Privacy Policy
Last updated: 1 October 2025This Privacy Policy explains how
[LEGAL NAME] (trading as
Maximum Mileage Coaching) ("
we", "
us", "
our") collects, uses, discloses and protects your personal information when you use our websites, applications, coaching portals, community spaces, and related services (together, the "
Services").We are committed to using your data responsibly and in line with the
UK GDPR and the
Data Protection Act 2018, and—where relevant—the
Privacy and Electronic Communications Regulations (PECR).
At a glance• We only collect what we need to deliver coaching and run our business.
• We never sell your data.
• We use trusted processors and protect data with technical and organisational measures.
• You control your marketing preferences and can withdraw consent at any time.
• You have rights over your data—how to exercise them is set out below.
1. Who we are (Data Controller)
Controller: Nicholas James Hancock, trading as
Maximum Mileage Coaching
Registered/Postal address: 2 St Philip St, Corsham, SN13 0FS
Email: nick@maximummileagecoaching.com
Data protection contact: Privacy Lead (same email as above)
ICO Registered Person - Nicholas Hancock t/a Maximum Mileage coaching
.2. The data we collectWe collect and process the following categories of personal data, depending on how you interact with us:
Identity & Contact DataName, email, phone number, postal address, country, emergency contact (optional).
Account & Communications DataLogin details, preferences, messages you send us (email, chat, forms, WhatsApp/DM where applicable), call/meeting recordings where you’ve agreed.
Coaching & Athlete Data (may include special category data)Training history, performance metrics, race results, injury status, goals, scheduling constraints, and
health-related information you choose to share (e.g., past injuries, nutrition notes, relevant medical information). This is considered
special category data under UK GDPR.
Transaction DataPurchase history (plans, subscriptions), invoice details. Card data is handled by our payment processor—we do
not store full card numbers.
Technical & Usage DataIP address, device identifiers, browser type, pages viewed, time on site, clicks, referral URLs, approximate location, and cookie identifiers.
Marketing & Engagement DataYour marketing preferences, email opens/clicks, webinar attendance, lead magnet downloads, community participation.
Third‑Party Integration DataData we receive if you connect third‑party services to your account (e.g., training platforms, calendars, video call tools). Examples include:
TrainingPeaks,
Google/Apple calendars,
Zoom/Meet,
GoHighLevel/CRM,
Zapier,
Notion,
Google Analytics/Tag Manager,
Stripe,
Calendly, and similar tools. We’ll only connect or ingest what’s needed to deliver the Services you request.3. How we collect data
Directly from you: forms, checkout, email/DM, calls, questionnaires, webinars, coaching portal.
Automatically: through cookies, pixels, and similar technologies when you use our websites/apps.
From third parties (when you authorise it): training platforms, calendars, payment providers, scheduling tools, analytics providers, and social networks.4. Our lawful bases for processingWe use your data under one or more of the following lawful bases:
Contract – to provide and support the Services you’ve asked for (e.g., coaching, subscriptions, training plans, support).
Consent – for:
Special category data (health/medical information shared for coaching). We’ll ask for
explicit consent (e.g., a clear tick box or written confirmation) and you can withdraw consent at any time.
Marketing communications (email/SMS/DMs where consent is required under PECR).
Non‑essential cookies and similar technologies.
Legitimate Interests – to run, improve, and protect our Services (e.g., usage analytics, service improvement, network security, preventing fraud, reasonable personalisation). We balance these interests against your rights and expectations.
Legal Obligation – to meet tax, accounting, and regulatory requirements.If we rely on
consent, you can withdraw it at any time—this won’t affect processing that already happened lawfully.5. How we use your dataDelivering and personalising coaching and training plans.Setting up and managing your account, subscriptions, and payments.Communicating with you (including support, service updates, and feedback requests).Analysing usage to improve content, programming, and the user experience.Running webinars, events, groups, and communities.Preventing misuse, protecting security, and enforcing our terms.Creating
aggregated or anonymised insights (e.g., general trends) that don’t identify you.With your permission, using
testimonials/case studies (we’ll ask you before publishing anything identifiable).We
do not use your data for automated decision‑making that produces legal or similarly significant effects.6. Special category (health) dataWe may process health‑related data that you choose to share to enable tailored coaching. Because this is sensitive data, we process it
only with your explicit consent (UK GDPR Art. 9(2)(a)).You can decline to share health data, but it may limit our ability to coach safely and effectively.You can withdraw consent at any time—if you do, we’ll stop processing going forward and securely delete or anonymise this data unless retention is required by law or to establish/exercise/defend legal claims.7. Cookies & similar technologiesWe use cookies, pixels, and similar technologies to operate our site and understand usage.
Types of cookiesStrictly necessary (essential for login, security, load balancing).
Analytics/performance (to help us improve content and features).
Functionality (remember preferences).
Advertising/retargeting (only if used; disable if not).Under
PECR, we seek your
consent for non‑essential cookies. You can change your preferences any time via our
Cookie Settings link (where available) or your browser settings. For more detail, see our
[Cookie Policy].8. Disclosures & sharingWe share personal data with trusted
processors that help us deliver the Services, under contracts that require them to protect your data and only act on our instructions. Typical categories include:Hosting, storage, and infrastructure (e.g., cloud providers).Coaching platforms and integrations (e.g., TrainingPeaks, calendars, webinar tools).Communications and CRM (e.g., email service, support/chat, community).Payments and billing (e.g., Stripe).Analytics and tag management.Forms, surveys, e‑signatures, and automations (e.g., Calendly, Zapier, Notion, form tools).We also share data where required by law, to protect rights and safety, to respond to lawful requests, or in connection with a business reorganisation. We
never sell your personal data.9. International transfersSome processors are located outside the UK/EEA (e.g., in the United States). When we transfer your data internationally, we use lawful safeguards such as:UK adequacy regulations (where available), and/orthe
UK International Data Transfer Agreement (IDTA) or the
UK Addendum to the EU Standard Contractual Clauses (SCCs), plus supplementary measures where appropriate.You can request more information about international transfer safeguards by contacting us.10. Data securityWe use a combination of technical and organisational measures to protect personal data, including encryption in transit, access controls, least‑privilege permissions, audit logging where supported, and staff confidentiality obligations. No method is 100% secure, but we work to prevent unauthorised access, alteration, disclosure, or loss.11. Data retentionWe keep personal data only as long as needed for the purposes described, including to meet legal/accounting obligations, resolve disputes, and enforce agreements. Typical retention periods are:
Account & coaching records: for the duration of your engagement
and up to
2 years after it ends (unless you ask us to delete sooner and we have no legal reason to keep them).
Special category (health) data: for the duration of your engagement and up to
2 years after, or earlier on withdrawal of consent (unless required to retain for legal claims).
Financial/transaction records: 6 years to meet UK tax requirements.
Marketing data: until you unsubscribe or after
24 months of inactivity.
Technical/analytics logs: typically
12–24 months, depending on the provider.We may retain
anonymised data (which no longer identifies you) for research and business insights.12. Your rightsUnder UK GDPR, you have rights to:
Access your personal data.
Rectify inaccurate or incomplete data.
Erase your data ("right to be forgotten").
Restrict or
object to processing (including profiling based on legitimate interests).
Data portability (where technically feasible).
Withdraw consent at any time (for consent‑based processing).
Lodge a complaint with the
Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.To exercise any right, email
nick@maximummileagecoaching.com. We may need to verify your identity. There’s no fee unless your request is excessive or unfounded.13. MarketingYou’ll only receive marketing from us if you:opted in, orare an existing customer and we’re contacting you about similar products/services ("soft opt‑in" under PECR).You can unsubscribe at any time via the link in any marketing email or by contacting us. We don’t send third‑party marketing without your permission.14. ChildrenOur Services aren’t directed to children. We don’t knowingly collect data from anyone under
13 without parental/guardian consent. If you believe a child has provided us personal data, please contact us and we’ll delete it.15. Third‑party linksOur Services may include links to third‑party sites, apps, or platforms. We’re not responsible for their privacy practices. Please review their policies before you share data with them.16. Changes to this policyWe may update this Privacy Policy to reflect changes to our practices or for legal/regulatory reasons. We’ll post the updated version with a new "Last updated" date and, if changes are significant, we’ll notify you.17. Contact usQuestions about this policy or your data?
Email:
nick@maximummileagecoaching.comPostal:
2 St Philip St, Corsham, SN13 0FS
Appendix A – Common processors we use (illustrative)Exact providers may change from time to time. We keep contracts in place with each provider to ensure UK GDPR‑level protections.
Hosting & storage: reputable UK/EU/US cloud providers (e.g., AWS, Google Cloud, Microsoft Azure).
Analytics & tags: Google Analytics/Tag Manager (IP anonymisation where configured), privacy‑respecting analytics where used.
Coaching platform: TrainingPeaks (plans, workouts, performance tracking).
Scheduling & video: Calendly; Zoom/Google Meet.
CRM & communications: GoHighLevel (or equivalent), email service provider, webinar tools.
Automation: Zapier (data routing between systems).
Docs & notes: Notion/Google Workspace (internal operations).
Payments: Stripe (PCI‑DSS compliant).
Surveys/forms & e‑sign: secure form tools for questionnaires and agreements.If you’d like the current, detailed list of processors and sub‑processors, contact us at the email above.
Legal note: This policy is provided for information and transparency. It does not create any contractual or legal rights for third parties. For tailored legal advice, please consult a solicitor.