DELENTA PRIVACY POLICY Last Updated: 10th Sep 2025
This Privacy Policy explains how Delenta Limited (“Delenta”, “we”, “us”, “our”) collects, uses, stores, shares and protects personal information when individuals and organisations use our coaching-management platform, mobile apps, websites, and related services (“Services”).Delenta provides a global SaaS platform that enables coaches, coachees, enterprises, and coaching organisations to manage coaching programmes, communications, scheduling, payments, notes, resources, and digital coaching operations.
This Privacy Policy incorporates requirements under GDPR/UK GDPR, CCPA/CPRA, PIPEDA, POPIA, Australia/NZ Privacy Acts, and applicable U.S. state laws. Delenta also operates an ISO/IEC 27001-aligned Information Security Management System and follows ISO 27018 controls for cloud PII processing.
1. WHO WE ARE Delenta Limited 85 Great Portland Street Westminster, W1W 7LT United Kingdom
Delenta may act as: Data Controller For our own business operations (e.g., your Delenta account, billing, marketing, support, analytics). Supporting documentation: Delenta as controller for HR, customer and website user data. Data Processor When organisations (coaching firms, corporations, educational bodies) use Delenta to process personal information of their clients/employees. In such cases, Delenta processes data solely on behalf of, and under the documented instructions of, the data controller.
2. WHAT INFORMATION WE COLLECT We collect personal information in several ways, depending on how you interact with Delenta A. Information You Provide Name, email address, phone number Profile information (bio, qualifications, timezone, region) Account credentials (username, passwords) Coaching session data: notes, goals, files, messages, assignments (processor role in most cases) Calendar availability and integration data Organisation, job title, team or department affiliation Communications with support or sales Preferences and platform settings
Payment Information Payments are processed securely by third-party payment providers (e.g., Stripe, ChargeBee). We do not store full payment card details.
B. Information Automatically Collected IP address Browser/device characteristics Operating system Usage logs, time stamps, page interactions App crash logs and diagnostics Cookies and tracking technologies (see Cookie Policy)
C. Mobile App Data With your permission: Push notifications Calendar access Microphone/camera (for video sessions) Geolocation (optional)
D. Information Received from Integrations Examples:Zoom or Microsoft Teams profile data Calendar availability from Google/Outlook CRM system attributes Single Sign-On identity tokens
E. Sensitive Personal Information Delenta does not intentionally collect special/sensitive categories of data unless you voluntarily submit them (e.g., notes you enter yourself). We instruct users not to store unnecessary sensitive data in the platform unless required by their coaching relationship.
3. HOW WE USE YOUR INFORMATION Delenta processes personal data only where lawful and necessary. From GDPR principles: lawful, fair, transparent, purpose-limited, minimised, accurate and secure processing.
We use personal information to: Create and manage Delenta accounts Provide coaching-management features, including messaging, session scheduling, notes, resources and programme delivery Enable communication between coaches, coachees, and organisational coaching managers Facilitate payments, billing and subscriptions Provide customer support Send important service, security or policy updates Operate our platform, ensure performance, and improve features Prevent security incidents, fraud and misuse Comply with legal obligations Conduct internal analytics (aggregated or anonymised where possible)
Any automated processing or insights are limited, and we do not conduct automated decision-making that produces legal or similarly significant effects without human intervention. (GDPR Art. 22 compliance)
4. LEGAL BASES FOR PROCESSING (GDPR/UK GDPR) We rely on the following bases: Consent (marketing communications, optional integrations) Contractual necessity (providing access to the Delenta platform) Legitimate interests (platform improvement, fraud prevention, analytics) Legal obligations (tax, accounting, law-enforcement requirements) Vital interests (rare; preventing harm)
Where Delenta acts as Processor, the legal basis is determined by the Controller
5. WHEN WE SHARE YOUR INFORMATION We share information strictly when necessary:
A. Service Providers / Sub-Processors (e.g., hosting providers, analytics tools, email delivery, payment processors). All sub-processors undergo data protection assessments and are contractually bound under GDPR Art. 28 requirements. B. Business Transfers In mergers or acquisitions, your data may be transferred while maintaining contractual protections. C. Legal Requirements We may disclose information where required by law, and will notify customers unless prohibited. D. At the Direction of Controllers When organisational customers instruct Delenta to share or provide access. Delenta does not sell or share personal information for advertising under US state laws. 6. INTERNATIONAL DATA TRANSFERS Delenta may transfer data across borders (e.g., hosting on global cloud providers). We ensure:Adequacy decisions where applicable EU Standard Contractual Clauses (SCCs) UK Addendum Additional security and contractual controls
ISO 27018 requirements regarding disclosure transparency and country location of data apply.
7. DATA RETENTION We retain personal data only as long as necessary for the purposes collected, or as required by law. For most account-related data:Deleted within 3 months after account closure unless legal retention applies (tax, audit trails).
Backup data may remain securely stored until overwritten.Controllers using Delenta may set their own retention schedules; Delenta follows their instructions when acting as Processor.
8. DATA SECURITY Delenta operates an ISO/IEC 27001-aligned Information Security Management System (ISMS) and applies privacy controls aligned with ISO 27018. Controls include: Encryption in transit and at rest Access control and role-based permissions Secure development practices Penetration testing Multi-factor authentication Incident response procedures Secure data centre environments Strict policies for staff access to customer data
Full list referenced in internal ISMS document.Despite safeguards, no electronic transmission is fully secure, and users should access Delenta in a secure environment.
9. CHILDREN & MINORS Individuals under 18 may only use Delenta as non-commercial coachees receiving services from adult business users. They cannot hold business accounts or deliver coaching.Parental consent may be required in some regions under GDPR/K-12 laws
10. YOUR PRIVACY RIGHTS Depending on your region, you may have the right to: Access your data Correct inaccurate data Request deletion Restrict processing Object to processing (including marketing) Obtain a portable copy of your data Withdraw consent Not be subject to automated decision-making
Delenta supports these rights through built-in platform features, as required under ISO 27018. To exercise rights: Email: info@delenta.cloud or compliance@delenta.cloud
11. U.S. STATE PRIVACY RIGHTS (CCPA/CPRA & Others) Residents of California, Colorado, Virginia, and other U.S. states have specific rights including: Right to know categories of personal data collected Right to access Right to delete Right to correct Right to opt out of “sharing” for targeted advertising (Delenta does not engage in such sharing) Right to non-discrimination Requests may be submitted via DSAR portal or email.
12. COOKIES & TRACKING TECHNOLOGIES Delenta uses:Essential cookies Analytics tools (e.g., Google Analytics) Functional cookies Preference cookies Full details are provided in our Cookie Policy
Opt-out options are provided for analytics tools.
13. THIRD-PARTY LINKS Delenta is not responsible for third-party websites linked from our Services. Review their policies before sharing data.
14. DATA BREACH NOTIFICATION Delenta notifies:The relevant supervisory authority within 72 hours
Affected customers/controllers without undue delay (As required under GDPR & ISO 27035 incident handling standards) 15. CHANGES TO THIS POLICY We may update this Privacy Policy to stay compliant with evolving regulations. Updated versions include a “Last Updated” date. Significant changes will be communicated directly or via prominent notice.
16. CONTACT US For privacy or data protection matters: Data Protection Officer Email: compliance@delenta.cloud Delenta Limited 85 Great Portland Street London W1W 7LT United Kingdom
To submit a DSAR: info@delenta.cloud
17. REGION-SPECIFIC CONTACTS
EU/UK residents You may contact your local Data Protection Authority Canada You may raise concerns with the Office of the Privacy Commissioner Australia & New Zealand Compliant with Australia’s Privacy Act 1988 and NZ Privacy Act 2020 South Africa (POPIA) Information Regulator contacts provided in source documents
18. HOW TO REVIEW, UPDATE OR DELETE YOUR DATA You may review or update account information by logging into your profile or contacting us. We respond in accordance with applicable data protection laws.
