This policy explains what personal data is collected when you use danmargetts.com, why it is collected, how it is protected, and what rights you have over it. It covers both the public-facing coaching website and the password-protected coaching tools used during sessions.
01
Who is responsible for your data
The data controller for this website is Dan Margetts, an executive coach operating under danmargetts.com. If you have any questions about how your personal data is used, or wish to exercise your rights, please get in touch.
Privacy enquiries
Email: admin@danmargetts.com
02
What data is collected and why
The data collected depends on how you use this site.
| Context | Data collected | Purpose | Legal basis |
|---|---|---|---|
| Coach login | Email address, name, session tokens stored in secure HttpOnly cookies | Authenticating access to the coaching tools | Legitimate interests |
| Coaching sessions | Constellation board data created during a session | Enabling the interactive coaching tool to function | Contract (delivery of coaching services) |
| Guest access | A time-limited access token (expires after 2 hours); contains no personal data | Enabling secure client access to a coaching session | Legitimate interests |
| Feedback form | First name, surname, email address, and message | Responding to feedback and improving services | Legitimate interests |
| Website analytics | Page views, referrers, and aggregate visitor data derived from server logs | Understanding how the site is used | Legitimate interests |
A note on coaching session data. Constellation board data — the figurines and relationships you place on the board during a session — exists only in your browser's memory while the session is active. Nothing from the board is transmitted to or stored on any server. When the session ends, or the browser tab is closed, all of that data is gone permanently. No session content is ever retained by this site.
03
Cookies
This site uses a small number of cookies, all of which are technical and security-related. No advertising, tracking, or profiling cookies are used.
| Cookie | Purpose | Expires |
|---|---|---|
| nl_session | Authenticates an active coach session. Marked HttpOnly — not accessible to JavaScript. | 8 hours |
| nl_refresh | Allows a session to be renewed without requiring a new login. Marked HttpOnly. | 30 days |
| __nfsec | Set by Netlify for platform security purposes. | Session |
These cookies are only set when a coach actively logs in to the tools area. General visitors to the public website receive no cookies from this site.
04
Third-party processors
This site relies on two external services, both of which process data on behalf of this practice under data processing agreements.
Netlify Inc. (USA) hosts this website and provides the authentication infrastructure, form submission processing, and server-side analytics. Data transfers to the US are covered by Standard Contractual Clauses. Netlify's privacy policy is available at netlify.com/privacy.
Google LLC (USA) serves the fonts used on this site via its Fonts CDN. Your IP address is processed as part of the font file request. No personal data is stored by Google for this purpose beyond standard server logs. Google's privacy policy is available at policies.google.com/privacy.
No data is shared with any other third party, sold, or used for advertising purposes.
05
How long data is kept
| Data | Retention period |
|---|---|
| Session cookies | 8 hours (nl_session) or 30 days (nl_refresh), then automatically deleted |
| Constellation session data | Not retained — exists in browser memory only, deleted when the session ends |
| Guest access tokens | Expire after 2 hours and cannot be reused |
| Feedback form submissions | Retained until reviewed and manually deleted |
| Server-side analytics | 30 days (Netlify Analytics) |
06
Your rights
Under UK GDPR and EU GDPR you have the following rights over your personal data. To exercise any of them, contact admin@danmargetts.com. Requests will be responded to within one month.
- Access — you can ask for a copy of the personal data held about you.
- Rectification — you can ask for inaccurate data to be corrected.
- Erasure — you can ask for your data to be deleted where there is no overriding legal reason to retain it.
- Restriction — you can ask for processing to be limited in certain circumstances.
- Portability — you can ask to receive your data in a structured, machine-readable format.
- Objection — you can object to processing based on legitimate interests.
07
Making a complaint
If you have a concern about how your personal data has been handled, please contact admin@danmargetts.com in the first instance. If you remain unsatisfied, you have the right to complain to a supervisory authority.
UK residents: Information Commissioner's Office (ICO) — ico.org.uk
EU residents: Autoriteit Persoonsgegevens (Dutch Data Protection Authority) — autoriteitpersoonsgegevens.nl
08
Changes to this policy
This policy will be updated when there are material changes to how data is collected or used. The date at the top of this page reflects when it was last revised. Continued use of the site after a revision constitutes acceptance of the updated terms.