Privacy Notice - Last updated May 2026

This Privacy Notice explains what personal data I collect about you, why, what I do with it, and the rights you have under UK GDPR.

1. Who is responsible for your data

I am William Maciver, the data controller for the personal data I hold about you.

  • Email: will@williammaciver.com

  • Business address: Woodbridge, Suffolk, United Kingdom

  • ICO registration number: TBC

2. What information I collect

Depending on how you interact with me, I may collect:

When you contact me or visit my website

  • Name and email address

  • Company name and role, if you provide them

  • Any other details you choose to share in your message

  • Technical data from your visit (IP address, browser type, pages viewed) collected by my website host, Squarespace, via cookies

When you book or buy coaching

  • Name, email, time zone, and (for company bookings) employer name and billing address

  • Calendar and scheduling data (session times, attendance)

  • Payment details — handled by Wise Business. I do not see or store your full bank or card details

  • Invoice records

During coaching sessions

  • Notes I take about your goals, progress, and topics covered

  • Written work you share with me (emails, presentations, etc.) for feedback

  • Session recordings — only if you have opted in; otherwise sessions are not recorded

  • Chat messages, shared documents and written corrections exchanged during sessions, via the video platform or other channels we use to deliver coaching.

For accounting and tax

  • Invoices, payment records, and related correspondence, retained as required for UK tax purposes

3. How I collect it

Most data comes directly from you — when you fill in a contact form, book a session, send me an email, or share material during coaching. Some technical data is collected automatically by Squarespace when you visit my website.

For company clients, I may receive learner contact details from the employer (HR or L&D team) when they enrol an employee.

4. Why I use it and my lawful basis

Under UK GDPR I must have a lawful basis for using your data. Here is how that applies:

What I use your data for- Lawful basis

Responding to enquiries before you become a client- Legitimate interests (to reply to people who contact me)

Delivering coaching you or your employer has booked- Performance of a contract

Sending invoices and processing payments- Performance of a contract; legal obligation (tax records)

Keeping session notes to deliver effective coaching - Performance of a contract

Recording sessions, where you have asked me to- Consent (you can withdraw this at any time)

Reporting summary progress to a corporate sponsor where agreed in a term sheet- Performance of a contract; legitimate interests

Keeping records for HMRC- Legal obligation

Improving my service and materials- Legitimate interests


I do not use your data for:

  • automated decision-making or profiling

  • targeted advertising

  • training AI or machine learning models

5. Who I share it with

I keep your data confidential. I only share it with the third parties I need to in order to run my business:

Provider- What they do- Where they're based

Google (Workspace)- Email, calendar, video calls, file storage - USA / global

Squarespace- Website hosting and contact forms- USA

Wise Business- Payment processing- UK / global

My accountant (if engaged)- Annual accounts and tax filing- UK

HMRC- Tax authority- UK


For company clients: where agreed in a term sheet, I may share summary attendance and high-level progress information with the named sponsor at the employer (e.g. an L&D lead). I will not share session content or individual sensitive disclosures.

I never sell your data and I never share it with marketing companies.

I may share data with law enforcement or regulators where required by law.

6. International transfers

Some providers above are based outside the UK. Where data is transferred outside the UK, I rely on the safeguards each provider has in place — such as the UK extension to the EU–US Data Privacy Framework, the UK International Data Transfer Agreement, or standard contractual clauses. All providers listed offer UK GDPR-compliant data processing terms.

7. How long I keep it

Type of data and Retention

Enquiry emails from people who don't become clients -12 months from last contact

Active client records (contact details, session notes) - Duration of coaching relationship plus 12 months

Session recordings (where opted in)- 90 days, unless you ask me to keep them longer

Invoices and payment records- 6 years from end of the relevant tax year (HMRC requirement)

Website analytics- Squarespace defaults — typically 26 months

After these periods I delete or anonymise the data.

8. Your rights

Under UK GDPR you have the right to:

  • Access the personal data I hold about you (a "subject access request")

  • Correct data that is inaccurate or incomplete

  • Erase your data, in certain circumstances ("right to be forgotten")

  • Restrict how I use your data, in certain circumstances

  • Object to me using your data on the basis of legitimate interests

  • Port your data — receive a copy in a structured, machine-readable format

  • Withdraw consent at any time, where I rely on consent (e.g. session recording)

  • Complain to the Information Commissioner's Office (see clause 12)

To exercise any of these rights, email will@williammaciver.com. I will respond within one month. There is no charge for most requests. I may need to verify your identity before acting on a request.

9. Marketing

I don't currently run marketing campaigns or send newsletters. If that changes, I will only contact you with marketing if you have opted in, and you'll be able to unsubscribe from every message.

I will continue to email existing clients about their coaching, invoices, scheduling and related practical matters — that is part of delivering the service, not marketing.

10. Security and personal data breaches

I take reasonable steps to keep your data secure:

  • devices used to access your data are password-protected and encrypted;

  • cloud accounts (Google Workspace, Wise) use two-factor authentication;

  • I do not store payment card details;

  • session recordings are stored in private folders and shared by individual link only.

No system is perfectly secure. In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, I will notify the Information Commissioner's Office within 72 hours and notify you directly without undue delay, as required by Articles 33 and 34 of UK GDPR.

11. Cookies

My website is built on Squarespace, which uses cookies for essential functionality, analytics and (where I enable them) optional features. You can manage your preferences via the cookie banner on the site, or by adjusting your browser settings. Disabling some cookies may affect how the site works.

For full detail see Squarespace's cookie documentation.

12. Complaints

If you're unhappy with how I've handled your data, please contact me first — I'd rather hear it from you and try to fix it.

If you're not satisfied with my response, you have the right to complain to the UK Information Commissioner's Office:

  • Website: https://ico.org.uk

  • Helpline: 0303 123 1113

  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Changes to this notice

I may update this notice from time to time — for example, if I start using a new tool or service. The "Last updated" date at the top of the document shows when the current version came into effect.

If I make material changes that affect how I use existing clients' data, I'll email you directly.

14. Contact

William Maciver

Email: will@williammaciver.com

Website: williammaciver.com