Privacy Policy

Who We Are

The Dandelion Effect is a coaching and membership business operated by Pippa Wilson. We're committed to protecting your privacy and ensuring transparency about how we use your personal data. This policy explains what information we collect, why we collect it, and your rights under UK data protection law (GDPR and Data Protection Act 2018).

What Data We Collect

We collect personal data that you provide to us directly or that we collect when you use our website and services:

• Identity information: Your name, email address, and phone number
• Payment information: Billing address and payment details (processed securely by Stripe — we never see your full credit card details)
• Membership data: Details from membership applications and profile updates
• Communication data: Messages you send through contact forms, email, or our community platform
• Technical data: Browser type, IP address, pages visited, time spent on pages (via analytics)

Why We Collect Your Data

We collect and use your data for the following legitimate purposes:

• Service delivery: To process your membership, deliver coaching content, and provide access to our community
• Payments: To process transactions and manage billing through Stripe
• Email marketing: To send you newsletters, program updates, and marketing communications (only with your consent via Mailerlite)
• Community engagement: To facilitate communication within our WhatsApp community and other member spaces
• Website improvement: To understand how you use our site and improve our services
• Legal compliance: To meet our legal and tax obligations

Your Legal Basis for Processing

We process your data on the following legal bases:

• Contract: Data needed to provide membership and coaching services
• Consent: Marketing emails and non-essential communications (you can withdraw consent anytime)
• Legal obligation: Tax, accounting, and compliance requirements
• Legitimate interest: Website analytics to improve user experience

Third-Party Data Processors

We share your data with the following trusted third-party providers who help us deliver our services:

• Stripe: Payment processing. Stripe is PCI DSS Level 1 certified and handles all credit card transactions securely.
• Mailerlite: Email marketing platform. We share your name and email to send newsletters and updates. Mailerlite is GDPR compliant.
• WhatsApp: Community platform. Members join our WhatsApp group to connect with each other. WhatsApp is owned by Meta and is GDPR compliant.
• Google Analytics: Website analytics. We use this to understand user behaviour and improve the site.

All third parties are contractually bound to handle your data securely and only use it for the purposes we specify.

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: You can request a copy of all personal data we hold about you
• Right to rectification: You can ask us to correct inaccurate or incomplete data
• Right to erasure: You can request deletion of your data (subject to legal obligations)
• Right to restrict processing: You can ask us to limit how we use your data
• Right to data portability: You can request your data in a machine-readable format
• Right to object: You can object to marketing communications, which you can do immediately through our unsubscribe links
• Right to lodge a complaint: You can complain to the Information Commissioner's Office (ICO) if you believe we've violated your rights

To exercise any of these rights, contact us at hello@thedandelioneffect.com with your request.

Data Retention

We keep your personal data only for as long as necessary:

• Membership data is retained for the duration of your membership, plus 7 years for tax and legal purposes
• Email marketing data is retained until you unsubscribe
• Technical/analytics data is anonymised after 24 months
• If you request deletion, we'll remove your data within 30 days (unless legal obligations require us to keep it)

Security

We take data security seriously. Your personal data is protected using industry-standard security measures including:

• Encrypted data transmission (SSL/TLS certificates)
• Secure password authentication
• Limited access — only authorised team members can access your data
• Regular security audits and updates

However, no system is 100% secure. If you believe your data has been compromised, please contact us immediately.

Cookies

Our website uses cookies to enhance your experience. For full details about cookies we use, how to manage them, and your opt-out options, please see our Cookie Policy.

International Data Transfers

Some of our third-party providers (like Stripe and Google) may process data outside the UK/EU. Where this happens, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your data in line with UK GDPR.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We'll notify you of significant changes by email or by posting a prominent notice on our website.

Contact Us

If you have questions about this privacy policy or how we handle your data, please contact us:

• Email: hello@thedandelioneffect.com
• Postal address: The Dandelion Effect, [Your Address]

If you're not satisfied with our response, you can lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.