Privacy Policy

CoachingSriLanka Ltd. ("we," "our," or "us") operates the website CoachingSriLanka.com. We are deeply committed to protecting your privacy, safeguarding your personal data, and maintaining the highest standards of digital security. This Privacy Policy outlines how we collect, use, process, and protect your information in strict compliance with global data protection regulations, including the General Data Protection Regulation (GDPR).

As a premium B2B2C marketplace facilitating executive coaching and luxury retreats, trust is our foundational pillar. We act strictly as a Data Controller for the information provided voluntarily by our users to facilitate bookings and platform memberships.

1. Information We Collect

We believe in the principle of Data Minimization. We only collect information that is strictly necessary to provide our services. We do not engage in data scraping, purchasing of third-party email lists, or covert tracking of personal communication.

• Account Registration Data: When applying for membership as a Coach or registering as a Client, we collect your first name, last name, professional email address, and encrypted password.
• Booking & Transaction Data: When scheduling a session or retreat, we collect necessary scheduling details. Payment processing is handled entirely by secure, PCI-compliant third-party gateways (e.g., Stripe); we do not store your full credit card information on our servers.
• System & Usage Data: Standard server logs, IP addresses for security auditing, and essential cookies required for session management.

2. How We Use Your Information

Your data is utilized exclusively to deliver, maintain, and improve our elite services. Specifically, we use your information to:

• Create and securely manage your account profile.
• Facilitate direct bookings and securely connect clients with verified coaches.
• Send mandatory transactional notifications related to your account security and scheduling.
• Provide prioritized customer support and dispute resolution.

3. Transactional Email & Mailgun Infrastructure

We utilize enterprise-grade email infrastructure provided by Mailgun Technologies, Inc. to ensure the reliable delivery of critical account notifications. By creating an account and checking the mandatory consent box during registration, you explicitly agree to receive these communications.

Our strict email communication policies:

• Zero Spam Policy: We have a zero-tolerance policy for unsolicited bulk email (UCE) or "spam". We do not sell, rent, or trade your email address to any third parties for marketing purposes.
• Transactional Focus: The primary use of your email address is for transactional alerts (booking confirmations, calendar reminders, password resets, and invoice deliveries).
• One-Click Unsubscribe: Any non-essential or marketing communication from us will always include a clear, functional, one-click "Unsubscribe" link at the bottom of the email, processed immediately.

4. Data Sharing and Third-Party Disclosures

We respect the confidentiality of our high-net-worth clients and elite professionals. We do not sell your personal data. Information is only shared under the following strict conditions:

• Between Client and Coach: When a booking is confirmed, necessary contact details are shared securely between the specific client and the specific coach to facilitate the session.
• Essential Service Providers: We share data only with vetted infrastructure partners (like Mailgun for email delivery, and AWS for secure server hosting) who are legally bound by strict data processing agreements.
• Legal Compliance: If required by international law, court order, or to protect the safety of our users.

5. Your Rights & GDPR Compliance

We recognize and enforce your rights regarding your personal data. Regardless of your physical location, we grant you the following rights:

• The Right to Access: You may request a complete copy of the personal data we hold about you.
• The Right to Rectification: You may update or correct any inaccurate data through your account dashboard.
• The Right to Erasure ("Right to be Forgotten"): You may request the permanent deletion of your account and all associated personal data from our active databases at any time.
• The Right to Withdraw Consent: You may withdraw your consent for data processing at any time, which will result in the immediate closure of your account.

6. Data Security

We employ enterprise-level security protocols, including AES-256 encryption at rest and TLS 1.3 encryption in transit, to protect your personal information against unauthorized access, alteration, or destruction.

7. Contact Information

If you have any questions about this Privacy Policy, your data rights, or wish to report a violation of our email policies, please contact our Data Protection Officer immediately: