Privacy Policy

Last updated: 15 October 2025

Introduction

Welcome to Sara Thomson’s website. I respect your privacy and am committed to protecting your personal data. This privacy policy explains how I collect, use, and safeguard your information when you visit sarathomson.com, purchase products or services, or engage with my content.

I am Sara Thomson, trading as Peony Creative Media, and I am the data controller responsible for your personal data. If you have any questions about this privacy policy or how I handle your data, please contact me at hello@peonycreative.media.

Information I Collect

I collect and process the following types of personal data:

Information You Provide Directly

  • Name and email address when you subscribe to my newsletter, complete a contact form, apply for coaching services, or make a purchase
  • Payment information when you purchase digital products, courses, or coaching services (processed securely through third-party payment processors)
  • Coaching application details including information you share about your creative goals, challenges, and circumstances
  • Correspondence when you contact me via email or through my website

Information Collected Automatically

  • Usage data including your IP address, browser type, pages visited, time spent on pages, and referring website, collected via Google Analytics
  • Device information such as operating system and device type

How I Use Your Information

I use your personal data for the following purposes:

  • To provide services: Delivering digital products, courses, coaching services, and responding to your enquiries
  • To communicate with you: Sending newsletters (via Substack), course materials, coaching updates, and responding to your messages
  • To process payments: Securely processing transactions through WooCommerce and associated payment processors
  • To improve my website and services: Analysing website usage through Google Analytics to understand how visitors interact with my content
  • To comply with legal obligations: Maintaining records as required by HMRC and other regulatory bodies

Legal Basis for Processing

Under GDPR, I process your personal data based on:

  • Consent: When you sign up for my newsletter or submit a contact form
  • Contract: When you purchase products or services from me
  • Legitimate interests: For improving my website, services, and business operations
  • Legal obligation: For tax and accounting purposes as required by HMRC

Third-Party Services

I use trusted third-party services to operate my business. These services may process your personal data on my behalf:

  • Substack: For newsletter delivery and email marketing
  • WooCommerce and payment processors: For secure payment processing and order fulfilment
  • Google Analytics: For website analytics and understanding visitor behaviour
  • Hostinger: For website hosting
  • Systeme.io: For course delivery and online programme management
  • Social media platforms: When you interact with my content on Instagram, Pinterest, LinkedIn, or Facebook

Each of these services has its own privacy policy governing how they handle your data. I only work with providers that maintain appropriate security standards.

Data Sharing

I will never sell, rent, or trade your personal data to third parties for marketing purposes.

I only share your data with:

  • Service providers: As listed above, who help me deliver services to you
  • Legal authorities: If required by law or to protect my legal rights
  • Professional advisers: Such as accountants or solicitors, when necessary for business operations

Data Retention

I retain your personal data only for as long as necessary to fulfil the purposes outlined in this privacy policy, unless a longer retention period is required by law.

  • Financial records: Retained for at least 6 years as required by HMRC
  • Newsletter subscribers: Until you unsubscribe
  • Coaching clients: For the duration of our working relationship and as long as required for tax purposes
  • Website analytics: Aggregated and anonymised data may be retained indefinitely

Your Rights Under GDPR

As a UK-based business serving UK and EU visitors, I comply with the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018. You have the following rights:

  • Right to access: Request a copy of the personal data I hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data (subject to legal obligations)
  • Right to restrict processing: Request that I limit how I use your data
  • Right to data portability: Request transfer of your data to another service provider
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Unsubscribe from newsletters or withdraw consent at any time

To exercise any of these rights, please contact me at hello@peonycreative.media.

Data Security

I take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure, and I cannot guarantee absolute security.

Cookies

At present, I do not use cookies on sarathomson.com beyond those strictly necessary for website functionality. If this changes in future, I will update this privacy policy and, where required, obtain your consent.

Please note that third-party services such as Google Analytics may use cookies. You can control cookie settings through your browser preferences.

Children’s Privacy

My services are not directed at children under the age of 16. I do not knowingly collect personal data from children. If you believe I have inadvertently collected data from a child, please contact me immediately.

International Data Transfers

Some of the third-party services I use may store or process data outside the UK or European Economic Area (EEA). When this occurs, I ensure that appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

Changes to This Privacy Policy

I may update this privacy policy from time to time to reflect changes in my practices, services, or legal requirements. The “Last updated” date at the top of this page indicates when the policy was last revised. I encourage you to review this policy periodically.

If I make significant changes, I will notify newsletter subscribers via email.

Contact Me

If you have any questions, concerns, or requests regarding this privacy policy or how I handle your personal data, please contact me at:

Email: hello@peonycreative.media
Website: sarathomson.com