Last updated: June 2026

1. Who We Are

This Privacy Policy explains how Pinky Ghadiali, trading as Mindset by Pinky (“we”, “us”, “our”), collects, uses, and protects your personal information when you visit bypinky.com or engage with our services.

We are committed to protecting your privacy and processing your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller

Name: Pinky Ghadiali (trading as Mindset by Pinky)

Address: Leicestershire, UK

Email: admin@bypinky.com

Website: bypinky.com

2. What Information We Collect

We may collect and process the following categories of personal data:

Contact and Identity Information

Full name

Email address

Phone number

Job title and organisation

Professional Information

Industry sector and role

Information about your workplace challenges, conflicts, or goals

Notes from coaching, mediation, or discovery conversations

Technical and Usage Data

IP address and browser type

Pages visited and time spent on our website

Referring website and device information

Communications Data

Messages sent via contact forms or email

Responses to assessments such as the Conflict Impact Assessment or Tone Reset

Podcast listener data (Spotify)

Financial Data

Payment information – processed securely by third-party payment providers such as Stripe. We do not store card details.

Marketing Preferences

Your preferences for receiving marketing communications from us

3. How We Collect Your Information

We collect personal data through the following channels:

Direct contact — when you complete an enquiry form, email us, or book a call via Calendly

Purchases and downloads — when you buy or download products such as the Tone Reset PDF or enrol in the leadership programmes or consultancy

Diagnostic tools — when you complete the Conflict Impact or similar assessments

Newsletter sign-up — when you subscribe to our mailing list

Podcast engagement — through podcast platforms or our newsletter

Social media — when you engage with us on LinkedIn or Instagram

Events — when you provide your details at speaking engagements, workshops, or webinars

Referrals — when a third party refers you to us with your consent

Cookies and tracking technologies — automatically when you visit our website

4. Why We Use Your Information (Legal Basis)

Under UK GDPR, we process your personal data on the following legal bases:

Purpose

Legal Basis

Responding to enquiries and consultation requests

Legitimate interest / Contract performance

Delivering coaching, mediation, or consulting services

Contract performance

Processing payments for products or programmes

Contract performance

Sending marketing emails to newsletter subscribers

Consent

Retargeting via Meta (Facebook/Instagram) and LinkedIn ads

Consent (via cookies)

Delivering digital products (e.g. Tone Reset PDF, Lead Without the Weight)

Contract performance

Improving our website and services

Legitimate interest

Maintaining records of mediation engagements

Legal obligation / Legitimate interest

Complying with accounting and tax obligations

Legal obligation

We will never use your personal data for automated decision-making that produces legal or similarly significant effects without your explicit consent.

5. Third-Party Services

We work with trusted third-party providers to deliver our services. These providers act as data processors and handle your data only on our behalf and in accordance with our instructions. We do not sell your personal data to any third party.

Provider

Purpose

Privacy Policy

Calendly

Appointment and call booking

calendly.com/privacy

Meta (Facebook / Instagram)

Advertising and retargeting

facebook.com/privacy/policy

LinkedIn

Advertising and professional outreach

linkedin.com/legal/privacy-policy

Email marketing platform

Newsletter delivery and audience segmentation

Mailchimp or Go High Level

Payment processor

Secure payment handling

Stripe / PayPal

Podcast hosting platform

Distribution and listener analytics

Spotify

Google Analytics

Website analytics and performance tracking

policies.google.com/privacy

6. Cookies

Our website uses cookies to improve your browsing experience and to enable advertising and analytics features. Cookies are small text files placed on your device when you visit our website.

Types of cookies we use:

Essential cookies — necessary for the website to function correctly

Analytics cookies — help us understand how visitors interact with our site (e.g. Google Analytics)

Marketing cookies — used for advertising retargeting via Meta and LinkedIn

You can manage your cookie preferences via our cookie consent banner when you first visit the site, or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

7. How Long We Keep Your Data

We retain your personal data only for as long as necessary for the purposes described in this policy:

Data Type

Retention Period

Client coaching and mediation records

7 years from end of engagement

Financial and transactional records

7 years (HMRC requirement)

Marketing subscriber data

Until you unsubscribe or withdraw consent

Website enquiry and contact form data

2 years from last contact

Cookie and analytics data

As per platform settings (typically 13–26 months)

Podcast listener data

As per podcast platform policies

8. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

Right of access — to request a copy of the personal data we hold about you

Right to rectification — to request that inaccurate or incomplete data is corrected

Right to erasure — to request deletion of your data in certain circumstances (‘right to be forgotten’)

Right to restrict processing — to ask us to pause or limit our processing of your data

Right to data portability — to receive your data in a structured, machine-readable format

Right to object — to object to processing based on legitimate interest or for direct marketing

Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing

To exercise any of these rights, please contact us at admin@bypinky.com. We will respond within one calendar month as required by UK GDPR.

9. International Data Transfers

Some of our third-party service providers are based outside the UK (for example, US-based platforms such as Meta, Google, and Calendly). Where data is transferred outside the UK, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms recognised under UK data protection law, to protect your data to the same standard as within the UK.

10. Data Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration, or disclosure. These include encrypted communications, access controls, and regular review of our data practices.

In the event of a data breach that is likely to pose a risk to your rights and freedoms, we will notify you and the Information Commissioner’s Office (ICO) within 72 hours, in accordance with our legal obligations.

11. Links to Other Websites

Our website may contain links to third-party websites, social media platforms, or partner organisations. We are not responsible for the privacy practices of those external sites and encourage you to read their privacy policies before sharing any personal data with them.

12. How to Contact Us or Make a Complaint

If you have any questions about this Privacy Policy, how we use your data, or wish to exercise any of your rights, please get in touch:

Contact Details

Name: Pinky Ghadiali

Email: admin@bypinky.com

Website: bypinky.com

If you are not satisfied with how we have handled your data or your request, you have the right to lodge a complaint with the UK’s supervisory authority:

Information Commissioner’s Office (ICO)

Website: ico.org.uk

Telephone: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The ‘Last updated’ date at the top of this document will indicate when the policy was last revised.

We encourage you to review this policy periodically. Where changes are significant, we will notify you by email or a prominent notice on our website.

Mindset by Pinky | bypinky.com | admin@bypinky.com

This policy was last reviewed in June 2026