top of page

Data Protection Policy

Balanced Bedtime sleep consultancy
Title: Data Protection Policy

Last reviewed: January 2026

 

 

1. Purpose of This Policy

This Data Protection Policy explains how I, Maddy Thompson, trading as Balanced Bedtime sleep consultancy, collect, store, use, and protect personal information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

I am committed to protecting the privacy of every family I work with and ensuring all personal data is handled lawfully, fairly, and transparently.

 

2. Scope

This policy applies to all personal data collected, stored, or processed in the course of my work as a baby and child sleep consultant.
It covers information collected via:

  • Consultation forms
     

  • Questionnaires or assessments
     

  • Emails, messages, and phone calls
     

  • Online booking systems or client management tools
     

 

3. Data I Collect

To provide safe and effective support, I may collect the following types of personal data:

Parent/Guardian Information

  • Full name
     

  • Contact details (email, phone number, address)
     

  • Relevant family information (for context of sleep routines)
     

Child Information

  • Name, date of birth, and age
     

  • Sleep, feeding, and development details
     

  • Relevant medical information or allergies (if applicable)
     

Consultation Data

  • Sleep assessments, notes, and action plans
     

  • Progress updates and communication history

4. Lawful Basis for Processing

Under UK GDPR, I must have a lawful reason for collecting and processing personal data.
My lawful bases include:

  • Contract: To provide the sleep consultancy service you have requested.
     

  • Legal obligation: To comply with tax, record-keeping, or safeguarding laws.
     

  • Consent: When you choose to share sensitive information or join my mailing list.
     

  • Legitimate interest: To maintain client records and deliver a professional service.
     

 

5. How I Use Your Data

Your information is used to:

  • Assess your child’s sleep patterns and environment
     

  • Create and adapt a personalised sleep plan
     

  • Communicate and follow up during the support period
     

  • Keep accurate business and service records
     

Your data will never be sold, rented, or shared for marketing without your consent.

 

6. Data Sharing

As a sole trader, I do not routinely share client data with anyone else.

However, information may be shared when:

  • You have given explicit written consent (e.g. to share details with a GP or health visitor), or
     

  • There is a legal obligation (for example, a safeguarding concern or court order).
     

Any such disclosure will be handled carefully and, wherever possible, discussed with you first.

 

7. Data Storage and Security

I take data security seriously and ensure that all personal information is stored safely and securely:

  • Digital data (emails, forms, documents) is stored on password-protected, encrypted devices.
     

  • Paper records (if used) are stored in a locked cabinet and accessed only by me.
     

  • Cloud-based systems (if used) comply with UK data protection standards.
     

I will take all reasonable steps to prevent unauthorised access, loss, or misuse of your personal data.

 

8. Data Retention

Client records are retained for:

  • 7 years from the date of last contact, or
     

  • Until the child reaches age 21, whichever is longer.
     

After this period, all data is securely deleted or shredded.

 

9. Your Data Protection Rights

You have the right to:

  • Access the personal data I hold about you
     

  • Request corrections to inaccurate information
     

  • Request deletion of your data (within legal retention limits)
     

  • Withdraw consent at any time
     

  • Lodge a complaint with the Information Commissioner’s Office (ICO) if you are concerned about how your data is handled
     

To make a request, please contact me directly at:
Maddy@balancedbedtime.co.uk
07345 240195

 

10. Data Breach Procedure

In the unlikely event of a data breach (loss, unauthorised access, or misuse of information):

  • I will take immediate steps to contain the breach and assess the risk.
     

  • If there is a risk to your rights or freedoms, I will notify the ICO within 72 hours and inform you as soon as possible.
     

  • All incidents will be recorded and reviewed to prevent recurrence.
     

 

11. Policy Review

This policy is reviewed annually or whenever there are significant changes in data protection law, professional guidance, or business operations.

bottom of page