Privacy Policy.

Beyond Monday is operated by David MacDonald trading as Beyond Monday. For the purposes of UK data protection law, I am the data controller of the personal data you provide to me.

This Privacy Policy explains what personal data I collect, why I collect it, how I use it, how I store it, who I may share it with, how long I keep it, and your rights.

1. What this policy covers

This policy applies when you:

  • visit the Beyond Monday website;

  • submit an enquiry or Freedom Audit request;

  • email me or otherwise contact me;

  • become a client of Beyond Monday.

2. What personal data I collect

Depending on how we interact, I may collect:

  • Identity and contact details, such as your name, email address, phone number, country of residence, address and time zone.

  • Background information, such as your career or role, work pattern, family situation, obligations, goals, constraints and backstory.

  • Calendar and lifestyle inputs, such as weekly schedule, energy patterns, friction points and notes about your intended lifestyle.

  • Financial information you choose to provide, such as income ranges or sources, expenses, assets, liabilities, mortgage details, pension information, investment summaries, bank or credit card exports, and related notes.

  • Engagement materials, such as session notes, deliverables, spreadsheets, action plans, scoreboard metrics, emails and voice notes.

  • Health-related information you choose to share, where relevant to execution or planning. I do not invite detailed medical or therapy-style disclosures, but you may mention health-related factors that affect your situation.

3. How I collect your data

I collect personal data:

  • directly from you through website forms, questionnaires, email, voice notes, spreadsheets, documents and calls;

  • from payment providers, in limited form, such as confirmation that payment has been made.

4. How I use your information

I use your information to:

  • review and respond to enquiries or Freedom Audit requests;

  • assess whether there is a good fit for working together;

  • deliver the services you have asked for;

  • communicate with you, schedule sessions and provide agreed support;

  • maintain records of what has been agreed, delivered and actioned;

  • handle invoicing, payments and basic accounting records;

  • improve my templates, materials and method, using anonymised learnings where possible.

5. Lawful bases for processing

Under UK GDPR, I must identify the lawful basis or bases I rely on for processing personal data, and explain them in the privacy notice.  

I rely on the following lawful bases:

  • Contract — where processing is necessary to deliver the services you have asked for and manage the engagement.

  • Legitimate interests — where processing is necessary to run and improve my business, keep appropriate records, review fit, and protect myself from disputes, balanced against your privacy rights.

  • Legal obligation — where I need to keep accounting, tax or other legally required records.

  • Consent, where needed:

    • if you choose to share health-related information that amounts to special category data and I use it to tailor the work;

    • for testimonials, case studies or marketing, if ever used separately and with your clear permission.

If I rely on consent, you may withdraw that consent at any time.

6. Where and how I store your data

I store client documents and working files in a secure digital environment.

My standard setup is:

  • Client documents and working files are stored within the Beyond Monday Microsoft 365 Business Standard environment, using SharePoint as the structured client repository and OneDrive for internal working storage.

  • Emails and attachments are retained within my email system.

  • Deliverables, such as PDF packs and spreadsheets, are stored alongside the relevant client record.

  • Payment processing is handled by Stripe. I do not store your full card or bank details.

7. International access and transfers

Because I work remotely and may travel, I may access your data from outside the UK. Where data is stored or accessed internationally, I take reasonable steps to ensure appropriate safeguards are in place, including the use of reputable providers with appropriate security and contractual protections including use of market-leading VPN software.

8. Who I share your data with

I do not sell your personal data.

I may share it only where necessary, including with:

  • service providers such as cloud storage, email, website and payment providers;

  • professional advisers, where necessary for legal, accounting or business administration purposes;

  • other professionals you ask me to involve, such as your accountant, mortgage broker, solicitor, therapist or adviser, and only with your direction;

  • public authorities or others where I am required to do so by law.

9. How long I keep your data

The ICO says privacy information should explain retention periods, and data should not be kept for longer than necessary.  

My current standard retention periods are:

  • Freedom Audit — 12 months from delivery, then deleted or securely archived.

  • 90-Day Sprint — 24 months from Sprint Close, then deleted or securely archived.

  • Counsel Retainer — while you are an active client and for 24 months after the engagement ends, then deleted or securely archived.

  • Accounting and tax records — 6 years, where required for UK tax and business record-keeping.

If you request earlier deletion, I will comply where possible, subject to any legal or legitimate record-keeping requirements.

10. Security

I take reasonable technical and organisational steps to protect your information, including:

  • device passcodes and biometrics;

  • secure digital storage and controlled access;

  • secure sharing methods where possible;

  • limiting access to what is necessary;

  • deleting or archiving data when no longer needed.

11. Your rights

Under UK GDPR, individuals have rights including the right to:

  • access their personal data;

  • request correction of inaccurate data;

  • request deletion in some circumstances;

  • request restriction of processing in some circumstances;

  • object to processing in some circumstances, especially where legitimate interests are relied on;

  • request data portability, where applicable;

  • withdraw consent, where consent is used.

To exercise any of these rights, please contact me at:

david@beyondmonday.org

12. Complaints

If you are unhappy with how I handle your personal data, please contact me first so I can try to resolve the issue.

You also have the right to complain to the UK Information Commissioner’s Office (ICO).

13. Cookies and website usage

This website may use cookies or similar technologies for essential website operation and, where enabled, for analytics or related website functionality.

14. Contact details

If you have any privacy-related questions, you can contact me at:

David MacDonald
Trading as Beyond Monday
Email:david@beyondmonday.org

15. Changes to this policy

I may update this Privacy Policy from time to time. The latest version will appear on this page.