Privacy Policy

Last updated: 27 May 2026

This notice explains what personal information Aida Coaching Ltd collects about you, why we collect it, the legal basis on which we process it, how long we keep it, and the rights you have. It is written to meet the requirements of the UK GDPR and Data Protection Act 2018.

1. Who we are

Data controller: Aida Coaching Ltd, a company registered in England and Wales, trading as Aida Coaching. Registered office: 7 Bell Yard, London, UK.

Director and primary contact: Sonia Ouarti.

ICO registration: We are registered as a data controller with the UK Information Commissioner's Office.

Contact for any data protection question: hello@aidacoaching.com.

2. What personal data we collect

Depending on how you interact with us, we may collect:

  • Identity and contact data — first name, last name, email address, and any other contact details you provide.
  • Account data — username, hashed password, account creation date, course enrolment records (for the courses platform).
  • Transaction data — products purchased, amount, date, currency, billing country. Card details are entered directly into Stripe and are never seen or stored on our servers.
  • Communications data — emails you send us, messages you submit via our contact form, your marketing consent choices.
  • Course usage data — which lessons you've viewed, completed exercises, when you last accessed the platform.
  • Burnout Assessment responses (special category data) — your answers to the 16 questions, your name, your email, and a derived "pattern" describing where you sit in the burnout cascade. Some of these responses relate to your physical and mental health and are therefore special category data under Article 9 UK GDPR. See section 4 for how we handle this.
  • Technical data — IP address, browser type, device type, referring URL, basic interaction logs (collected via Netlify and, where errors occur, our error-tracking provider).

3. Why we process your data and our lawful basis

Under Article 6 UK GDPR we must have a lawful basis for every use of your data. The table below sets out the purpose, the data involved, and the lawful basis we rely on.

Purpose Data Lawful basis (Art. 6)
Deliver a course, programme, or coaching you have boughtIdentity, account, transaction, usageContract — Art. 6(1)(b)
Process payments and keep tax/accounting recordsIdentity, transactionContract — Art. 6(1)(b) and Legal obligation — Art. 6(1)(c)
Respond to your enquiriesIdentity, communicationsLegitimate interests — Art. 6(1)(f) (running our business)
Send our newsletter or marketing emailsIdentityConsent — Art. 6(1)(a) (you opt in; you can opt out at any time)
Run the Burnout Assessment and email you the readingIdentity, assessment responses (special category data)Consent — Art. 6(1)(a) and Explicit consent — Art. 9(2)(a)
Webinar / event registration and deliveryIdentityConsent — Art. 6(1)(a)
Keep the website running, prevent abuse, monitor for errorsTechnicalLegitimate interests — Art. 6(1)(f) (security and service quality)
Comply with tax law, regulatory or legal requestsIdentity, transactionLegal obligation — Art. 6(1)(c)

Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. You have the right to object — see section 9.

4. Special category data: the Burnout Assessment

Some of the answers you give in the Burnout Assessment reveal information about your physical or mental health. Under Article 9 UK GDPR this is special category data and needs an additional lawful condition on top of Article 6.

Our Article 9 condition is your explicit consent (Article 9(2)(a)). You provide that consent by ticking the box "Yes, send me my assessment by email" before you submit the form. You can withdraw that consent at any time by emailing us at hello@aidacoaching.com; withdrawal does not affect any processing carried out before withdrawal.

We use these responses to:

  • Generate a personalised reading written in the voice of Sonia Ouarti using a language model from Anthropic. Your responses are not used to train any AI model, and no human at Aida Coaching reads your individual answers — we set the brief, framework, and voice rules the model follows, and the output goes straight to you.
  • Email the reading to the address you supplied.
  • Tag your record in our email platform so that, if you have separately consented to marketing, future messages can be relevant to the pattern your assessment showed.

Important: the assessment is a screening tool, not a clinical diagnosis. We are not a healthcare provider. We do not share your responses with any third party other than the processors named in section 7.

5. Other forms on our website

Alongside the Burnout Assessment, we offer several other ways to share your details with us. None of these collect special category data, so they sit under Article 6 UK GDPR only. In each case we collect the minimum information needed, you give us your data voluntarily, and you can withdraw at any time.

Newsletter signup

What we collect: your email address (and your first name, if you give it).
Lawful basis: consent — Article 6(1)(a). You opt in by entering your email on the signup form.
What we do with it: add you to our Mailchimp newsletter audience and send periodic emails with practical insights, course news, and updates. Nothing else.
How to withdraw: click "unsubscribe" at the bottom of any email, or email us at hello@aidacoaching.com. Withdrawal is immediate.

Webinar and event registration

What we collect: your name, email address, and the event you registered for.
Lawful basis: consent — Article 6(1)(a). Registering is the consent.
What we do with it: send you the joining link, any pre-reads, a reminder before the event, and (if it applies) the recording or follow-up resources afterwards. We store registrations in a dedicated Mailchimp audience separate from the newsletter audience.
How to withdraw: reply to any event email asking to be removed, or email us. We will not add you to our newsletter from a webinar registration unless you have separately opted in.

Contact form / "Book a call" form

What we collect: your name, email address, and whatever you write in the message field.
Lawful basis: legitimate interests — Article 6(1)(f) (responding to enquiries about our services). If your message moves toward a paid coaching engagement, the basis shifts to "necessary to take steps at your request prior to entering a contract" — Article 6(1)(b).
What we do with it: read your message and reply by email.
How to withdraw: ask us to delete the exchange at any time. We routinely delete contact-form correspondence after two years unless an ongoing client relationship requires us to keep it.

Course purchase and account creation

What we collect: name, email, hashed password, course you purchased, transaction details. Card details go directly to Stripe; we never see them.
Lawful basis: contract — Article 6(1)(b) — for delivering the course you bought. We also have a legal obligation — Article 6(1)(c) — to keep transaction records for UK tax purposes (six years from end of financial year).
What we do with it: grant you access to the course, send course-related notifications (e.g. new lesson available), and keep transaction records.
How to withdraw: you can close your account at any time by emailing us; we will delete it within 30 days. Transaction records we are legally required to keep are retained separately and not used to contact you.

Marketing consent — independent of every form

Marketing consent is always separate from the form that captured your email. Buying a course or registering for a webinar does not mean you've agreed to marketing. You only receive marketing emails if you have actively ticked a marketing consent box, either on the Burnout Assessment, the newsletter form, or another optional checkbox you explicitly opt into. We honour that choice across every audience.

6. How long we keep your data

  • Course account and enrolment records — for as long as your account is open, then up to 12 months after closure in case you return, after which we delete or anonymise.
  • Transaction records (invoices, receipts) — 6 years from the end of the financial year, to comply with UK tax law.
  • Newsletter and marketing records — until you unsubscribe, and then up to 12 months in a suppression list so we don't accidentally re-add you.
  • Burnout Assessment responses and generated readings — kept indefinitely so you can revisit your reading via the link we email you, unless you ask us to delete them.
  • Support and contact-form emails — up to 2 years after our last exchange.
  • Technical logs — typically 30 to 90 days, depending on the system.

You can ask us to delete any of the above earlier — see section 9.

7. Who we share your data with

We never sell your data. We share the minimum necessary with the following processors, each of whom is bound by a data-processing agreement:

  • Stripe — payment processing.
  • Firebase (Google Cloud) — authentication, database, and storage for the courses platform.
  • Mailchimp (Intuit) — newsletters, transactional email delivery for the Burnout Assessment, marketing segmentation.
  • Resend — transactional email for course-related notifications.
  • Mux — video hosting and delivery for course content.
  • Anthropic — AI generation of the Burnout Assessment reading (see section 6).
  • Netlify — website hosting, edge functions, and the storage layer where the Burnout Assessment reading is held.
  • Sentry — error monitoring (collects technical data such as IP address and stack traces when something breaks, so we can fix it).

We may also disclose your data where required by law (for example, in response to a court order) or to defend our legal rights.

8. International transfers

Several of the providers above are based in, or process data in, countries outside the UK (most often the United States). When we transfer your data outside the UK, we rely on one of the following safeguards as required by Articles 44–49 UK GDPR:

  • The UK government's adequacy decision for the country, where one exists (currently including the UK Extension to the EU–US Data Privacy Framework for participating US providers); or
  • The International Data Transfer Agreement (IDTA), or the EU Standard Contractual Clauses with the UK Addendum, where adequacy does not apply.

If you'd like a copy of the safeguards in place for any specific transfer, email us at hello@aidacoaching.com.

9. Your rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten") — ask us to delete your data, subject to any legal retention obligations.
  • Restriction — ask us to pause processing in certain circumstances.
  • Portability — receive a structured, machine-readable copy of the data you provided to us, where we process it by consent or contract.
  • Object — object to processing based on legitimate interests, including direct marketing (we will always stop direct marketing on request).
  • Withdraw consent — where we rely on consent, you can withdraw it at any time. Withdrawal does not affect prior processing.
  • Not be subject to solely automated decisions with legal or similarly significant effects — see section 6.
  • Lodge a complaint with the Information Commissioner's Office — at ico.org.uk/make-a-complaint or 0303 123 1113. We'd appreciate the chance to address your concerns first, but you don't have to come to us before you go to them.

To exercise any right, email hello@aidacoaching.com. We respond within one month, free of charge, unless the request is manifestly unfounded or excessive.

10. Cookies and similar technologies

We use a small number of strictly necessary cookies and similar technologies:

  • Authentication cookies — set by Firebase on the courses platform when you sign in, so the platform remembers you. Session-based; deleted on logout.
  • Stripe checkout — sets cookies during checkout for fraud prevention and to complete the payment.
  • sessionStorage — on the Burnout Assessment, we briefly store your first name and email in your browser only, so the "your assessment is on its way" page can address you. This is local to your device and is cleared automatically.

We do not currently use advertising cookies, third-party tracking pixels, or behavioural-analytics cookies that require consent under PECR. If that changes, we'll update this policy and ask for your consent first.

11. Security

We protect your data with measures appropriate to the risk: TLS encryption for data in transit, encryption at rest on the platforms we use, role-based access controls so only people who need to see data can, hashed passwords, and regular security review of our third-party processors. No system is perfectly secure; if a breach occurs that is likely to affect your rights, we will notify the ICO within 72 hours and you without undue delay, as required by Articles 33 and 34.

12. Children

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top will reflect any change. Where the change is material, we will tell you directly (for example, by email) before it takes effect.

14. Contact

Questions about this notice, or about how we handle your data, should go to hello@aidacoaching.com. Postal: Aida Coaching Ltd, 7 Bell Yard, London, UK.