Privacy Policy — Systems for Coaches

Last updated: 4 September 2025

Systems for Coaches ("we", "us", "our") operates the website systemsforcoaches.online and provides consulting and software-integration services for coaching businesses. We are committed to protecting your privacy and handling your personal data fairly, lawfully, and transparently.

This Privacy Policy explains what personal data we collect, how we use it, the legal bases we rely on, how long we keep it, who we share it with, and your rights under data protection laws. It applies to:

Visitors to our website and marketing pages (the "Site").
Prospective and existing clients, partners, and suppliers.
Individuals who interact with our services (e.g., book calls, submit forms, receive emails, or access client portals we operate).

Because we are established in the EU (Ireland), we follow the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Acts. If you are in the UK, we also follow the UK GDPR and the Data Protection Act 2018 where applicable.

1) Who we are (Data Controller)

Controller: Systems for Coaches
Location: Ireland
Contact: systemsforcoaches@gmail.com

For some client projects, we may act as a data processor on behalf of our client (the controller). See Section 11.

2) What we collect

The personal data we collect depends on how you interact with us:

a) Website & Marketing

Identifiers: name, email address, phone (if provided), social handles (if provided).
Technical data: IP address, device identifiers, browser type, pages viewed, time on site, referrer, cookie IDs.
Marketing preferences and consent records.

b) Sales & Client Onboarding

Contact details (name, email, phone, company, role).
Project details you share (goals, current systems, requirements).
Call recordings/transcripts/notes when you agree to record (e.g., discovery or implementation calls).

c) Service Delivery & Support

Account/workspace identifiers you provide for integrations (e.g., Airtable base IDs, Typeform form IDs, Zapier hooks, platform usernames with limited-scoped tokens).
Limited client-customer data only where necessary to configure automations (e.g., sample records or test accounts). We avoid exporting or retaining end-customer data unless your contract requires it and suitable safeguards are in place.

d) Payments & Invoicing

Billing name, email, business name, VAT/tax number (if applicable).
Payment status, invoices, and transaction metadata (handled via our payment provider; we do not store full card numbers).

We collect data directly from you, from publicly available sources (e.g., your company website/LinkedIn if relevant), and via tools you connect to our services.

3) Why we use your data (Purposes) & legal bases

Under GDPR, we must identify a legal basis for each purpose:

PurposeExamplesLegal basisWebsite operation & securityServing pages, preventing abuse, diagnosticsLegitimate interests (running a secure site)Analytics & performanceMeasuring traffic and improving UX; aggregated insightsConsent (cookies/analytics) where required; otherwise legitimate interests with privacy safeguardsMarketing & newslettersSending updates you signed up forConsent (you can withdraw anytime)Sales & enquiriesResponding to contact messages, scheduling callsLegitimate interests (business communications)Contracting & deliveryScoping, building, and maintaining systemsContract (to perform a contract or take steps at your request)Payments & accountingInvoicing, tax complianceLegal obligation and contractRecords & dispute handlingProject logs, compliance, enforcing rightsLegitimate interests (establish/exercise legal claims)

Where we rely on consent, you can withdraw it at any time (see Section 9).

4) Cookies & similar technologies

We may use cookies or similar tech (e.g., local storage, pixels) to:

make the Site function,
remember your preferences,
analyze performance,
personalize content or ads (if applicable).

Where required by law, we present a cookie banner so you can accept, reject, or manage non-essential cookies. You can also control cookies in your browser settings. Disabling certain cookies may affect site functionality.

5) Analytics, communications & tools we use

We use reputable service providers to run our business. Depending on your interaction, your data may be processed by:

Website & hosting/CMS: e.g., Webflow or equivalent.
Analytics: e.g., Google Analytics or privacy-focused alternatives.
Scheduling: e.g., Calendly (booking calls).
Payment processing: e.g., Stripe (we do not store full card numbers).
Forms & surveys: e.g., Typeform, Google Forms, Tally.
Automation & integration: e.g., Zapier (to connect systems based on your instructions).
Data platforms/CRMs: e.g., Airtable, GoHighLevel (GHL), GroupTrack (as relevant to client work).
Communication: e.g., Google Workspace (Gmail/Meet), Slack/Pumble (team comms), WhatsApp (client comms), email marketing tools.
Meetings & call intelligence: e.g., Fathom (recordings, transcripts, summaries) — only with consent.
Coaching platforms (client work): e.g., Trainerize and similar platforms you instruct us to integrate.

We maintain appropriate Data Processing Agreements (DPAs) and use Standard Contractual Clauses (SCCs) where required for international transfers (see Section 7).

6) Sharing your data

We share personal data only with:

Service providers acting on our instructions (processors) under contract.
Professional advisers (accountants, legal counsel) under confidentiality.
Authorities where required by law or to protect rights, safety, or security.
Business transferees if we undergo a reorganization, merger, or sale (with appropriate safeguards).

We do not sell your personal data.

7) International transfers

Some providers are outside the EEA/UK. Where we transfer data internationally, we use lawful transfer mechanisms such as SCCs, adequacy decisions, and supplementary measures (e.g., encryption, access controls) as needed.

8) How long we keep data (Retention)

We keep personal data only for as long as necessary for the purposes described in this Policy:

Marketing contacts: until you unsubscribe or your account is inactive for 24 months (or shorter where required).
Contract & project records: generally 6 years after the end of our engagement (to address queries and legal obligations).
Payments & tax records: as required by tax law (commonly 6–7 years).
Call recordings/transcripts: retained only as long as needed for project delivery and training (typically 12–24 months) unless you ask us to delete sooner and no legal basis requires retention.

We may anonymize data so it is no longer personal, and retain the anonymized information for analytics and reporting.

9) Your rights (EU/UK)

Subject to applicable law, you have the right to:

Access your personal data and get a copy.
Rectify inaccurate or incomplete data.
Erase data (right to be forgotten) in certain cases.
Restrict processing in certain cases.
Object to processing based on legitimate interests and to direct marketing.
Data portability where technically feasible.
Withdraw consent at any time (processing before withdrawal remains lawful).

To exercise your rights, email systemsforcoaches@gmail.com. We may need to verify your identity. You also have the right to complain to your local data protection authority. In Ireland, this is the Data Protection Commission (www.dataprotection.ie).

10) Security

We use appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls, least-privilege principles, and regular reviews of vendors and configurations. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11) Our role: controller vs processor

When we decide the purposes and means of processing (e.g., our Site, marketing lists, client relationship management), we act as a Controller.
When we process personal data on your documented instructions to build and operate systems for your business (e.g., configuring Airtable, Zapier, Typeform, Trainerize, GHL), we act as a Processor. In those cases, we enter into a Data Processing Agreement (DPA) with you that sets out scope, security measures, sub‑processors, and assistance with data subject requests and breach notifications.

12) Children

Our services are intended for professionals and businesses. We do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, please contact us to request deletion.

13) Automated decision-making

We do not use personal data to make decisions that produce legal or similarly significant effects on individuals solely by automated means. If this changes, we will update this Policy and provide required notices.

14) Third-party links

Our Site and materials may link to third-party websites or services. Their privacy practices are governed by their own policies, not this one. We encourage you to review them.

15) Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will take appropriate steps to inform you (e.g., prominent notice on the Site or email). The "Last updated" date above shows when this Policy was last revised.

16) How to contact us

If you have questions about this Policy or how we handle your data, contact us at:
Email: systemsforcoaches@gmail.com
Postal: Systems for Coaches, Ireland (please email for correspondence details)

Quick Summary (Plain English)

We collect only what we need to run our website, talk to you, deliver projects, and get paid.
We use trusted tools like Webflow, Calendly, Stripe, Typeform, Airtable, Zapier, Google Workspace, and (with consent) Fathom for call notes.
We don’t sell your data.
You can unsubscribe, ask for a copy, ask us to fix or delete your data, and object to marketing anytime.
For client projects, we typically process data on your instructions and sign a DPA.

Tip for your own use: If you need a list of currently active sub‑processors, we can provide the up‑to‑date list on request or publish it on the Site.

‍