1. About this policy

This privacy policy explains how Grit Limited (“we”, “us”, “our”) collects, uses, stores and shares your personal data when you use our website at www.grit.co.uk, sign up for our newsletter, submit a contact or registration form, participate in our services or interact with us in any other way.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy also explains your rights under data protection law and how to exercise them.

​

2. Who we are

Grit Limited is a coaching, team and leadership development business registered in England and Wales. For the purposes of data protection law, we are the data controller.

Contact: Dr Sam Humphrey

Email: sam@grit.co.uk

Telephone: +44 (0) 7767 417 450

​

3. What personal data we collect

The personal data we collect depends on how you interact with us. We may collect some or all of the following:

​

Through our website

• Newsletter sign-up (home page and site footer): email address

• Contact form (contact page): first name, last name, email address and your message

• Gready Club registration form: first name, last name, email address and your message

• Website usage data: IP address (anonymised), browser type, operating system, pages visited, time spent on pages and your journey through the website. This data is collected automatically through cookies and similar technologies.

​

Through our coaching and consultancy services

• Name, date of birth, gender, office address, email address, telephone number, business name and job title

• Coaching session notes (held by your coach, based on your explicit consent). These are not shared with or accessible by any other person.

• Non-attributable themes extracted from coaching programmes where confidentiality is maintained

​

Post-assignment review surveys

Following the completion of a coaching or consultancy assignment, we may send you a survey to gather feedback on the service you received. These surveys are sent to coaching clients and, where appropriate, to the sponsoring organisation (typically the HR or L&D professional who commissioned the work). We will make clear at the point of the survey who will have access to the responses.

​

The survey link is sent by Grit directly via email. We do not upload your email address or contact details to the survey platform. The survey itself is hosted on SurveyMonkey (operated by Momentive Inc.), which means that the information you enter into the survey (your name, organisation name and your responses) is processed and stored on SurveyMonkey’s servers in the United States. SurveyMonkey applies appropriate safeguards for international data transfers including Standard Contractual Clauses. You can read SurveyMonkey’s privacy policy at www.surveymonkey.com/mp/legal/privacy.

​

The lawful basis for this processing is our legitimate interest in evaluating and improving our services. Your participation in any survey is voluntary. Survey data is retained for a maximum of six months following the completion of the assignment, consistent with our retention period for coaching session notes.

​

4. How and why we use your personal data

Under the UK GDPR, we must always have a lawful basis for using personal data. The table below sets out what we do with your data and the legal basis we rely on for each activity.

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

5. Newsletter and marketing communications

By signing up for our newsletter through the website, you consent to Grit Limited sending you periodic emails containing insights, research, practical tools, information about our programmes, services and events. You can withdraw your consent and unsubscribe at any time by clicking the unsubscribe link at the bottom of any newsletter or by contacting us directly.

​

Our newsletter is delivered through Mailchimp (operated by Intuit Inc.). When you subscribe, your email address is transferred to and stored on Mailchimp’s servers, which are located in the United States. Mailchimp participates in the EU-US Data Privacy Framework and applies appropriate safeguards to protect your data. You can read Mailchimp’s privacy policy at www.mailchimp.com/legal/privacy.

​

If you are an existing client, we may send you information about services similar to those you have previously used with us. This is based on our legitimate interest (soft opt-in). You can opt out at any time.

​

6. Your rights

Under the UK GDPR, you have the following rights:

• The right to be informed about how we collect and use your personal data (this policy)

• The right to access the personal data we hold about you

• The right to have your personal data corrected if it is inaccurate or incomplete

• The right to be forgotten (the right to ask us to delete your personal data)

• The right to restrict (prevent) the processing of your personal data

• The right to object to us using your personal data for a particular purpose

• The right to data portability (to receive your data in a portable format where processing is based on consent or contract and carried out by automated means)

• Rights relating to automated decision-making and profiling

​​

To exercise any of these rights, please contact Sam Humphrey using the details in section 2 above.

Further information about your rights can be obtained from the Information Commissioner’s Office (ICO) at www.ico.org.uk or your local Citizens Advice Bureau. If you have any cause for complaint about how we handle your personal data, you have the right to lodge a complaint with the ICO.

​

7. How long we keep your personal data

We do not keep personal data for longer than is necessary. The retention periods we apply are:

​

• Coaching session notes: a maximum of six months following completion of the coaching work, unless you explicitly request that we retain them for longer

• Service-related personal data (name, contact details, correspondence): for the duration of our business relationship plus a maximum of 36 months

• Newsletter subscriber data: until you unsubscribe or request removal

• Contact form and Gready Club enquiries: 12 months from the date of your enquiry, unless a business relationship is established

• Website analytics data: as determined by Google Analytics retention settings (currently 14 months)

• Post-assignment review survey data: a maximum of six months following completion of the assignment.

 

We reserve the right to retain data for longer periods where it may be required to defend a future complaint against us by you or a third-party representative.

 

8. How and where we store your personal data

We take appropriate technical and organisational measures to protect your personal data. Your data may be stored and processed in the following locations:

​

• United Kingdom: Our business records and coaching files are stored in the UK.

• European Economic Area / United States: Our website is hosted on Wix.com Ltd, an Israeli company that stores data on servers in the EU and US. Wix acts as a data processor on our behalf and applies appropriate safeguards including Standard Contractual Clauses for international transfers.

• United States: Newsletter data is processed by Mailchimp (Intuit Inc.), which participates in the EU-US Data Privacy Framework. Google Analytics data may also be processed in the US by Google LLC, which applies Standard Contractual Clauses. Post-assignment review survey data is processed by SurveyMonkey (Momentive Inc.), which applies Standard Contractual Clauses.

​

Where your data is transferred outside the UK, we ensure that appropriate safeguards are in place as required by UK data protection law, including adequacy decisions, Standard Contractual Clauses or recognised certification frameworks.

​

​

9. Who we share your personal data with

We do not sell your personal data to anyone. We may share your data with the following categories of recipients:

​

• Associate coaches and facilitators: Where we engage an associate to deliver services to you, we will share relevant personal data with them. All associates are required to handle your data in accordance with UK GDPR.

• Wix.com Ltd: Our website host and data processor for contact form submissions and Gready Club registrations.

• Mailchimp (Intuit Inc.): Our email marketing platform, which processes newsletter subscriber data on our behalf.

• SurveyMonkey (Momentive Inc.): Our survey platform, which processes post-assignment review data entered by respondents on our behalf.

• Google LLC: Provides website analytics through Google Analytics.

​​

In limited circumstances, we may be legally required to share personal data if we are involved in legal proceedings, complying with legal obligations, a court order or the instructions of a government authority.

​

We will never pass on or share your data with other organisations for their own marketing purposes without your express permission.

​

10. Cookies

Cookies are small text files placed on your device when you visit our website. They help us understand how you use the site and improve your experience.

​

Cookies used on this website

• Essential cookies (Wix): These are necessary for the website to function properly, including security, session management and basic functionality. They do not require your consent.

• Analytics cookies (Google Analytics): These help us understand how visitors use our website by collecting anonymised data such as pages visited, time on site and traffic sources. They contain no personal information about you.

• Functional cookies (Wix): These remember your preferences and settings to improve your browsing experience.

​​

Managing cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of parts of the website.

You can find information on managing cookies for your specific browser at www.aboutcookies.org.

​

11. Social media and external links

Our website contains links to our Instagram and LinkedIn profiles. When you click on these links, you will be directed to those platforms, which have their own privacy policies and cookie practices. We are not responsible for the privacy practices of these third-party platforms and encourage you to review their policies.

​

Where social media buttons or icons are displayed on our site, they may allow the relevant platform to identify that you have visited our website. This is governed by the privacy policies of those platforms.

​

12. Embedded content

Pages on our website may include embedded content such as videos, podcast players, images or articles from other websites. Embedded content from other websites behaves in the same way as if you had visited that website directly.

​

These external services may collect data about you, use cookies, embed additional third-party tracking and monitor your interaction with the embedded content. If you have an account with any of these services and are logged in, they may link this data to your profile.

​

13. How to access your personal data

You have the right to request a copy of the personal data we hold about you. This is known as a “subject access request”.

​

All subject access requests should be made in writing to sam@grit.co.uk. There is not normally any charge for a subject access request. We will respond within one calendar month of receiving your request.

​

14. Data protection legislation

This policy is issued in compliance with the UK General Data Protection Regulation (UK GDPR) as retained in UK law under the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) 2003.

​

15. Changes to this policy

We may update this privacy policy from time to time, for example if the law changes or if we change our business in a way that affects how personal data is handled. Any changes will be posted on this page with an updated revision date.

​

16. Contact

If you have any questions about this privacy policy or how we handle your personal data, please contact:

Dr Sam Humphrey

Grit Limited

sam@grit.co.uk

+44 (0) 7767 417 450

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

​​​​​