PRIVACY POLICY

1. Who we are

This website is operated by Tom O’Brien, acting coach and director, trading as a limited company based in the United Kingdom.

Website: https://tom-obrien.com
Contact: Use the contact form at tom-obrien.com/contact/

Tom O’Brien Ltd is the data controller for all personal data collected through this website. For the purposes of UK GDPR and the Data Protection Act 2018, he is responsible for how your data is collected, used, and stored.

2. What data we collect and why

Contact form

When you submit the contact or booking enquiry form, we collect your name and email address, and any other information you choose to include in your message. This is used to respond to your enquiry and, if relevant, arrange a consultation. The legal basis is legitimate interests.

Course purchases (WooCommerce)

When you purchase a digital course, WooCommerce collects your name, email address, and billing details. Payment is processed by Stripe or PayPal — we do not store or handle your card details directly. The legal basis is performance of a contract.

Email newsletter (Kit)

If you sign up for the free checklist or public speaking guide, your name and email address are stored in Kit (formerly ConvertKit), our email marketing platform. You will receive the requested resource and may receive follow-up emails related to Tom’s coaching and courses. You can unsubscribe at any time using the link in any email. The legal basis is consent.

Analytics (Fathom)

This website uses Fathom Analytics, a privacy-first analytics tool. Fathom does not use cookies, does not track users across sites, and does not collect personally identifiable information. It records aggregate data — page views, referral sources, and similar — to help us understand how the site is used. No consent is required for Fathom Analytics.

Cookies

This website uses a small number of functional cookies necessary for WooCommerce to operate (e.g. to maintain your basket and login session). No advertising or tracking cookies are used. A cookie notice is displayed when you first visit the site.

3. Third-party services

We use the following third-party services to operate this website. Each has its own privacy policy.

• Krystal.io — UK-based web hosting (krystal.io/legal/privacy-policy)
• Stripe — payment processing (stripe.com/en-gb/privacy)
• PayPal — payment processing (paypal.com/uk/webapps/mpp/ua/privacy-full)
• Kit (ConvertKit) — email marketing (kit.com/privacy)
• Fathom Analytics — website analytics (usefathom.com/privacy)
• WordPress / WooCommerce — website platform and e-commerce (automattic.com/privacy)

We do not sell, rent, or share your personal data with any other third parties, except where required by law.

4. International data transfers

Some of our third-party service providers (including Kit and Stripe) may process data outside the UK or EEA. Where this is the case, appropriate safeguards are in place, such as Standard Contractual Clauses, in accordance with UK GDPR requirements.

5. How long we keep your data

• Contact form enquiries — retained for up to 2 years, or until no longer needed
• Purchase records — retained for 7 years in line with HMRC requirements
• Email subscribers — retained until you unsubscribe or request removal
• Analytics data — aggregate only; no individual retention

6. Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data (“right to be forgotten”)
• Restrict or object to processing
• Data portability (where applicable)
• Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please get in touch using the contact form at tom-obrien.com/contact/. We will respond within one month.

If you are unhappy with how your data is handled, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

7. Security

This website is hosted on Krystal.io, a UK-based provider, and is served over HTTPS. We take reasonable steps to protect your data, but no method of transmission over the internet is completely secure.

8. Children

This website is not directed at children under the age of 13. We do not knowingly collect personal data from children.

9. Changes to this policy

We may update this policy from time to time. The date at the top of this page shows when it was last revised. Continued use of the site after changes are posted constitutes acceptance of the updated policy.

10. Contact

For any questions about this privacy policy or how your data is handled, please use the contact form at tom-obrien.com/contact/.