Legal

Privacy Policy

Last updated: 21 May 2026  ·  drlisakleyn.com

This Privacy Policy explains how Dr. Lisa Kleyn collects, uses, shares, and protects your personal information when you visit drlisakleyn.com, subscribe to our newsletter, download a resource, book a consulting session, enroll in a course or membership program, or otherwise interact with us.

01Who We Are

Dr. Lisa Kleyn operates as a sole trader based in the United Kingdom. For the purposes of the UK General Data Protection Regulation (“UK GDPR”), the EU General Data Protection Regulation (“EU GDPR”), and applicable US state privacy laws, Dr. Lisa Kleyn is the data controller of your personal information.

• Controller — Dr. Lisa Kleyn (sole trader)
• Address — 94 Alfriston Road, Clapham, London, SW11 6NW, United Kingdom
• Email — [email protected]
• ICO registration — [to be inserted once registration completed]

Please read this Privacy Policy carefully. If you do not agree with any part of this policy, please do not use the Site or our services.

02Scope

This Privacy Policy applies to information collected through:

• The Site at drlisakleyn.com, including all pages, lead magnets, opt-in forms, and member portal areas;
• Our newsletter and email marketing communications;
• Course and membership program enrollments processed through Kajabi;
• Consulting session bookings processed through Calendly;
• Payments processed through our payment providers; and
• Any direct correspondence with us (e.g., email).

Clinical intake information collected separately for one-to-one psychology clients is governed by a separate clinical privacy notice and is not covered by this Policy.

03Information We Collect

3.1 Information you provide to us

• Identity and contact — name, email address, postal address (if provided), phone number.
• Account — username, password, profile details, and preferences for the member portal.
• Payment — billing name, billing address, and the last four digits of your payment card. Full card details are processed directly by our payment provider (e.g., Stripe or Kajabi Payments) and are not stored on our systems.
• Transactions — details of products, memberships, or sessions you purchase, including dates, prices, refunds, and chargebacks.
• Communications — the content of emails, messages, survey responses, and any feedback or testimonials you submit.
• Marketing preferences — your subscription status and preferences regarding our newsletter and other marketing.

3.2 Information collected automatically

When you visit the Site, we and our service providers automatically collect:

• IP address and approximate geolocation;
• Device information (browser type, operating system, device identifiers, screen size);
• Usage data (pages viewed, time on page, links clicked, referring URL, exit pages);
• Cookies, pixels, and similar tracking technologies (see Section 8).

3.3 Information from third parties

• Payment processors (transaction confirmation and limited card metadata);
• Analytics and advertising providers (aggregated audience and campaign data);
• Social media platforms, if you interact with our profiles or click on our advertisements; and
• Anyone who refers you to us, where they have provided your contact details. We will only contact you if we have a lawful basis to do so.

3.4 Sensitive or special category data

We do not knowingly collect special category personal data (such as health information, religious beliefs, sexual orientation, or political opinions) through the Site. If you voluntarily disclose such information to us (for example, in a free-text survey field or email), we will treat it with appropriate confidentiality and will rely on your explicit consent or another lawful basis under Article 9 UK/EU GDPR to process it.

Clinical health information shared as part of a therapy or psychology engagement is collected separately under a clinical privacy notice and is not processed through the Site.

04How We Use Your Information

• To provide and manage our services — creating and managing your account, delivering courses and memberships, scheduling consulting sessions, processing payments, and providing customer support.
• To communicate with you — responding to enquiries, sending transactional emails (receipts, booking confirmations, account notices), and providing service-related updates.
• Marketing — sending you our newsletter, promotional emails, and information about products, programs, or services we believe may interest you, where you have consented or where we are otherwise permitted by law.
• Analytics and improvement — understanding how visitors use the Site, measuring the effectiveness of our content and campaigns, and improving our services.
• Advertising — delivering and measuring advertising on third-party platforms (such as Meta and Google), including retargeting visitors and building lookalike audiences.
• Legal and compliance — complying with legal obligations, responding to lawful requests, enforcing our Terms of Service, preventing fraud, and protecting our rights, property, and safety.

05Legal Bases for Processing (UK & EU Visitors)

Under the UK GDPR and EU GDPR, we must have a lawful basis for processing your personal information. The bases we rely on are:

• Contract (Art. 6(1)(b)) — to deliver services you have purchased or requested, including managing your account, processing payments, and providing memberships, courses, and sessions.
• Consent (Art. 6(1)(a)) — for marketing emails, non-essential cookies, advertising pixels, and any voluntary survey responses. You may withdraw consent at any time.
• Legitimate interests (Art. 6(1)(f)) — to operate, secure, and improve the Site; to prevent fraud and abuse; to communicate with existing customers about similar services in accordance with the “soft opt-in”; and to defend legal claims. We have assessed that these interests do not override your rights and freedoms.
• Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, anti-money-laundering, and other legal requirements.
• Explicit consent (Art. 9(2)(a)) — where you voluntarily share special category data.

06How We Share Your Information

We do not sell your personal information. We share it only with the following categories of recipients, and only as necessary:

6.1 Service providers (processors)

• Kajabi — website hosting, member portal, course delivery, email marketing, email capture, payment processing (Kajabi, LLC, USA).
• Calendly — session scheduling (Calendly, LLC, USA).
• Stripe and/or Kajabi Payments — payment processing. Payment cards are tokenized and processed directly by the provider.
• Google Analytics — website analytics (Google LLC / Google Ireland Limited).
• Meta Pixel — advertising and measurement (Meta Platforms, Inc. / Meta Platforms Ireland Limited).
• Email & cloud storage providers — used for business correspondence and document storage.

Each of these providers acts as a data processor on our behalf under written terms that require them to protect your information.

6.2 Professional advisors

We may share information with our accountants, lawyers, insurers, and similar professional advisors, where necessary for the operation of our business.

6.3 Legal and safety disclosures

We may disclose information where required by law, in response to a valid legal request, or where we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, or to investigate fraud or violations of our Terms of Service.

6.4 Business transfers

If we sell, merge, or transfer all or part of our business or assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and any new privacy practices.

07International Data Transfers

We are based in the United Kingdom and many of our service providers are based in the United States or other countries outside the UK and the European Economic Area (“EEA”). When we transfer your personal information outside the UK or EEA, we rely on appropriate safeguards, which may include:

• UK or European Commission adequacy decisions for the recipient country;
• Standard Contractual Clauses (SCCs) approved by the European Commission, together with the UK International Data Transfer Addendum where relevant;
• The EU–US Data Privacy Framework and the UK Extension to that Framework, where the recipient is certified; and
• Other lawful transfer mechanisms permitted by applicable law.

You may request a copy of the safeguards in place by contacting us at [email protected].

08Cookies & Tracking

We use cookies and similar technologies to operate the Site, remember your preferences, analyse traffic, and deliver advertising:

• Strictly necessary — required for the Site to function (e.g., login sessions, security, basic navigation). These cannot be switched off.
• Functional — remember your preferences and choices to improve your experience.
• Analytics — set by Google Analytics and similar providers to help us understand how visitors use the Site.
• Advertising — set by Meta Pixel and similar advertising providers to measure and target advertising on third-party platforms.

Where required by law (including for UK and EEA visitors under the UK Privacy and Electronic Communications Regulations and the EU ePrivacy Directive), we will request your consent before setting non-essential cookies through a cookie banner. You may withdraw or change your consent at any time through the cookie settings link on the Site.

You can also control cookies through your browser settings. Disabling cookies may affect Site functionality.

09Data Retention

We retain personal information only for as long as necessary for the purposes for which it was collected, including for legal, accounting, tax, or reporting requirements. Typical retention periods are:

• Customer transaction records — at least 6 years from the end of the relevant tax year (UK statutory requirement).
• Account information for active members — for the duration of your membership and for a reasonable period afterwards.
• Newsletter subscribers — until you unsubscribe, plus a short suppression-list retention to honor your unsubscribe.
• Marketing & analytics data — typically up to 26 months in identifiable form, after which it is aggregated or deleted.
• Support & correspondence — up to 3 years from the last contact, unless required for legal purposes.

When personal information is no longer needed, we securely delete or anonymise it.

10Your Rights (UK & EU Visitors)

If you are located in the United Kingdom or the European Economic Area, you have the following rights:

• Access — obtain a copy of the personal information we hold about you.
• Rectification — have inaccurate or incomplete information corrected.
• Erasure — ask us to delete your personal information in certain circumstances.
• Restriction — ask us to restrict our use of your information in certain circumstances.
• Objection — object to our processing based on legitimate interests, and to object at any time to direct marketing.
• Portability — receive your information in a structured, commonly used, machine-readable format.
• Withdraw consent — where we rely on consent, withdraw it at any time without affecting prior processing.
• Lodge a complaint — with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ico.org.uk). In the EU, you may contact the data protection authority in your country of residence.

To exercise any of these rights, contact us at [email protected]. We will respond within one month, and may extend this period by up to two further months for complex requests. We may need to verify your identity before responding.

11Your Rights (US Residents)

Depending on your state of residence, you may have additional rights under US state privacy laws, including the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”), and equivalent laws in states such as Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and others.

These rights may include:

• Right to know — what personal information we collect, use, share, and (if applicable) sell about you.
• Right to access — a copy of your personal information.
• Right to delete — your personal information, subject to certain exceptions.
• Right to correct — inaccurate personal information.
• Right to opt out — of sale or sharing of personal information, and of targeted advertising and certain profiling.
• Right to limit use of sensitive personal information — in certain circumstances.
• Right to non-discrimination — for exercising your privacy rights.

We do not sell personal information for monetary consideration. However, our use of advertising pixels (such as the Meta Pixel) and analytics tools may be considered “sharing” or processing for “targeted advertising” or “cross-context behavioral advertising” under some US state laws.

California residents may submit a request via [email protected]. To opt out of sharing for cross-context behavioral advertising, you may use the “Your Privacy Choices” link (where provided) or contact us. We honor Global Privacy Control (GPC) browser signals where applicable.

Authorized agents may submit requests on your behalf with appropriate authorization. We will verify your identity (and your agent’s authority) before processing your request.

12Children’s Privacy

The Site and our services are intended for adults aged 18 and over. We do not knowingly collect personal information from children under 16 (or under the equivalent age of consent in your jurisdiction). If you believe a child has provided us with personal information, please contact us at [email protected] and we will delete it.

13Security

We implement reasonable technical and organisational measures to protect your personal information against unauthorised access, loss, misuse, alteration, or destruction. However, no method of transmission over the internet or storage is completely secure, and we cannot guarantee absolute security.

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, you, in accordance with applicable law.

14Third-Party Links

The Site may contain links to third-party websites, products, or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy policies before providing personal information.

15Automated Decision-Making

We do not use your personal information to make decisions that produce legal or similarly significant effects on you solely through automated means, including profiling.

16Representatives

We are based in the United Kingdom. We have not currently appointed a representative in the European Union under Article 27 of the EU GDPR. If you are located in the EU and wish to exercise your rights, please contact us directly at [email protected].

17Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when it was last revised. Material changes will be communicated by email or through a prominent notice on the Site. Your continued use of the Site after changes take effect constitutes acceptance of the revised Policy.

18Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information:

---