Privacy Policy for Penny Mayhew Training Consultancy and Coaching

Please find below the Privacy Policy for Penny Mayhew –  I take the protection of data very seriously and only obtain the personal information I absolutely need, and keep it for no longer than necessary.

image of lock and key for privacy policy for penny mayhew

Who I am

Penny Mayhew is a Training Consultant, Coach and qualified Hypnotherapist based in Milton Keynes, Bucks.

Her website address is:

She can be contacted by email: and by phone: 01908 915567

What personal data is collected, and the reasons why…

Contact forms

If you complete details using the website Contact Form, information will be collected in order to respond to your query.  The data is then deleted in line with the Retention Policy outlined below. No information submitted through the contact form will be used for marketing purposes.  The Legal Basis for collecting data through the contact form is ‘Consent’.


This website does not use cookies.  Should cookies be added, the Privacy and Cookie policies will be updated immediately.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behave in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Who your data is shared with

Outside of this website, Personal Information may be collected.  If you are a supplier of services to Penny Mayhew, or are a customer that she works with, financial transaction information will be shared to the relevant professional accounting services.

How long your data is retained for

If you use the contact form to send a message, that data will be retained until 6 months from responding to you. Keeping the information assists with further communication and provision of service should they be required.

If you have provided your information in order for Penny Mayhew to fulfil a service to you (e.g. customer, supplier etc) the financial accounting information (i.e. invoice, receipts etc) will be retained for 7 years after the last transaction/service supplied. This is to ensure compliance with any matter relating to a financial relationship.

What rights you have over your data

If you have provided Penny Mayhew with your personal information,  you can request to receive a copy of the personal data held about you. This is known as a Subject Access Request (SAR). You can also request that any personal data held about you can be deleted (a Right to Erasure). This does not include any data that has to be kept for administrative, legal, or security purposes.

Data being sent elsewhere

Penny Mayhew does not send your data outside of the EU. Should she need to do so in the future, she will first obtain your authority and will only send it outside of the EU for processing if you agree to doing so.

Who to contact about your Personal Information

Should you have any queries relating to the processing of your personal information, or would like to obtain a copy of any data held about you, please contact: Penny Mayhew : T 01908 915567  e:

How your data is protected

Penny Mayhew takes the protection of your data very seriously. The following security measures are in place:

Penny Mayhew regularly reviews all Information Security and, where  necessary, make improvements; Password access  to this website and other computer records is maintained; Personal Data is not sent in the body of an email but, should it be absolutely necessary, is encrypted; she understands the confidentiality, integrity and availability of the personal data processed; She is trained to ensure compliance with Data Protection regulation (i.e. Data Protection Act 2018, incl GDPR, Computer Misuse Act); Risk assessments have been undetaken to establish areas where a potential breach, or risk, could occur and the necessary action has been taken.

What data breach procedures are in place

All computers and computer records are monitored continuously in order to check for risks to personal data, loss of data, loss of service etc. If a breach, or potential breach, is found, necessary action is taken. This may include reporting to the ICO as per GDPR requirements.

A data breach, or potential data breach, is logged accordingly and investigated in order to a) protect data b) inform the necessary authorities c) if necessary, inform the data subject(s) involved d) to ensure measures are put in place to prevent the incident from arising again.

What third parties Penny Mayhew receives data from

Penny Mayhew does not receive data from any third parties, unless a client has been referred by their employer in relation to a request for services.

What automated decision making and/or profiling occurs

There is no automated decision making and/or profiling by Penny Mayhew

For further information about your rights as a Data Subject, and any other questions regarding your Personal Information, please visit the ICO website.