© Olivia Genevieve Limited. All rights reserved. This Privacy Policy is the intellectual property of Olivia Genevieve Limited and is protected by copyright. Copying, reproducing, or adapting this document, in whole or in part, without prior written consent is strictly prohibited.
Effective Date: 30 March 2026
Last Reviewed: 30 March 2026
Olivia Genevieve Limited (referred to in this policy as “we,” “us,” or “our”) is a marketing consultancy and coaching business registered in England and Wales (Company Number: 15764444).
We are the data controller in respect of the personal data we collect and process in connection with our website, services, and communications. This means we are responsible for deciding how and why your personal data is used.
Our registered address is:
Olivia Genevieve Limited
124 City Road
London
EC1V 2NX
United Kingdom
Our contact email address for data protection matters is: hello@oliviagenevieve.co.uk
Our ICO Registration Number is: ZB796418
This Privacy Policy explains:
• What personal data we collect about you, and how we collect it;
• Why we use your personal data, and the lawful basis on which we do so;
• How long we retain your personal data;
• Who we share your personal data with, and why;
• How we protect your personal data;
• Your rights in relation to your personal data, and how to exercise them; and
• How to contact us or raise a complaint.
This policy applies when you visit our website, enquire about or purchase our services, communicate with us by any means, or otherwise interact with us. It does not apply to third-party websites or services that may be linked from our website.
We are committed to handling your personal data lawfully, fairly, and transparently, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and all other applicable UK data protection legislation.
Our services are intended solely for individuals aged 18 years or over. We do not knowingly collect or process personal data relating to anyone under the age of 18. If we become aware that we have inadvertently collected personal data from a person under 18, we will take steps to delete it without undue delay.
If you believe we may have collected personal data from or about a child, please contact us at the address set out in Section 15.
We collect and process the following categories of personal data:
• Identity and contact information: Your name, email address, telephone number, and social media handles or usernames.
• Business information: Your business name, trading name, business website or social media profiles, the nature of your business, your niche or target audience, the services or offers you provide, and your business goals.
• Financial information: Where relevant, bank account details for the purpose of arranging or confirming payment. We do not store card payment details directly — these are handled by our payment providers (see Section 10).
• Programme and session content: Information you share with us during coaching or consultancy sessions delivered via Telegram, Voxer, or any other agreed communication platform, including messages, voice notes, documents, images, and marketing materials you submit for review.
• Correspondence: Emails, messages, and other communications you send us, including pre-contract enquiries, form submissions, and survey responses.
• Verification information: Where required under our client agreement, business identification details such as your company registration number, VAT number, or business address, provided for the purpose of verifying your business-to-business (B2B) status.
When you visit our website, we may automatically collect the following technical and usage data:
• Device and technical data: IP address, browser type and version, operating system, device type, and screen resolution.
• Usage data: Pages visited, time and duration of visits, links clicked, referring website or search term, and similar interaction data.
• Cookie and tracking data: Data collected through cookies and similar technologies placed on your device (see Section 7 for full details).
We may also receive personal data about you from:
• Social media platforms: Where you interact with our business pages on Facebook, Instagram, or other platforms, or where we use platform tools to run paid advertising campaigns. Data received is governed by the respective platform’s privacy policy.
• Analytics and advertising providers: Such as Google Analytics and the Meta Pixel, which provide aggregated or pseudonymous data about how users interact with our website and respond to our advertising.
• Payment processors: Confirmation of payment status and, where applicable, payer reference information.
• Publicly available sources: Publicly accessible business directories, LinkedIn profiles, or social media profiles, where relevant to the services we provide.
Under UK GDPR, we are required to have a lawful basis for every purpose for which we process personal data. The lawful bases we rely on are:
• Contract performance (Article 6(1)(b) UK GDPR): Processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
• Legal obligation (Article 6(1)(c) UK GDPR): Processing is necessary for us to comply with a legal obligation.
• Legitimate interests (Article 6(1)(f) UK GDPR): Processing is necessary for our legitimate business interests, where those interests are not overridden by your rights and interests. Where we rely on legitimate interests, we have assessed that our interests are proportionate and do not cause undue harm.
• Consent (Article 6(1)(a) UK GDPR): You have given clear, freely given, specific, and informed consent to the processing of your personal data for a specific purpose. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
The following sets out the purposes for which we process your personal data and the lawful basis we rely on for each:
Purpose: To assess your suitability for our services and respond to your enquiry
Data used: Identity, contact, and business information
Lawful basis: Pre-contractual steps (contract performance)
Purpose: To enter into and perform a client agreement with you
Data used: Identity, contact, business, and financial information
Lawful basis: Contract performance
Purpose: To deliver our coaching and consultancy programme, including reviewing materials you submit and providing feedback
Data used: Programme and session content; identity and contact information
Lawful basis: Contract performance
Purpose: To process payment and manage invoicing
Data used: Financial information; identity and contact information
Lawful basis: Contract performance; legal obligation (financial record-keeping)
Purpose: To verify your business-to-business (B2B) status where required under our client agreement
Data used: Business and verification information
Lawful basis: Contract performance
Purpose: To communicate with you during and after your programme, including administrative and operational messages
Data used: Identity, contact information, and correspondence
Lawful basis: Contract performance; legitimate interests
Purpose: To manage our business records, including accounting and tax compliance
Data used: Financial and identity information
Lawful basis: Legal obligation
Purpose: To comply with any legal or regulatory obligation
Data used: As required by law
Lawful basis: Legal obligation
Purpose: To send you direct marketing communications about our services, where you are an existing client or have opted in
Data used: Identity and contact information
Lawful basis: Legitimate interests (existing clients, similar services, with opt-out); Consent (where required by PECR)
Purpose: To improve our website and services using analytics data
Data used: Usage data, cookie and tracking data
Lawful basis: Legitimate interests (website analytics with appropriate safeguards, including anonymisation or pseudonymisation where possible); Consent (for non-essential analytics cookies — see Section 7)
Purpose: To run paid advertising campaigns on platforms such as Facebook and Instagram
Data used: Cookie and tracking data (via Meta Pixel); platform audience data
Lawful basis: Consent (for tracking cookies); legitimate interests (for platform audience targeting using anonymised or hashed data)
Purpose: To protect our business from fraud, misuse, or legal claims
Data used: Identity, contract, and communication records
Lawful basis: Legitimate interests; legal obligation
Purpose: To enforce our rights under a client agreement, including recovery of unpaid fees
Data used: Identity, financial, and communication data
Lawful basis: Legitimate interests; legal obligation
We do not use your personal data for any purpose that is incompatible with the purpose for which it was originally collected, without first informing you and, where required, obtaining your consent.
Special Category Data
In connection with our application process, we collect certain information that constitutes special category personal data under UK GDPR Article 9(1), specifically information relating to your religious beliefs, denomination, and spiritual experience.
We collect this data solely to assess whether our programme — which is designed specifically for Christian, Spirit-led coaches — is the right fit for you. The lawful condition we rely on for processing this data is your explicit consent under UK GDPR Article 9(2)(a). You are under no obligation to provide this information.
By choosing to provide it, you give your explicit consent for it to be processed for this purpose only. You may withdraw your consent at any time by contacting us at hello@oliviagenevieve.co.uk, without affecting the lawfulness of any processing carried out before withdrawal.
We may send you marketing emails about our services in the following circumstances:
• Where you have given your explicit consent to receive marketing communications from us; or
• Where you are an existing client and we are marketing our own similar services to you, in accordance with the “soft opt-in” provisions of PECR Regulation 22.
We will always provide a clear and straightforward way to opt out of receiving marketing emails. Every marketing email we send will include an unsubscribe link that you can use to opt out at any time.
If you opt out of marketing communications, we will honour your request promptly and you will not receive further marketing emails from us. Opting out of marketing does not affect the processing of personal data for other purposes, such as delivering services you have purchased.
You may opt out of marketing communications at any time by:
• Clicking the “unsubscribe” link in any marketing email you receive from us; or
• Contacting us directly at the email address set out in Section 15.
Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites function effectively, to improve user experience, and to provide information to website owners and third parties.
We use the following categories of cookies on our website:
Strictly Necessary Cookies
These cookies are essential for the website to function and cannot be switched off. They do not require your consent. They include cookies that enable you to navigate the website, use secure areas, and access core functionality.
Analytics and Performance Cookies
These cookies collect information about how visitors use our website, such as which pages are visited most often and whether visitors receive error messages. The information collected is used in aggregated or pseudonymous form and is used to improve how our website works. We use tools including Google Analytics for this purpose. These cookies require your consent.
Marketing and Targeting Cookies
These cookies are set by us and by third-party advertising platforms, including Meta (Facebook and Instagram), to help us deliver relevant advertising, measure the effectiveness of our campaigns, and understand how users interact with our adverts. They may track your browsing activity across other websites. These cookies require your consent. The Meta Pixel and similar tools operate in accordance with Meta’s own privacy policy.
Functionality Cookies
These cookies enable the website to remember choices you make, such as your preferred language or region, and provide enhanced, more personal features. These cookies may require your consent depending on their nature and purpose.
When you first visit our website, you will be presented with a cookie consent banner that allows you to choose which categories of cookies you wish to accept. You may accept all, reject all except strictly necessary cookies, or manage your preferences by category.
You may also manage cookies at any time through your browser settings. Most browsers allow you to:
• View cookies stored on your device and delete them;
• Block cookies from specific websites; and
• Block all third-party cookies.
Please note that restricting or deleting cookies may affect the functionality of our website and your experience of using it.
For more information about managing cookies, including browser-specific instructions, you can visit www.allaboutcookies.org or www.ico.org.uk/for-the-public/online/cookies/
We do not sell your personal data to any third party.
We may share your personal data with third parties only in the following circumstances and only to the extent necessary:
We work with carefully selected third-party service providers who assist us in operating our business and delivering our services. These providers act as data processors and process your personal data only on our instructions and only for the purposes we specify. They are bound by appropriate contractual data protection obligations. They include:
• Email marketing platforms: Used to manage our subscriber lists, send email communications, and track engagement (for example, platforms such as Systeme.io, e.g. ActiveCampaign, Mailchimp, ConvertKit]).
• Payment processors and banking services: Used to process or confirm payments. We do not store card payment details. Any payment information is handled directly by our payment provider or processed via secure bank transfer.
• Website hosting and technology providers: Including our website hosting platform and any software tools used in connection with our website.
• Analytics providers: Including Google Analytics, which processes website usage data on our behalf to help us understand how our website is used.
• Advertising platforms: Including Meta (Facebook and Instagram), through which we may run paid advertising campaigns. These platforms operate as independent data controllers in respect of the data they collect through their own platforms and pixels, subject to their own privacy policies.
• Cloud storage and communication tools: Including any secure cloud storage, document management, or communication platforms used in our business operations.
• Customer relationship management (CRM) tools: Where used to manage client records and interactions.
We may share personal data with our professional advisers, including solicitors, accountants, and insurance advisers, where necessary in connection with the services they provide to us. These advisers are bound by professional duties of confidentiality.
We may disclose personal data to law enforcement agencies, regulatory bodies, courts, or other authorities where we are required or permitted to do so by law, or where disclosure is necessary to establish, exercise, or defend legal rights.
In the event that we sell, transfer, or reorganise all or part of our business, personal data held by us may be transferred to the purchaser or successor entity. We will notify you of any such transfer where required by law.
In all cases, we take reasonable steps to ensure that third parties who receive your personal data handle it in accordance with UK data protection law.
Some of the third-party service providers we use operate, or store data, outside the United Kingdom. This means that personal data we share with them may be transferred to, and processed in, countries outside the UK.
Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place to protect it, in accordance with the requirements of UK GDPR. The safeguards we rely on include:
• UK Adequacy Regulations: Where the UK Government has determined that the destination country provides an adequate level of protection for personal data (for example, countries covered by the UK’s adequacy decisions following the EU-UK Trade and Cooperation Agreement or subsequent UK adequacy regulations).
• UK International Data Transfer Agreements (IDTAs) or UK Addenda to Standard Contractual Clauses: Where we have put in place contracts with our service providers incorporating the standard data protection clauses approved or recognised by the UK Government under UK GDPR.
• Other recognised safeguards: Including binding corporate rules, approved certification mechanisms, or other safeguards recognised under UK GDPR where applicable.
You may request further information about the safeguards we use in connection with specific international data transfers by contacting us at the address set out in Section 15.
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against accidental loss, destruction, alteration, unauthorised disclosure, or unauthorised access. The measures we maintain include:
• Use of secure, encrypted connections (HTTPS) for our website and communications where applicable;
• Use of password-protected systems with access controls limiting access to personal data to those who have a genuine business need;
• Regular review and updating of our security practices and procedures;
• Use of reputable, security-conscious third-party service providers; and
• Storing personal data only for as long as necessary and securely deleting or anonymising it when it is no longer needed (see Section 11).
While we take all reasonable steps to protect your personal data, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of data transmitted to or from our website.
If we become aware of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach where required to do so by law. Where a breach is likely to result in a high risk to individuals, we will also notify those individuals without undue delay.
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.
The following principles guide our retention decisions:
Client contract and programme records (including communications during delivery of our services)
6 years from the end of the relevant programme or business relationship. This reflects the limitation period under the Limitation Act 1980 for contractual claims and is necessary for the establishment, exercise, or defence of legal claims.
Financial and invoicing records (including payment information)
6 years from the end of the relevant financial year, in accordance with our obligations under the Companies Act 2006 and HMRC record-keeping requirements.
Business verification records (B2B status documentation)
6 years from the end of the relevant programme or business relationship.
Pre-contract enquiry and correspondence records
Up to 2 years from the date of the most recent communication, unless the enquiry converts to a client relationship (in which case the client record retention period applies).
Marketing email list records (including consent records)
For as long as you remain subscribed, plus a reasonable period (up to 2 years) following unsubscription, to maintain a record of the opt-out and to prevent re-adding you to our list without fresh consent.
Website analytics and usage data
In accordance with the applicable
analytics provider’s data retention settings, which we will review periodically. Where we configure retention, we apply a retention period of no more than 26 months.
Cookie consent records
Up to 12 months from the date of consent, after which fresh consent will be sought.
At the end of the applicable retention period, personal data will be securely deleted or anonymised so that it can no longer be associated with you.
We may retain personal data beyond the periods set out above where it is necessary for the establishment, exercise, or defence of legal claims, or where we are required to do so by law.
Under the UK GDPR, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to exemptions in certain circumstances, but we will respond to any request in accordance with our legal obligations.
You have the right to request a copy of the personal data we hold about you, along with information about how we use it. We will respond to a valid request within one calendar month of receipt, though we may extend this period by a further two months where requests are complex or numerous, in which case we will notify you of the extension.
If the personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct or complete it.
You have the right to ask us to delete your personal data where:
• It is no longer necessary for the purposes for which it was collected;
• You withdraw your consent and there is no other lawful basis for the processing;
• You object to the processing and there are no overriding legitimate grounds;
• The data has been processed unlawfully; or
• Erasure is required to comply with a legal obligation.
This right is not absolute. We may be entitled to refuse a request for erasure where we are required to retain the data by law or where it is necessary for the establishment, exercise, or defence of legal claims.
You have the right to ask us to restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or where you have objected to our processing (whilst we consider your objection).
You have the right to object to our processing of your personal data where we rely on legitimate interests as our lawful basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is necessary for the establishment, exercise, or defence of legal claims.
You have an absolute right to object to your personal data being processed for direct marketing purposes. If you object to direct marketing, we will stop processing your data for that purpose immediately.
Where we process your personal data on the basis of your consent or for the performance of a contract, and that processing is carried out by automated means, you have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to request that we transmit it to another controller where technically feasible.
Where we rely on your consent as the lawful basis for processing your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of any processing carried out before you withdrew consent.
We do not make decisions about you that are based solely on automated processing and that produce legal or similarly significant effects. If this changes, we will inform you and provide the information required by UK GDPR.
To exercise any of the rights set out above, please contact us using the details in Section 15. We may need to verify your identity before processing your request. We will not charge a fee for a valid request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline to respond.
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make changes, we will update the “Last Reviewed” date at the top of this policy and publish the revised version on our website.
Where changes are material, we will take reasonable steps to bring them to your attention, which may include posting a notice on our website or sending an email to clients or subscribers where we hold your contact details.
We encourage you to review this policy periodically to stay informed about how we handle your personal data.
If you have any questions about this Privacy Policy, wish to exercise any of your data protection rights, or have a concern about the way in which we handle your personal data, please contact us:
Olivia Genevieve Limited
Email: hello@oliviagenevieve.co.uk
Address: 124 City Road, London. EC1V 2NX, United Kingdom
We aim to acknowledge all data protection enquiries within five business days and to provide a full response within one calendar month of receipt.
If you are not satisfied with our response to your enquiry or concern, or if you believe that we are processing your personal data in a way that does not comply with the law, you have the right to make a complaint to the Information Commissioner’s Office (ICO), which is the UK’s independent supervisory authority for data protection.
Information Commissioner’s Office
Website: www.ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
You may make a complaint to the ICO at any time. We would, however, appreciate the opportunity to address your concerns before you contact the ICO and invite you to contact us in the first instance.
This Privacy Policy was last reviewed on 30 March 2026 and is effective from that date.
© Olivia Genevieve Limited. All rights reserved.
© 2025–2026 OLIVIA GENEVIEVE LIMITED. ALL RIGHTS RESERVED.
OLIVIA GENEVIEVE LIMITED | REGISTERED OFFICE: 124 CITY ROAD, LONDON, EC1V 2NX, UNITED KINGDOM
PRIVATE LIMITED COMPANY REGISTERED IN ENGLAND AND WALES. COMPANY NUMBER: 15764444.
TERMS OF USE | TERMS AND CONDITIONS | PRIVACY POLICY | CONTACT