session is not recorded or ask for previous recordings to be deleted, unless retention is required for legal purposes.
Session notes and recordings are confidential and not shared with third parties without consent or legal requirement.
14. Automated Decision-Making and Profiling
We do not use automated decision-making that produces legal or similarly significant effects.
We may use lightweight email-timing automation (“smart sending”) to deliver messages at times you are most likely to read them. You can opt out of marketing emails at any time.
15. Links to Other Websites
Our websites may contain links to third-party sites. We are not responsible for their content or privacy practices. We encourage you to read their privacy policies before providing any data.
16. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be posted at jyyconsulting.com/privacy-policy.
If changes significantly affect your rights or data use, we will notify you by email where possible.
Appendix – California Residents (CCPA / CPRA)
Although JYY Consulting Ltd is a UK business not established in California, we respect the rights of California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
We do not sell or share personal information for monetary or cross-context advertising purposes.
California residents may request access, correction, or deletion of their personal information by contacting privacy@jyyconsulting.com.
Requests will be verified and responded to within 45 days where applicable.
