Services Privacy Policy


  1. Introduction

This data privacy notice is made available after the change in UK law and the General Data Protection Regulation (GDPR) that was introduced on 25 May 2018.

  1. Who We Are

Gemma Houldey is a consultant operating as a sole trader, specialising in research and advisory services in the charity sector. The designated data controller under data protection legislation and regulations is Gemma Houldey.

  1. Your Personal Data – What is it?

Your personal data is defined as any information that can be used to identify you from it, either used on its own or along with other information. Data may be collected by various means including through public domain sources including the web and social media, personal contact, online consultation and through the course of my work with you.

  1. Our obligation to you

We meet our obligations to you under GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data.

  1. What do we use data for?

We use your personal data for the following purposes:

  • Corresponding with individuals about mentoring sessions
  • Assessing and communicating the wellbeing needs of clients and their staff
  • Communicating about and delivering services to clients and their staff
  • Keeping individuals up to date on upcoming events
  • Supporting individuals with their mental health and wellbeing through our newsletter
  1. What is the legal basis for using your personal data?

The legal basis for using your personal data is:

  • Your explicit and informed consent; and/or
  • For delivering our obligations to you as per a contract between us; and/or
  • Other legitimate interests including the marketing, business development, statistical and management purposes
  1. Sharing your personal data

Your personal data will be treated as strictly confidential. We will never sell your data to a third party for marketing purposes except with your express consent.

We may have to share your personal data with (i) service providers who provide IT and system administration support, (ii) professional advisors including lawyers, bankers, auditors and insurers (iii) HMRC and other regulatory authorities (iv) third parties to whom we sell, transfer or merge parts of our business or our assets. Third parties are only allowed to process personal data for specified purposes and in accordance with our instructions.

Some of our third party providers are businesses outside of the UK/EEA in countries which do not always offer the same levels of protection for your personal data. We do our best to ensure a similar degree of security by ensuring that contracts, code of conduct or certification are in place which give your personal data the same protection it has within the UK/ EEA. If we are not able to do so, we will request your explicit consent to the transfer and you can withdraw this consent at any time.

  1. How long do we keep your personal data?

We will only keep your personal data for as long as is necessary to fulfil the purposes for which we collected it. We may retain your data to satisfy any legal, accounting, or reporting requirements so for example we need to keep certain information about you for 6 years after you cease to be a client for tax purposes.

You have the right to ask us to delete the personal data we hold about you in certain circumstances. See section entitled ‘your rights and your personal data’ below.

  1. Data security

We have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator where we are legally required to do so.

In certain circumstances you can ask us to delete your data. See the section entitled ‘your rights and your personal data’ below for more information.

We may anonymise your personal data (so that you can no longer be identified from such data) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

  1. Your rights and your personal data

You have the following rights with respect to your personal data:

  • The right to request a copy of your personal data held by Gemma Houldey about

you, such request to be answered within a month of the date of request;

  • The right to request correction to any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary to retain such data;
  • The right to withdraw your consent to the processing at any time;
  • The right to request a copy of your personal data and where possible, to transmit that

data directly to another data controller;

  • The right, where there is a dispute in relation to the accuracy or processing of your

personal data, to request a restriction is placed on further processing;

  • The right to lodge a complaint with the Information Commissioner’s Office.
  1. Further processing

If we wish to use your data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

  1. Complaints

We are committed to protecting your personal data but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (

We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you. Please write to the Data Controller Gemma Houldey at