Privacy Policy
Last updated: 13th October 2025
Data Controller & Company Details
Be Do & Have Anything Limited (registered company number 06932910)
Registered office: Downsview House, 141-143 Station Road East, Oxted, Surrey, RH8 0QE, United Kingdom
Email: [email protected]
If you are in the EU or the UK, and your jurisdiction requires it, you may also have the right to contact a representative.
If you have a question, request, or complaint about how your personal data is processed, you may contact us at the above details. You also have the right to lodge a complaint with the relevant supervisory authority (in the UK: the ICO; in EU countries: the national data protection authority).
1. Scope and Applicability
This Privacy Policy applies to all personal data collected and processed by Be Do & Have Anything Limited in connection with:
the website (e.g. tristansoames.com),
services, courses, coaching, retreats, or other offerings,
communications, marketing, events, and associated operations.
By using the site or engaging with our services, you agree to the collection and use of your personal data as described herein.
2. What Personal Data We Collect
We may collect and process:
Identity & contact data: name, title, email address, postal address, phone number
Technical / usage data: IP address, browser type and version, operating system, device identifiers, pages visited, referral URLs, timestamps
Service & transactional data: booking history, payments, invoices, correspondence, feedback
Marketing & communications data: preferences, email open/interaction history
Optional data: information you voluntarily provide (e.g. in forms, surveys)
Special category / sensitive data (only where necessary and with explicit consent): e.g. health or medical details relevant to retreat participation
We may also receive data from third parties or publicly available sources where lawful and disclosed (such as social media, background checks, etc.).
3. Lawful Bases & Purposes of Processing
We rely on the following lawful bases under UK/EU GDPR:
| Purpose | Lawful Basis |
|---|---|
| Provision of services (courses, coaching, retreats) | Performance of contract |
| Processing payments, billing, accounting | Performance of contract, legal obligation |
| Sending newsletters, offers, marketing (if you agree) | Consent |
| Website analytics, optimization, improving services | Legitimate interests |
| Compliance with regulatory or legal obligations | Legal obligation |
| Responding to requests, complaints, support | Legitimate interests / performance of contract |
Where processing is based on legitimate interests, we ensure that your rights and interests are not overridden.
You may withdraw consent at any time (for processing based on consent) without affecting prior processing.
4. Cookies & Tracking Technologies
We use cookies and similar technologies for:
Essential site functionality
Analytics and performance tracking
Preferences and settings
Marketing and remarketing
You have the choice to accept or reject non-essential cookies via the cookie banner or settings. Declining some cookies may affect your experience or limit functionality.
We may use third-party analytics (e.g. Google Analytics) and marketing tools that may transfer data outside the UK/EU. Where this happens, we put in place appropriate safeguards (e.g. standard contractual clauses).
5. Recipients & Third-Party Sharing
We may share your personal data with:
Service providers / data processors (e.g. hosting, email platforms, CRM, payment processors)
Professional advisors (lawyers, accountants)
Event or retreat venue partners (for logistics)
Authorities if required by law (e.g. courts, regulators)
Other parties only with your consent or as necessary
If data is transferred outside the UK/EU, we ensure that adequate safeguards are in place (e.g. adequacy decisions, standard contractual clauses).
6. Retention Periods
We retain personal data only as long as necessary for the purposes:
Financial / accounting records: up to 6 years or as legally required
Marketing data: until consent is withdrawn or for a reasonable period thereafter
Service-related data: for the duration of the client relationship plus a retention period (e.g. 3 years)
Website logs / analytics: typically up to 1–2 years
Anonymised or aggregated data may be kept indefinitely
After expiry of the retention period, data will be securely deleted or anonymised.
7. Your Rights
You have rights under UK/EU GDPR, including:
Access your data
Rectify inaccurate or incomplete data
Erase / delete data (“right to be forgotten”) in certain conditions
Restrict / block processing
Object to processing (e.g. marketing, or legitimate interest-based processing)
Data portability (in certain cases)
Withdraw consent (if processing based on consent)
Rights relating to automated decision making / profiling (if applicable)
To exercise your rights, contact us at the details above. We may require proof of identity. We respond within statutory time limits (normally one month, possibly extended in complex cases).
If dissatisfied, you may lodge a complaint with the Information Commissioner’s Office (UK) or relevant EU supervisory authority.
8. Security & Data Protection
We use appropriate technical and organizational measures to protect your data:
Encryption in transit and at rest
Access controls and restricted roles
Regular backups
Security assessments and audits
Data minimization and pseudonymisation where feasible
Vetting and agreements with third-party processors
In case of a data breach, we will notify the relevant supervisory authority and affected individuals if legally required.
9. Children & Minors
Our services are intended for adults. If we collect data from minors, we will obtain parental / guardian consent (if required), minimize data collection, and comply with applicable laws.
10. Changes to the Policy
We may update this Privacy Policy occasionally. The “Last updated” date will reflect the change. Where significant changes occur, we may notify you (e.g. by email for subscribed users).