Privacy Policy

This Privacy Policy explains how Change to Thrive (“I”, “me”, “my”) collects, uses and protects your personal information when you use this website or work with me as a coaching client.

Change to Thrive is the trading name of Paul Staves, an independent sober coach based in the United Kingdom.

If you have any questions about this Privacy Policy, you can contact me at:

• Email: [email protected]
• Postal town / area: Epsom, Surrey, United Kingdom

1. Who I am and how I operate

For data protection purposes, the data controller is:

Change to Thrive
Trading name of Paul Staves
Epsom, Surrey, United Kingdom
Email: [email protected]

I operate as a sole trader using the Change to Thrive brand. I am responsible for deciding how your personal data is used in relation to this website and my coaching services.

2. What information I collect

I may collect and process the following types of personal information:

2.1 Information you provide directly

• Name and contact details (such as email address and, if provided, phone number)
• Information you provide in website contact forms or emails
• Basic background details you choose to share when enquiring about coaching
• Information you share during coaching sessions, pre-session questionnaires or exercises
• Payment-related information (for example, that you have paid for a session or programme).
  I do not normally see full card or bank details if a third party processor is used.

2.2 Information collected automatically

When you use this website, certain information may be collected automatically through cookies and similar technologies, for example:

• IP address and approximate location
• Device type and browser type
• Pages viewed, time on site and referring website

This is typically used in anonymised or aggregated form for basic analytics, for example through tools such as Google Analytics, if enabled.

For more details, please see the Cookie Policy.

3. Special category data

In the course of coaching or enquiries, you may choose to share information about your health, alcohol use or mental wellbeing.

I do not actively seek to collect special category data through the website. However, if you share this information with me, I will treat it as confidential and will only use it for the purpose of providing coaching services or responding to your enquiry, in line with this Privacy Policy and my duty of care.

You should avoid including unnecessary sensitive information in website contact forms. If more detailed information is needed, it can usually be discussed more safely in a session.

4. How and why I use your information

I will only use your personal data when there is a valid legal basis to do so under UK data protection law. The main purposes and legal bases are:

4.1 Responding to enquiries

• To reply to your messages, emails or contact form submissions
• Legal basis: legitimate interests (to respond to your request and operate my business)

4.2 Providing coaching services

• To schedule, deliver and follow up coaching sessions
• To manage your coaching programme or ongoing support
• To keep basic records of our work together, for example session dates and key themes
• Legal basis: performance of a contract (providing services you have requested) and legitimate interests (running a coaching practice)

4.3 Email updates or resources you sign up for

• To send you emails you have requested, such as newsletters, resources or updates
• Legal basis: consent (you can withdraw consent at any time by using the unsubscribe link or contacting me)

4.4 Website performance and analytics

• To understand how the website is used and to improve content and usability
• Legal basis: legitimate interests (to run and improve my website) and, where required for non-essential cookies, consent

4.5 Legal, accounting and safeguarding

• To keep basic financial and business records for tax and accounting purposes
• To manage any complaints or legal claims
• To act on serious safeguarding concerns, for example if I believe there is a risk of harm to you or others
• Legal basis: legal obligation and legitimate interests, and in rare cases vital interests (protecting life)

5. Who I share your information with

I do not sell your personal data.

I may share your information with:

• Service providers who help run my business, such as:
  • Email service providers
  • Website hosting providers
  • Online calendar or video call platforms
  • Payment processors
• Professional advisers such as accountants or legal professionals, where reasonably necessary
• Authorities, emergency services or safeguarding bodies, if I believe there is a risk of serious harm, or if required by law

These third parties are only given access to the information they reasonably need and are expected to handle it securely and in line with data protection law.

6. International transfers

Some of my service providers may be based outside the UK or the European Economic Area (for example, cloud-based tools and email providers).

Where personal data is transferred outside the UK or EEA, I aim to ensure that appropriate safeguards are in place, such as standard contractual clauses or equivalent protections, so that your data remains adequately protected.

7. How long I keep your information

I will keep your personal data only for as long as reasonably necessary for the purposes set out in this Privacy Policy, including to meet legal, accounting or reporting requirements.

In general:

• Enquiry emails and contact form messages are usually kept for up to 12–24 months
• Coaching-related records may be kept for up to 7 years after the end of our work together, in line with common practice for professional services
• Basic financial records are normally kept for at least 6 years to meet tax and accounting requirements

I may keep anonymised or aggregated data (which does not identify you) for longer, for example for business or research purposes.

8. How I protect your information

I take reasonable steps to protect your personal data, including:

• Using reputable hosting and service providers
• Using passwords and, where available, two-factor authentication for key systems
• Limiting access to personal data to what is necessary

However, no system can be completely secure, and I cannot guarantee absolute security of information transmitted over the internet.

9. Your rights

Under UK data protection law, you have a number of rights in relation to your personal data, including:

• Right of access – to ask for a copy of the personal data I hold about you
• Right to rectification – to have inaccurate or incomplete data corrected
• Right to erasure – to request deletion of your data in certain circumstances
• Right to restriction – to ask me to limit how I use your data in certain cases
• Right to object – to object to processing based on legitimate interests or to direct marketing
• Right to data portability – in some cases, to receive your data in a structured, commonly used, machine-readable format

You also have the right to withdraw consent where processing is based on consent, for example email newsletters.

To exercise any of these rights, please contact me using the details above.

If you are unhappy with how I use your information, you can also complain to the Information Commissioner’s Office (ICO) in the UK. Further information is available on the ICO website.

10. Cookies and similar technologies

This website uses cookies and similar technologies to help it function properly and to improve your experience.

• Some cookies are necessary for the site to work
• Other cookies, such as those used for analytics, may require your consent

You can find more information, including how to manage your preferences, in the Cookie Policy and through the cookie banner or settings tool on this site.

---

11. Third party links

This website may contain links to other websites. I am not responsible for the content, security or privacy practices of those sites.

If you follow a link to another website, you should read that website’s own privacy information.

---

12. Children

This website and my coaching services are intended for adults aged 18 and over. I do not knowingly collect personal data relating to children.

If you believe that a child under 18 has provided me with personal data, please contact me so that I can delete it where appropriate.

---

13. Changes to this Privacy Policy

I may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “last updated” date.

You should check this page occasionally to make sure you are happy with any changes. If the changes are significant, I may also notify you by email where appropriate.

Last updated: 18th November 2025