Privacy Policy.

Name: Tarlone
Address: 53 Seymour Place, W1H 5NP London, United Kingdom
Telephone: +44 20 7364 8152

This document describes how Tarlone collects, uses, stores, and protects personal data submitted through this website or provided in the course of an engagement. It applies to all visitors and correspondents of tarlone.info.

Contents

Who We Are

Tarlone is a behaviour change practice based in London, United Kingdom. The data controller for personal data collected through this website is Tarlone, 53 Seymour Place, W1H 5NP London, United Kingdom.

Contact for data matters: [email protected] or by post to the address above.

Data Collected

Tarlone collects personal data in the following circumstances:

—Contact form submissions: name, email address, and the content of any message submitted through the contact form at tarlone.info/contact.php. Subject selection is optional and stored only where provided.
—Email correspondence: name, email address, and message content when you contact Tarlone directly at [email protected].
—Session documentation: written records produced in the course of an engagement, stored and retained as described in section 5 below. These records are the property of the participant and are not shared.
—Technical data: IP address, browser type, and page visit data collected automatically via server logs and cookies. See section 8 for cookie details.

How Data Is Used

Personal data submitted through this website is used exclusively to:

—Respond to enquiries and correspondence received through the contact form or by email.
—Administer and document the engagement for which contact was made.
—Maintain records required for the proper conduct of the practice, including engagement history and correspondence.
—Analyse anonymous website usage patterns to improve the information provided on this site. This analysis does not involve any individually identifiable data.

Tarlone does not use personal data for marketing purposes. No newsletters, promotional communications, or automated marketing messages are sent. Data is not used to build profiles beyond those created for the purposes of an active engagement.

Legal Basis for Processing

Under UK GDPR, Tarlone processes personal data on the following bases:

—Legitimate interests (Article 6(1)(f)): responding to enquiries and maintaining correspondence records necessary for the operation of the practice.
—Performance of a contract (Article 6(1)(b)): where a formal engagement has been agreed, processing is necessary for the performance of that engagement.
—Consent (Article 6(1)(a)): for the use of non-essential cookies where consent has been obtained through the cookie banner. Consent can be withdrawn at any time.

Data Retention

Personal data is retained for no longer than is necessary for the purpose for which it was collected:

—Contact form and email enquiries where no engagement follows: deleted within 90 days of final correspondence.
—Engagement records (session notes, correspondence during an active programme): retained for 24 months following the conclusion of the engagement, after which they are deleted unless a further engagement begins.
—Technical and cookie data: session data is not retained beyond the browsing session. Analytics data, if collected via third-party tools, is subject to the retention terms of those tools — see section 8.

Third Parties

Tarlone does not sell, rent, or otherwise transfer personal data to third parties for commercial purposes. Data may be shared only in the following limited circumstances:

—Service providers engaged to operate this website (hosting, email routing) who process data only on Tarlone's behalf and under written data processing agreements.
—Legal obligation: where disclosure is required by applicable law or by order of a competent authority.

The website loads resources from third-party CDNs (fonts.googleapis.com, cdn.jsdelivr.net, cdnjs.cloudflare.com, unpkg.com) for technical assets. These requests are governed by the respective providers' privacy policies. No personal data is transmitted in these requests beyond the standard technical data included in any HTTPS request.

Your Rights

Under UK GDPR, you have the following rights regarding personal data held about you:

—Right of access: to request a copy of the personal data held about you.
—Right to rectification: to request correction of inaccurate personal data.
—Right to erasure: to request deletion of personal data, subject to any overriding legal obligation to retain it.
—Right to restrict processing: to request that processing be limited pending investigation of an objection or correction request.
—Right to object: to object to processing based on legitimate interests.
—Right to data portability: to receive personal data provided by you in a structured, machine-readable format.

To exercise any of these rights, contact Tarlone at [email protected] or in writing to the postal address above. Requests will be responded to within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Cookies

This website uses cookies. A detailed account of cookie categories, individual cookies, and opt-out options is provided in the Cookie Policy. Cookie consent preferences can be adjusted at any time via the Cookie Settings link in the footer.

The website will function without non-essential cookies. Accepting only functional cookies does not affect access to any content on the site.

Contact for Data Matters

All data-related enquiries, requests, and complaints should be directed to:

Tarlone

53 Seymour Place, W1H 5NP London, United Kingdom

[email protected]

+44 20 7364 8152

This privacy policy was last revised in January 2026. Material changes will be noted with a revised date at the top of this document.