Private Coaching Privacy Policy

Last Updated: October 07, 2025

Introduction

This privacy policy explains how Maggnetic Health Limited ('we', 'us' or 'our') collects, uses, stores and protects your personal information when you use our private coaching services.

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are:

  • Company name: Maggnetic Health Limited
  • Company number: 15651056
  • Registered office: 4 Old Budbrooke Road, Hampton Magna, Warwick, CV35 8RS, United Kingdom
  • Contact email: dan@drdanmaggs.com

We are the data controller for the personal information we collect about you.

1. Information We Collect

We collect and process the following types of personal information about you:

Basic Personal Information:

  • Name
  • Email address
  • Payment information (processed through Stripe)
  • Communication records (emails, WhatsApp messages, Zoom calls)

Health and Lifestyle Information:

  • Current and target weight
  • Medical history relevant to coaching
  • Health goals and challenges
  • Dietary information and food logs
  • Exercise and fitness data
  • Progress measurements and tracking data
  • Personality assessment results
  • Session notes (recorded using initials or codes for data minimisation)

Technical Information:

  • Login credentials for our online platform
  • IP address and browser information when accessing our website
  • Session data when using our online resources

We collect this information directly from you through:

  • Initial consultation calls
  • Ongoing coaching sessions via Zoom
  • WhatsApp communications
  • Third party applications you choose to use (Everfit, Cronometer)
  • Personality assessments you complete (UnderstandMyself.com)
  • Forms and questionnaires we may ask you to complete

2. How We Use Your Information

We use your personal information for the following purposes:

To Provide Coaching Services (Legal basis: Contract Performance):

  • Deliver one-to-one coaching sessions
  • Provide ongoing support and guidance via WhatsApp
  • Track your progress towards your health goals
  • Schedule appointments via our booking system
  • Provide access to online resources and materials

To Process Payments (Legal basis: Contract Performance):

  • Process payments for our services via Stripe
  • Maintain financial records as required by law

To Improve Our Services (Legal basis: Legitimate Interests):

  • Analyse coaching effectiveness
  • Identify areas where we can provide better support
  • Use AI assistance tools to provide better coaching insights (with your explicit consent)

To Communicate With You (Legal basis: Contract Performance and Legitimate Interests):

  • Respond to your queries and requests
  • Provide updates about your coaching programme
  • Send important service-related information

Legal and Safety Obligations (Legal basis: Legal Obligation):

  • Comply with legal and regulatory requirements
  • Protect against risk to your safety or the safety of others where we consider it necessary

Please note: We do not add coaching clients to marketing email lists. If you were previously on our marketing list, you will be removed when you become a coaching client.

3. Special Category Data (Health Information)

The health and lifestyle information we collect is considered 'special category data' under UK GDPR, which receives additional protections.

Legal Basis for Processing Health Data:

We process your health information under the following legal bases:

  • Explicit Consent: When you sign up for our coaching services, you provide explicit consent for us to process your health information to deliver coaching services.
  • Necessary for Health or Social Care: Whilst we are not providing medical services, our coaching supports your health and wellbeing goals.

Enhanced Confidentiality Standards:

Although this is a coaching relationship and not a medical consultation, Dr Dan Maggs is a registered General Practitioner with the General Medical Council (GMC). In recognition of the sensitive health information you share, Dr Maggs voluntarily applies the same standards of confidentiality to this coaching relationship as he would to his medical practice, in accordance with GMC guidance on confidentiality.

This means:

  • Your health information is treated with the highest professional standards of confidence
  • Information is only shared where legally required or where there is a risk to your safety or the safety of others
  • The same ethical standards that apply to medical practice apply to your coaching relationship

Your Rights Regarding Health Data:

You have the right to withdraw your consent for us to process your health information at any time. However, please note that withdrawing consent may mean we cannot continue to provide coaching services to you.

4. AI and Automated Processing

We use artificial intelligence (AI) and automated tools to enhance the quality of our coaching services. We are transparent about how we use these tools:

Zoom AI Transcription:

  • With your explicit consent, we use Zoom's AI transcription features to create text summaries of our coaching sessions.
  • These transcripts help us track your progress, recall important details, and provide better continuity in your coaching.
  • Transcripts are stored in accordance with our data retention policy.
  • You can opt out of AI transcription at any time.

AI-Assisted Coaching Insights:

  • We may use AI assistance tools (such as large language models) to help analyse coaching challenges and develop better strategies to support you.
  • When using AI tools, we anonymise your information - we do not share identifiable personal data.
  • For example, we might ask "A client is struggling with X" rather than "John Smith is struggling with X".
  • AI tools help us provide better, more informed coaching but all final decisions and advice come from Dr Dan Maggs personally.

No Automated Decision Making:

  • We do not make automated decisions about you that would significantly affect you.
  • All coaching decisions and recommendations are made by Dr Dan Maggs with human oversight and judgement.

5. Third Party Service Providers

We use carefully selected third party service providers to help us deliver our coaching services. These providers only process your data on our behalf and in accordance with our instructions.

The third party services we use include:

Essential Service Providers:

  • Stripe: Payment processing. Stripe may transfer data internationally in accordance with their privacy policy.
  • Zoom: Video conferencing and AI transcription (with your consent). Zoom may store data on international servers.
  • Calendly: Appointment booking and scheduling.
  • WhatsApp Business: Secure messaging and communication.
  • Google (Gmail/Google Docs): Email communications and session notes storage. Google stores data on international servers.

Website and Platform:

  • Vercel: Website hosting and content delivery.
  • Supabase: User authentication and account management.

Health and Fitness Tracking (Optional):

  • Everfit: Fitness tracking and exercise programming (if you choose to use this).
  • Cronometer: Nutrition and food logging (if you choose to use this).
  • UnderstandMyself.com: Personality assessment tool.

Communications:

  • Kit.com (formerly ConvertKit): Email platform infrastructure. Please note: coaching clients are not added to marketing lists.

Each of these providers has their own privacy policies which govern how they handle your data. We recommend reviewing their privacy policies for more information about their data practices.

6. International Data Transfers

Some of our third party service providers are based outside of the United Kingdom or store data on servers located internationally. This means your personal data may be transferred to, and processed in, countries outside the UK.

We coach clients internationally in various countries outside the UK.

When we transfer your data internationally, we ensure appropriate safeguards are in place:

  • We only use providers who comply with UK GDPR standards or have adequate data protection arrangements
  • Providers such as Google and Zoom use Standard Contractual Clauses approved by the UK government
  • We ensure appropriate technical and organisational security measures are maintained

7. Data Security

We take the security of your personal information seriously and have implemented appropriate technical and organisational measures to protect your data:

Security Measures:

  • Two-factor authentication (2FA) on all accounts where possible
  • Google login with Titan security key for enhanced authentication
  • Encrypted devices for accessing client information
  • Secure password practices
  • Regular software updates and security patches
  • Access controls limiting who can view your information (in practice, only Dr Dan Maggs)

Your Responsibility:

  • Keep your login credentials confidential
  • Use a strong password for your account
  • Log out of your account after each session
  • Notify us immediately if you suspect unauthorised access to your account

Whilst we implement strong security measures, please be aware that no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but we work continuously to protect your information.

8. Data Retention

We retain your personal information for different periods depending on the type of data and our legal obligations:

During Active Coaching:

  • We retain all information necessary to provide coaching services.

After Coaching Ends:

  • We retain your information for 2 years after your coaching relationship ends.
  • This allows for continuity of care if you return for further coaching.
  • After 2 years of no contact, we delete your health and lifestyle information.

Financial Records:

  • Payment and financial records are retained for 7 years to comply with UK tax law and accounting requirements.

Session Transcripts and Notes:

  • Zoom transcripts and session notes are retained for the duration of the coaching relationship and up to 2 years afterwards, then deleted in accordance with the policy above.

Early Deletion:

  • You can request deletion of your data at any time by contacting us (see section 10 for your rights).
  • Upon request, we will delete your data unless we have a legal obligation to retain it (such as financial records).

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access: You have the right to request a copy of the personal information we hold about you.

Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information.

Right to Erasure ('Right to be Forgotten'): You have the right to request deletion of your personal information in certain circumstances. Please note we may need to retain some information to comply with legal obligations (such as financial records).

Right to Restrict Processing: You have the right to request that we restrict how we use your personal information in certain circumstances.

Right to Data Portability: You have the right to request that we transfer your personal information to another service provider in a structured, commonly used format.

Right to Object: You have the right to object to processing of your personal information in certain circumstances.

Right to Withdraw Consent: Where we rely on your consent to process your data (such as for AI transcription), you have the right to withdraw that consent at any time.

How to Exercise Your Rights:

To exercise any of these rights, please contact us at dan@drdanmaggs.com.

We will respond to your request within one month. In some cases, we may need to verify your identity before processing your request.

There is no charge for exercising your rights unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

10. Cookies and Website Tracking

We do not use cookies or tracking technologies on our website.

Our website does not use cookies for analytics, advertising or any other tracking purposes. We have deliberately chosen not to track your browsing behaviour.

We only use essential cookies required for the basic functioning of our website (such as keeping you logged in to your account). These essential cookies do not track you and are deleted when you close your browser or log out.

11. Data Breaches

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay
  • Take immediate steps to contain and remedy the breach
  • Investigate the cause and implement measures to prevent future breaches

If you become aware of any potential security breach or unauthorised access to your account, please contact us immediately at dan@drdanmaggs.com.

12. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete it.

13. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal or regulatory reasons.

When we make changes:

  • We will update the "Last Updated" date at the bottom of this policy
  • If changes are significant, we will notify you by email or through our platform
  • Your continued use of our services after changes take effect constitutes acceptance of the updated policy

We recommend reviewing this privacy policy periodically to stay informed about how we protect your information.

14. Contact Us and Complaints

If you have any questions about this privacy policy or how we handle your personal information, please contact us:

Email: dan@drdanmaggs.com

Post: Maggnetic Health Limited, 4 Old Budbrooke Road, Hampton Magna, Warwick, CV35 8RS, United Kingdom

Making a Complaint:

We hope to resolve any concerns you have about how we handle your personal information. However, you also have the right to lodge a complaint with the UK's data protection supervisory authority:

Information Commissioner's Office (ICO)

  • Website: https://ico.org.uk/
  • Telephone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Last Updated: 7 October 2025

Version: 1.0