This Privacy Policy explains how Willan Consultancy Limited collects, uses, and protects personal data across all service lines, including HR Consultancy, Coaching, and statutory support for regulated sectors (Ofsted/CQC).

1. The Type of Personal Information Collected

I currently collect and process the following categories of information:

• Identity and Contact Data: Full name, phone number, email address, and home/business address.
• Professional and Employment Data: Employment history, job titles, salary information, and performance records.
• Regulated Activity Data: DBS certificate numbers, proof of professional registration (e.g., NMC, HCPC), right-to-work documentation, and “Safer Recruitment” evidence required for Ofsted and CQC compliance.
• Financial Data: Bank details and billing addresses for invoicing, payroll and tax purposes.
• Coaching and Development Data: Leadership assessments, psychometric results, and session reflections.
• Special Category Data: With your explicit consent, or where required for statutory safeguarding and health/social care obligations, I may process sensitive information related to health, wellbeing, or Inclusion & Diversity (I&D) metrics.

2. How Personal Information is Collected and Used

Information is primarily provided directly by you. However, as a Fractional HR Leader, I may receive data from your employer or through strategic networking.

I use this data to:

• Discovery Calls: Manage and facilitate initial consultations and chemistry calls to assess your needs.
• Marketing and Updates: Send professional insights, newsletters, and service updates where you have opted in to receive them.
• HR Consultancy: Deliver policy development, operational support, and I&D strategy.
• Coaching: Provide 1:1 and Group Coaching sessions.
• Statutory Compliance: Ensure clients subject to Ofsted or CQC inspections meet regulatory standards.
• Financial Administration: Manage invoicing and satisfy HMRC requirements.

3. Lawful Bases for Processing

Under the UK General Data Protection Regulation (UK GDPR), the legal bases I rely on are:

• Contractual Obligation: To fulfil the terms of our consultancy or coaching agreement.
• Legal Obligation: To comply with UK law, including HMRC tax records and statutory safeguarding frameworks (e.g., Keeping Children Safe in Education).
• Legitimate Interests: To manage my professional relationship with you and for the establishment, exercise, or defence of legal claims (e.g., professional indemnity requirements).
• Consent: For specific activities such as marketing or processing Special Category Data.

4. Withdrawing Your Consent

Where I rely on your consent, you have the right to withdraw it at any time by emailing enquiries@willanconsultancy.com.

Please note:

• Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
• I may still be required to retain certain data to comply with Legal Obligations (e.g., safeguarding logs for CQC/Ofsted) or Legitimate Interests (e.g., financial audit trails).
• Withdrawing consent for wellbeing data may limit the scope of coaching support I can provide.

5. Data Security and Storage

Your information is stored within a UK-hosted Microsoft OneDrive environment protected by Two-Factor Authentication (2FA) and encryption. I provide a confidential, “unfiltered” space for coaching clients to explore challenges; maintaining the security of that space is fundamental to my practice.

6. Data Retention

I retain data only for as long as necessary to fulfil the purposes it was collected for:

• Invoicing and Financial Records: 7 years (Statutory requirement).
• Coaching and Consultancy Records: 6 years post-engagement (to align with professional indemnity and limitation periods).
• Regulated Activity/Safeguarding Records: Retained in accordance with specific Ofsted/CQC statutory guidance, which may exceed standard HR retention periods.
• Recruitment Data: 1 year for unsuccessful candidates.

7. Data Sharing and International Transfers

I do not sell your data. Information is shared only with:

• Regulatory Bodies: Ofsted, CQC, or the ICO where legally required.
• Essential Service Providers: Secure tools such as Zoom, Calendly, or OneDrive. Where these providers are based outside the UK, I ensure appropriate safeguards (such as Standard Contractual Clauses) are in place.

8. Your Data Protection Rights

Under UK law, you have the right to access, rectify, or erase your data, and to object to or restrict its processing. These rights are subject to certain legal exemptions (e.g., where data is processed for the prevention of crime or for regulatory investigations).

You are not required to pay a fee to exercise your rights. I have one month to respond to your request.

9. How to Complain

If you have concerns regarding the use of your data, please contact me directly at enquiries@willanconsultancy.com

You can also raise concerns with the Information Commissioner’s Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline: 0303 123 1113 | www.ico.org.uk