Privacy Policy

Last updated: 18th June 2026

This Privacy Policy explains how Evan Beales Coaching (“we”, “us”, “our”) collects, uses, shares and protects your personal data when you enquire about, purchase or participate in the Built to Last programme (the “Programme”). Please read it alongside our Terms & Conditions.

 

1. Who We Are

Evan Beales Coaching is the “data controller” responsible for your personal data. Our contact details are set out in Section 13.

2. The Personal Data We Collect

Depending on how you interact with us, we may collect:

•       Identity and contact data – name, email address, phone number, and (if relevant) postal address and date of birth;

•       Account and participation data – your sign-up details, the Programme(s) you join, progress, body stats/weigh-ins, ratings, feedback and check-in responses, and messages you send us or post in the Programme community;

•       Payment data – we use a third-party payment processor; we do not store your full card details ourselves (see Section 5);

•       Health and lifestyle data – information you choose to share about your health, diet, symptoms, food reactions, goals, measurements or wellbeing (see Section 3);

•       Technical and usage data – IP address, device and browser information, and how you use our website or platform (see Section 10 on cookies).

3. Special Category (Health) Data

Some information you share is “special category” data under data protection law, in particular health and lifestyle information. We only collect this where you choose to provide it, and we use it solely to deliver and support your participation in the Programme.

Our lawful basis for processing this data is your explicit consent, which you give by choosing to share it with us. You can withdraw your consent at any time by contacting us (see Section 13), although this may affect our ability to support you in the Programme.

4. How and Why We Use Your Data

We use your personal data to:

•       provide, deliver and administer the Programme and your access to it;

•       take payment and manage your account;

•       communicate with you, respond to enquiries and provide support;

•       personalise guidance and support, and use your feedback and check-ins to improve and develop the Programme;

•       send you service messages and, where you have agreed, marketing about our offerings (you can opt out at any time);

•       use anonymised or aggregated information to evaluate, improve and promote the Programme – we will only use information that identifies you (such as your name, image or a testimonial) in marketing with your separate, explicit consent;

•       comply with our legal obligations and protect our legal rights.

Our lawful bases are: performance of our contract with you; your consent (for health data and marketing); our legitimate interests in running and improving our business; and compliance with legal obligations.

5. Sharing Your Data, and the Tools We Use

We do not sell your personal data. To run the Programme, we use a number of trusted third-party tools and service providers that store or process your information on our behalf. Depending on the service, these currently include:

•       Coaching and training apps where you enter and track your information (for example Trainerize) – used to deliver the Programme and to hold details such as your workouts, check-ins, body stats and related information;

•       Form and questionnaire tools (for example Typeform) – used to collect information you submit, such as intake forms, questions and feedback;

•       E-signature tools (for example DocuSign) – used to send and record agreements and consents;

•       Data organisation and storage tools (for example Airtable and Microsoft Excel) – used to organise, import and store client information;

•       AI-assisted tools (for example business versions of ChatGPT and Claude) — used to help us organise information, review data and draft feedback;

•       Payment processors (for example Stripe / PayPal);

•       Email, scheduling and administrative service providers; and

•       Professional advisers and authorities, where required by law.

We may also hold some of your information directly ourselves, including on our own secure devices and files. The specific tools we use may change from time to time; the list above shows the main types of provider and examples of those we currently use.

Each third-party provider processes your data on our behalf under an appropriate data-processing agreement, or as an independent controller under its own privacy policy. We recommend reviewing the privacy policy of any provider relevant to you. If you follow a link to a third-party product or website, that third party will handle your data under its own policy, which we do not control.

Automated tools / AI. We use AI-assisted tools to help us work efficiently, including to organise information, review data and draft feedback. We use business versions of these tools under appropriate agreements, and we take steps so that your data is not used to train AI models. A human is always involved in decisions about you — we do not use AI to make any decision about you that produces a legal or similarly significant effect without human involvement.

6. International Data Transfers

We operate from the United Kingdom but work with clients and service providers in other countries, including the United States. Some of the tools and providers we use (including several of those listed in Section 5) are based outside the UK, which means your data may be stored or processed outside the UK, including in the United States. Where your data is transferred outside the UK or EEA, we take steps to ensure it is protected by an appropriate safeguard recognised under data protection law (such as adequacy regulations or standard contractual clauses). By participating from outside the UK, you understand your data may be transferred to and processed in the UK and other countries.

7. How Long We Keep Your Data

We keep your personal data only for as long as necessary for the purposes set out in this policy, including to meet legal, accounting and insurance requirements. In particular, we keep client records, including health information from your PAR-Q and disclaimer, for 7 years after your last session with us, in line with our insurer’s requirements. When data is no longer needed, we securely delete or anonymise it.

8. Your Rights (UK & EU/EEA Users)

Under UK and EU data protection law, you have the right to:

•       access the personal data we hold about you;

•       ask us to correct inaccurate or incomplete data;

•       ask us to delete your data in certain circumstances;

•       restrict or object to our processing in certain circumstances;

•       request your data in a portable format; and

•       withdraw consent at any time where we rely on consent.

To exercise any of these rights, contact us using the details in Section 13. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk, or to your local supervisory authority in the EU/EEA.

9. Your Rights (US Users)

Depending on your state of residence, you may have rights regarding your personal data, including the right to know what data we collect, to access or delete it, to correct it, and to opt out of certain uses. For example, residents of California (under the CCPA/CPRA) and certain other states have specific rights. We do not sell personal data. To make a request, contact us using the details in Section 13.

10. Cookies & Tracking

If you use our website, we may use cookies and similar technologies for essential functionality, analytics and (where you consent) marketing. You can manage non-essential cookies through our cookie banner or your browser settings.

11. Data Security

We use appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or misuse, and we keep secure back-ups of important records. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

If a personal data breach occurs that is likely to affect your rights (for example, loss of or unauthorised access to your data), we will act in line with our legal obligations – which may include notifying the Information Commissioner’s Office (ICO) and, where required, telling you.

12. Children

The Programme is intended for adults aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

13. How to Contact Us

If you have questions about this Privacy Policy, or wish to exercise your rights, please contact us at: evan@evanbealescoaching.com

14. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is the one published here, and the date at the top shows when it was last updated.