Introduction
This Privacy and Cookies Notice explains how Edison Astudillo (“I”, “me”, “my”) collects, uses, stores, shares, and deletes personal data when you visit www.couplesreset.co.uk, make an enquiry through the contact form, complete the online Initial Enquiry and Suitability Form, book The Couples Reset Programme, also referred to as “Couples Reset” or “the programme”, or take part in the programme.
For data protection purposes, Edison Astudillo is the data controller for the personal data described in this notice.
The programme is delivered remotely. I may deliver sessions and manage related administration from outside the UK. This means I may access and handle personal data remotely from outside the UK, while applying this notice and appropriate confidentiality and security measures.
The service is intended for adults aged 18 and over.
Contact details
Data controller: Edison Astudillo
Email: contact@couplesreset.co.uk
Phone: 07907 466 711
Website: www.couplesreset.co.uk
If you have questions about this notice or about how your personal data is used, please contact me using the details above.
The personal data I may collect
Website and technical data. This may include IP address, browser type, device information, operating system, referral source, pages visited, time spent on the site, and cookie-related information.
Enquiry and contact data. This may include names, email addresses, telephone numbers, and the contents of messages you send through forms, email, text, or phone.
Pre-booking and suitability data. This may include information provided in the online Initial Enquiry and Suitability Form, which each partner completes separately.
Booking, scheduling, payment, and administration data. This may include appointment details, attendance information, payment references, refund information, and routine administrative correspondence.
Programme information, including special category data. This may include information provided in the online Intake Form completed separately by each partner, as well as information about mental health, relationship difficulties, significant distress, risk concerns, safeguarding issues, coercion or abuse, suicidal ideation, self-harm, crisis, or other sensitive information relevant to suitability or to delivering the programme safely and effectively.
Brief working notes. I may keep brief working notes and administrative records as reasonably required to deliver the programme and manage the practice.
Documents or information you choose to send. If you email or otherwise provide documents or information for enquiry, administrative, suitability, or programme-related purposes, I may process the information they contain.
How I use personal data and the legal bases I rely on
For ordinary personal data, I rely on one or more of the following UK GDPR Article 6 bases, depending on the purpose: contract, steps taken at your request before entering into a contract, legal obligation, vital interests, and legitimate interests.
For special category data, where relevant I rely on one or more of the following UK GDPR Article 9 conditions: health or social care purposes; vital interests; and establishment, exercise, or defence of legal claims.
4.1 Enquiries and pre-booking communications
I may use contact and enquiry data to respond to questions, provide information about Couples Reset, and communicate with you about the service. The main Article 6 basis is steps taken at your request before entering into a contract, and in some cases legitimate interests in administering the practice.
4.2 Suitability and safety screening
I use information from the online Initial Enquiry and Suitability Form, completed separately by each partner, to decide whether the programme is appropriate to offer and whether it can be delivered safely and effectively. The main Article 6 bases are steps taken before entering into a contract and legitimate interests in operating a safe professional service. Where special category data is involved, the main Article 9 condition is health or social care purposes.
4.3 Delivering the programme
I use booking information, intake information submitted separately by each partner, communications, and session-related information to arrange and provide The Couples Reset Programme, including preparation materials, the live intensive session, follow-up sessions, related administration, and remote delivery of the programme. The main Article 6 basis is performance of a contract. Where special category data is involved, the main Article 9 condition is health or social care purposes.
4.4 Payments, refunds, and administration
I use payment and administrative information to confirm bookings, record payment by bank transfer, manage refunds if due, and maintain routine business and accounting records. The main Article 6 bases are performance of a contract, legal obligation, and legitimate interests.
4.5 Brief working notes and practice management
I may keep brief working notes and limited administrative records to support safe delivery of the programme, continuity across the short programme period, and reasonable practice management. The main Article 6 basis is legitimate interests and, where necessary to deliver the programme, performance of a contract. Where special category data is involved, the main Article 9 condition is health or social care purposes.
4.6 Safeguarding, emergencies, and serious harm
I may use and, where necessary, share relevant information if this is reasonably necessary to protect life, prevent serious harm, respond to safeguarding concerns, reconnect after a dropped session where there is immediate concern, or comply with a legal requirement. Depending on the circumstances, the Article 6 bases may include vital interests, legal obligation, or legitimate interests. For special category data, the Article 9 conditions may include vital interests or health or social care purposes.
4.7 Complaints, insurance, professional advice, and legal claims
I may retain and use limited information where reasonably necessary to respond to complaints, obtain insurance or legal advice, defend or pursue legal claims, or comply with professional or regulatory requirements. The main Article 6 bases are legal obligation and legitimate interests. For special category data, the Article 9 condition may include establishment, exercise, or defence of legal claims.
4.8 Website operation and security
I may use website and technical data to keep the website secure, diagnose technical problems, and understand how the website is used. The main Article 6 basis is legitimate interests. Where non-essential cookies are used, I will seek consent where required.
Who I may share personal data with
I do not sell client data.
I may share personal data, where necessary and proportionate, with service providers that support the delivery and administration of the service. Depending on the tools actually used at the time, this may include website hosting or security providers, form or booking providers, email and document providers, video meeting providers, and banking or payment-related providers.
Information submitted through website forms may be stored securely within the website system and may generate an email notification to me. Access to form submissions is restricted to authorised administrative access.
I may also share information where necessary with professional advisers, insurers, regulators, legal advisers, emergency services, healthcare professionals, or other appropriate agencies if this is required by law or reasonably necessary to protect life, prevent serious harm, address safeguarding concerns, or establish, exercise, or defend legal claims.
If I use third-party service providers, they are expected to process personal data only for appropriate purposes and with suitable security measures.
International transfers
Personal data may be accessed, stored, or processed outside the UK in two situations. First, because the programme is delivered online, I may access and handle personal data remotely from outside the UK when delivering the programme or managing related administration. Second, some third-party service providers may store or process personal data outside the UK.
Where personal data is made accessible to a separate organisation outside the UK, I will take reasonable steps to ensure that appropriate safeguards or lawful transfer mechanisms are in place, such as an adequacy regulation, approved contractual protections, or another lawful transfer mechanism.
How long I keep personal data
I aim to keep personal data and notes to the minimum reasonably necessary.
If you make an enquiry but do not become a client, I will usually delete enquiry correspondence and related forms as soon as reasonably practicable and normally within 3 months, unless there is a safeguarding issue, legal issue, fraud concern, complaint, or another good reason to retain them for longer.
If the programme is not offered, or if you decide not to proceed after the suitability stage, I will usually delete suitability and related administrative information as soon as reasonably practicable and normally within 3 months, unless a longer period is reasonably necessary for safeguarding, legal, insurance, complaint-handling, fraud-prevention, or administrative purposes.
If you take part in the programme, I aim to keep brief working notes and programme-related records only for as long as reasonably necessary to deliver the programme and manage immediate follow-up. In most cases, I aim to delete these as soon as reasonably practicable after the programme ends, and normally within 30 days of programme completion or last meaningful contact.
However, some limited records may need to be retained for longer where this is reasonably necessary to comply with law, manage complaints, respond to an information rights request, address safeguarding or serious harm concerns, prevent fraud, obtain insurance or professional advice, establish, exercise, or defend legal claims, or keep the accounting and payment records that the law or normal business practice requires.
Administrative and financial records, including payment and refund records, may need to be retained for longer for tax, accounting, anti-fraud, audit, and dispute-management purposes. In many cases this may be up to 6 years.
If a complaint, claim, investigation, subject access request, or other legal hold is live or reasonably anticipated, relevant information may be retained until the matter is resolved.
Security
I take reasonable technical and organisational measures to protect personal data against accidental loss, unauthorised access, misuse, alteration, or disclosure.
This may include secure accounts and devices, controlled access, password protection, and limiting the amount of personal data that is created and retained.
Where I work remotely, including from outside the UK, I will use a private setting and appropriate security measures for accessing, discussing, and handling personal data.
No method of transmission over the internet is completely secure, but I take reasonable steps to reduce risk.
Your rights
Under UK data protection law, you may have rights including the right to access your personal data, request rectification, request erasure in some circumstances, request restriction of processing, object to certain processing based on legitimate interests, and request data portability where applicable.
These rights are not absolute. For example, a request for deletion may be refused or only partly granted where I still need the data for legal obligations, safeguarding, complaints, legal claims, accounting, fraud prevention, or other legitimate reasons recognised by law.
To exercise your rights, please contact me using the details in section 2. I may need to verify your identity before responding.
You also have the right to complain to the Information Commissioner’s Office (ICO).
Cookies
The website uses cookies and similar technologies. Some cookies may be necessary for the website to function properly. Where analytics, preference, marketing, embedded content, or other non-essential cookies are used, I will seek consent where required before they are placed.
The website may use tools such as Google Analytics 4 to understand how visitors use the site. Non-essential cookies and analytics tools will be managed through a cookie consent solution, which allows you to accept, reject, or manage your preferences.
You can usually control cookies through your browser settings, although blocking some cookies may affect website functionality.
Third-party websites
The website may contain links to third-party websites or platforms. I am not responsible for the privacy practices of third-party sites and you should review their own privacy notices.
Children
The service and website are intended for adults aged 18 and over. I do not knowingly provide the service to children or intentionally collect children’s personal data for this programme.
Changes to this notice
This Privacy and Cookies Notice may be updated from time to time. The latest version will be published on the website Privacy and Cookies Notice