Privacy Policy

Last updated: 16th May, 2026

This privacy policy explains how I look after your personal data when you visit my website (regardless of where you visit it from), outlines your privacy rights, and explains how the law protects you.

It contains important information about who I am, how and why I collect, store, use, disclose, and safeguard your personal and other information, your rights in relation to your personal information, and how to contact me and relevant supervisory authorities if you have a complaint.

This policy sets out my commitment to protecting the privacy of personal information and other information provided to me, or collected by me, when interacting with you.

Who Sallt Sisters is

I am Laura Corrales, trading as Sallt Sisters (“I”, “me”, “my”) and this privacy policy relates to your use of my website www.salltsisters.com (the “site”), and my services.

I handle personal information in compliance with applicable data protection laws. I comply with the Privacy Act 2020 (New Zealand), and where I offer services to individuals in the United Kingdom or European Economic Area, I also comply with the UK GDPR and EU GDPR, as applicable.

Where GDPR applies, I rely on the lawful bases listed below. Where it does not, personal information is handled in accordance with the Privacy Act 2020 (New Zealand).

When you visit this site, you are agreeing to this privacy policy, the collection of information identified in this policy, and your rights to opt out. By providing me with your data, you also authorise to me that you are over 13 years old.

Any questions regarding my processing of personal data should be directed to:

  • Email: info@salltsisters.com
  • Address: Unit 142779, PO Box 7169, Poole BH15 9EL

How Sallt Sisters handles your data

This policy explains how I handle personal data when I am responsible for it, either as the controller, or with others. This includes collecting, using, transferring, storing, and deleting information that can identify a person, along with any related details. It applies to any data I collect, whether actively (like through forms), or passively (like through website activity), from people anywhere in the world.

I follow these rules when handling your personal data:

  • I only collect data for clear, specific purposes and process it under lawful bases, including:
    • Your consent (e.g., marketing emails).
    • Contractual necessity (e.g., fulfilling orders).
    • Legitimate interests (e.g., preventing fraud, improving my website, or sending service-related emails)
    • Legal obligations (e.g., tax records).
  • I limit data collection to what’s necessary to provide my services.
  • I use your information only for valid business reasons, like delivering my products, or services.
  • I won’t use your data for anything else without your consent, or as explained in this policy.
  • I keep your data accurate and update it when needed; you can request changes at any time.
  • I prioritise data security by applying strong technical protections.
  • I store your data only as long as necessary for its purpose or as legally required.

What information Sallt Sisters collects

I only collect and process information which is necessary to deliver my products and services. The information I may collect about you could include, but is not limited to:

  • Identity data, like your name, pronouns, gender, age, address and email;
  • Financial data, like bank account, payment card details and other payment information, processed via my third party payment processor, who stores such information, such as Thrivecart or Stripe;
  • Purchase history and transactional data for products or services purchased via my site;
  • Marketing and communications data including your preferences in receiving marketing from me and my third parties and your communication preferences.
  • Details of any information or feedback you give me by email, post, or via social media
  • Profile data from posting comments to my site, such as name, email and profile picture;
  • Technical and usage data collected when you access my website or platforms:
    • Internet protocol (IP) address (anonymised where possible)
    • Login and browser session data
    • Geo-location data (approximate, city-level only)
    • Device and network information (e.g., OS, browser type)
    • Acquisition sources (e.g., search engines, social media)
    • Browsing behaviour and page interactions  
    • Cookie identifiers (see cookie policy)
    • Analytics data (using IP-anonymised Google Analytics 4 (GA4))

*Note: Google Analytics anonymises IPs by default in the EU/UK. Full technical details are available [here]

Please do not volunteer any personal data or special category data which I do not ask for.

If you voluntarily share sensitive special category data (e.g., mental health history, trauma details) during coaching sessions or communications, I process it only with your explicit consent, or as necessary to deliver my services. Such data is stored securely and retained only as long as needed (see ‘Data Retention’).

How Sallt Sisters collects your information 

Most personal information is provided directly and voluntarily by you when you engage with me, or my site in order to enquire about, or purchase, my services or products. I will collect information from you when:

  • You sign up to my mailing list;
  • You download an opt-in;
  • You purchase my services, or a product through my website;
  • You interact with me as a client;
  • You join an online event, course, or programme I am running;
  • You contact me for information, to schedule a discovery call or session via my website, or social media channels, by email or direct message;
  • You post a comment on my blog, website or social media channels;
  • You work with me in a commercial capacity.
  • Your information is made publicly available, like social media.

How Sallt Sisters uses your information

I may use your information for the following purposes, under the legal bases noted:

1. Providing products and services (legal basis: contractual necessity)

  • Processing transactions and orders you purchase, including invoicing and billing.
  • Formalise a contract between us
  • Informing you about updates or changes to my services or products.
  • Delivering content and managing user subscriptions.
  • Contacting you about services or products, including responding to inquiries.
  • Ensuring my website functions properly on your device.

2. Improving your experience (legal basis: legitimate interest)

  • Monitoring and analysing trends, usage, and activities.
  • Tracking analytics to improve my business, website, and social media
  • Collecting feedback on the quality of my services.
  • I do not use automated decision-making or profiling, in ways that produce legal/significant effects. Analytics tools (e.g., Google Analytics) are used only for aggregated trend analysis, not individual tracking. 

3. Marketing and Advertising (legal basis: consent)

  • Sending weekly emails, updates, or offers (only with your opt-in consent).
  • Advertising promotions and additional benefits (you may opt out anytime)

4. Compliance and Legal Obligations (legal basis: legal obligation)

  • Complying with applicable laws (e.g., tax, data protection regulations). 

5. Testimonials (with consent)

  • With your written consent, testimonials may include your first name and last initial (e.g., “Jane D.”). You may revoke consent anytime.

Sharing your information

I only share personal data when necessary to deliver services or comply with legal obligations. All third parties are required to handle personal data in accordance with applicable laws.

Categories of Recipients

1. Payment Processors:

Purpose: Secure payment processing.

2. Email Marketing:

Purpose: Managing newsletters (only with your explicit consent).

3. Analytics Providers:

Purpose: Website performance tracking with IP anonymisation enabled.

4. Advertising Partners:

Purpose: Advertising to build awareness, drive consideration or get conversions.

5. Service Providers for Coaching & Scheduling:  

Purpose: Scheduling sessions and sending reminders 

Purpose: Conducting virtual coaching sessions (end-to-end encrypted for confidentiality).

International data transfers

Where GDPR applies, international transfers are protected using approved transfer mechanisms such as Standard Contractual Clauses or adequacy decisions. Where GDPR does not apply, overseas disclosures are made in accordance with Information Privacy Principle 12 of the Privacy Act 2020.

Your data will never be sold to third parties. Third parties are prohibited from using your data for AI training or profiling, or any secondary purposes beyond providing services to me and acting on my instructions. Audio/video recordings (if applicable) are stored securely and never shared without your explicit consent.

Where personal data is disclosed overseas (for example, through service providers such as Stripe, MailerLite, or Google Meet), I take reasonable steps to ensure that appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

I may disclose your data only if required or permitted by law, including in response to lawful requests or where disclosure is necessary to protect vital interests (e.g., safety emergencies).

A list of third‑party service providers (sub‑processors) and information about applicable safeguards is available on request by contacting info@salltsisters.com.

Data retention

I will keep your data secure, and retain it only as long as is necessary to complete the services and meet any legal or regulatory obligations. This will vary depending on the nature of the requirements and the processing:

Data TypeRetention PeriodReason for Retention
Orders & payments7 years from transactionNZ Tax and accounting
compliance
Coaching client records7 years after last sessionInsurance/tax obligations
Marketing dataUntil unsubscribe or 2 years inactiveConsent-based processing
Website analytics26 months (Google Analytics)Aggregated trend analysis
Legal dispute recordsUntil case resolution + appeal periods (if any)Potential litigation requirements

*Note:

  • Periods may extend if required by law (e.g., ongoing investigations).
  • Data is securely deleted/anonymised after retention periods expire.

Use of Artificial Intelligence (AI)

I may use artificial intelligence (AI) tools to support certain internal business functions, such as drafting, organising, summarising, or refining content, communications, or administrative materials.

AI tools are used as a support mechanism only. All AI‑assisted outputs are reviewed, edited, and finalised by me before use to ensure accuracy, relevance, and alignment with the purpose for which the information is used.

Personal data and AI tools

I do not knowingly input personal data, confidential client information, or sensitive information into AI tools unless:

  • it is strictly necessary for the delivery of my services; and
  • appropriate safeguards are in place; or
  • you have provided your explicit consent.

Where personal data is processed with the assistance of AI tools, such processing is carried out in accordance with this Privacy Policy and applicable data protection laws, including the Privacy Act 2020 (New Zealand) and, where applicable, the UK GDPR and EU GDPR.

AI training and secondary use

Personal data is not used for AI training, profiling, or model improvement purposes, and is not shared with AI providers for their own use, unless explicitly stated and authorised.

Limitations of AI‑assisted processing

AI tools have inherent limitations. I remain responsible for decisions made using AI‑supported outputs and do not rely on AI tools for automated decision‑making that produces legal or similarly significant effects on individuals.

Your rights

Your rights depend on the privacy laws that apply to you based on your location and how I provide my services.

Where the UK GDPR or EU GDPR applies

If you are located in the United Kingdom or European Economic Area, and GDPR applies to my processing of your personal data, you have the right to:

  • Access a copy of your personal data.  
  • Request corrections to any inaccurate or incomplete information.  
  • Request deletion of your data in certain situations.  
  • Receive your personal data in a structured, machine-readable format.  
  • Object to certain types of processing (e.g., direct marketing).  
  • Withdraw consent at any time (e.g., via unsubscribe links). 

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

Where the Privacy Act 2020 (New Zealand) applies

If you are located in New Zealand, or where GDPR does not otherwise apply, you have the right to:

  • Request access to the personal information I hold about you
  • Request correction of your personal information if it is inaccurate, incomplete, or misleading
  • Request that a statement of correction be attached if I do not agree that a correction is required
  • Make a complaint to the Office of the Privacy Commissioner (New Zealand) if you believe your privacy rights have been breached

Exercising your rights

To exercise any of the rights described above, please email info@salltsisters.com with “Privacy Request” or “Data Subject Request” in the subject line. I will respond as soon as reasonably practicable, and in any event within the timeframes required by applicable law. I may request proof of identity before processing your request.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.  

For details about the specific cookies I use (including analytics and essential cookies), see my cookie policy here

Children’s privacy

This website is not intended for use by children. And I do not knowingly collect personal information from children under the age of 13. If you believe I have collected such information, please contact me immediately, and I will take steps to delete the information.

Security measures

I implement appropriate technical and organisational measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. All coaching session notes and recordings are encrypted at rest and in transit. I use SSL encryption, password-protected systems, and regular security audits to protect your data. While no system is 100% secure, I adhere to industry best practices.

In the event of a personal data breach, I will assess the breach in accordance with applicable data protection laws.

  • Where the UK GDPR or EU GDPR applies, I will notify the relevant supervisory authority and affected individuals without undue delay, and where required, within 72 hours of becoming aware of the breach.
  • Where the Privacy Act 2020 (New Zealand) applies, I will notify the Office of the Privacy Commissioner (New Zealand) and affected individuals as soon as reasonably practicable if the breach has caused, or is likely to cause, serious harm.

Changes to this privacy policy

I may update this Privacy Policy from time to time in order to reflect changes, or for other operational, legal, or regulatory reasons. Any changes will be posted on this page with an updated “Last Updated” date. I encourage you to review this Privacy Policy periodically to stay informed about how I protect your data.

The date at the top of this Privacy Policy indicates when it was last updated.

Contact information

If you have any questions or concerns about this Privacy Policy, or if you wish to exercise any of your rights related to your personal information, please contact me at:

  • Email: info@salltsisters.com, or
  • Address: Unit 142779, PO Box 7169, Poole BH15 9EL
Scroll to Top