Privacy policy.

1.  Who we are

Stone by Stone Leadership is a leadership development and coaching company based in Ireland. We provide leadership training programmes, individual coaching, learning and development partnerships, and associated services to organisations and individuals.

For the purposes of this Privacy Policy, Stone by Stone Leadership is the data controller in respect of your personal data.

Email: cian@stonebystoneleadership.com

Website: stonebystoneleadership.com

Registered in Ireland

2.  What this policy covers

This Privacy Policy explains how Stone by Stone Leadership collects, uses, stores and protects personal data when you:

  • visit our website at stonebystoneleadership.com

  • complete our Leadership Satisfaction Survey

  • register to receive a leadership report via our report sign-up form

  • contact us by email, phone or via our enquiry form

  • engage with us as a client, delegate or partner organisation

  • subscribe to our newsletter or other communications

We are committed to handling your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Irish Data Protection Act 2018.

3.  What personal data we collect

The personal data we collect depends on how you interact with us. Below is a summary of each context.

3.1  Website enquiry form

When you submit an enquiry via our website, we collect your name, email address, phone number (if provided), and the content of your message.

3.2  Leadership Satisfaction Survey

Our Leadership Satisfaction Survey is designed to be strictly anonymous. We do not collect names, email addresses, IP addresses or any other information that could identify individual respondents. The survey collects only the name of the organisation the respondent works for, alongside their scored responses to the survey questions. No personal data is collected from survey participants.

3.3  Leadership report sign-up form

If you choose to register to receive your organisation's leadership report, we collect your work email address, organisation name, and your role level (selected from a dropdown). This form is entirely separate from the anonymous survey. The information you provide here is never linked to any survey response.

3.4  Newsletter and marketing communications

If you opt in to receive our newsletter or updates, we collect your email address and, where provided, your name.

3.5  Client and programme delivery

When you engage with us as a client, delegate or partner, we may collect your name, job title, organisation, contact details, and information relevant to the delivery of our services such as attendance records, coaching notes and programme feedback.

3.6  Cookies and website analytics

Our website is hosted on Squarespace, which may use cookies and collect anonymised analytics data about how visitors interact with the site. We do not use advertising cookies or behavioural tracking. You can manage cookie preferences via your browser settings. For full details on Squarespace's data practices, please refer to Squarespace's own Privacy Policy at squarespace.com/privacy.

4.  How and why we use your personal data

We only use your personal data for the purposes for which it was collected. The table below sets out each purpose, the data used, and our lawful basis under GDPR.

Purpose

Lawful basis under GDPR

Responding to your enquiry

Legitimate interest — you have contacted us and expect a response

Delivering the leadership report to those who register

Contractual — you have requested a specific deliverable

Sending our newsletter or updates

Consent — you have explicitly opted in

Delivering training programmes and coaching

Contract — we have a service agreement with you or your organisation

Managing client relationships and records

Legitimate interest / contract

Improving our website and services

Legitimate interest — anonymised analytics only

Complying with legal obligations

Legal obligation

We will never use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5.  The Leadership Satisfaction Survey — a note on anonymity

We want to be especially clear about how our Leadership Satisfaction Survey works, as we understand that employees may have concerns about completing a workplace survey.

The survey is designed from the ground up to be anonymous. Stone by Stone Leadership does not collect, store or process any personal data from survey respondents. We do not record IP addresses, device identifiers, browser data or any information that could be used to identify who submitted a response.

The only information collected from a survey response is the name of the organisation the respondent works for, alongside their numeric scores and question responses. These are aggregated across all respondents from the same organisation before any report is produced. No individual response is ever shared with an employer, manager or any other party.

Participation in the survey is entirely voluntary.

The report sign-up form is completely separate from the survey.

Information entered into the sign-up form is never linked to survey responses.

Employers do not receive any individually identifiable data at any point.

6.  Who we share your data with

We do not sell, rent or trade your personal data to any third party. We may share your data only in the following limited circumstances:

Service providers

We use a small number of trusted third-party services to operate our business. These include Squarespace (website hosting and forms), Google (Google Forms and Google Sheets for survey data collection and storage) and email service providers. These providers act as data processors on our behalf and are contractually required to handle your data securely and only for the purposes we specify.

Legal requirements

We may disclose your personal data if required to do so by law, or in response to a valid request from a regulatory or law enforcement authority.

Business transfers

In the unlikely event that Stone by Stone Leadership is sold or merged with another organisation, your data may be transferred as part of that transaction. We would notify you before your data became subject to a different privacy policy.

No other sharing

We do not share your data with client organisations, partner businesses, or any other third parties beyond the service providers listed above.

7.  How long we keep your data

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law. Our retention periods are as follows:

Type of data

Retention period

Website enquiry form submissions

12 months from the date of submission, unless you become a client

Leadership report sign-up registrations

12 months from the date of registration, or until the report has been delivered and no further follow-up is anticipated

Client and coaching records

6 years from the end of the engagement, in line with standard Irish business record-keeping practice

Newsletter subscriber data

Until you unsubscribe, after which we will delete your details within 30 days

Survey response data (aggregated, non-personal)

Indefinitely, as this contains no personal data

Website analytics data

As per Squarespace's data retention policy

8.  Your rights under GDPR

As a data subject under GDPR, you have the following rights in relation to your personal data. You can exercise any of these rights by contacting us at cian@stonebystoneleadership.com.

Right of access

You have the right to request a copy of the personal data we hold about you.

Right to rectification

If any data we hold about you is inaccurate or incomplete, you have the right to ask us to correct it.

Right to erasure

You have the right to ask us to delete your personal data in certain circumstances — for example, if we no longer need it for the purpose it was collected, or if you withdraw your consent.

Right to restrict processing

You have the right to ask us to restrict how we use your data in certain circumstances, for example while a dispute about its accuracy is being resolved.

Right to data portability

Where we process your data on the basis of consent or contract, you have the right to receive your data in a structured, commonly used and machine-readable format.

Right to object

You have the right to object to our processing of your data where we rely on legitimate interest as our lawful basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to withdraw consent

Where we process your data on the basis of your consent, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

Right to lodge a complaint

If you believe we have handled your personal data in a way that does not comply with GDPR, you have the right to lodge a complaint with the Data Protection Commission (DPC), which is the supervisory authority in Ireland.

Data Protection Commission (Ireland)

Website: dataprotection.ie

Phone: +353 57 868 4800

Email: info@dataprotection.ie

21 Fitzwilliam Square South, Dublin 2, D02 RD28

9.  How we keep your data secure

We take the security of your personal data seriously and take appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction or alteration. These measures include:

  • Access to personal data is limited to those who need it to carry out their responsibilities

  • Our website is hosted on Squarespace, which uses industry-standard SSL/TLS encryption for all data in transit

  • Survey and form data held in Google Sheets is accessible only to Stone by Stone Leadership personnel

  • We regularly review our data practices and update them where necessary

No method of transmission over the internet is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

10.  International data transfers

Some of our service providers, including Google and Squarespace, may process data outside the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, such as the use of Standard Contractual Clauses approved by the European Commission, to protect your data to the same standard as within the EEA.

11.  Children's data

Our services are directed at professionals and organisations and are not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data relating to a child, please contact us immediately and we will delete it.

12.  Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we make material changes, we will update the "Last updated" date at the top of this document and, where appropriate, notify you directly. We encourage you to review this policy periodically.

13.  How to contact us

If you have any questions about this Privacy Policy, or wish to exercise any of your rights, please contact us:

Stone by Stone Leadership

Email: cian@stonebystoneleadership.com

Website: stonebystoneleadership.com

We aim to respond to all data-related requests within 30 days.