Privacy Policy

Our Privacy Policy was last updated on July 4, 2023.


Welcome to our Privacy Policy! These boxes aren’t legally binding, you can use them as an aid for understanding the legal language.

Personal identification information

Heather Barnard Consulting

Privacy Notice

This privacy notice is provided to demonstrate our transparency by informing you about how and why your personal data is used and to ensure that you are aware of your rights under data protection legislation (General Data Protection Regulation (GDPR)).

The Company

We are Heather Barnard Consulting and we are the Data Controller. Our registered address is 929 West Sunset Boulevard, Suite 21-517, St George, Utah 84770. We can also be contacted at

The purpose for processing your data and our basis for doing so.

We process your personal data so we can provide you with our range of services, such as online training, eBooks (including free downloads) and consulting. We also process personal data to send appropriate marketing material to you. We will usually obtain your personal data directly from you through our webform.

As a customer or prospective customer, we will process your name and contact data. We will do this under the lawful basis of Article 6.1.f GDPR (Legitimate Interest). Our legitimate interest is to maintain and expand our business services and process our transactions.

Please note, if you fail to provide the information required, we will be unable to provide the agreed services to you.

We provide marketing information to individuals that choose to subscribe through our website. The lawful basis we use for this is Article 6.1.a GDPR (Consent) as a recipient of this marketing you can withdraw your consent by unsubscribing at any time.

Recipients of your data

As a general principle, we will not transfer your personal data to other recipients without your permission. There are some exceptions to this:

It is possible, that we might be obliged to disclose personal information in response to a court order or other lawful obligation.

We may share your data as part of a sale, transfer, or merge part of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them.

We use the services of other organisations in the processing of your data. We use cloud-based email and document storage, and video conference platforms. Our online portal processes personal data such as through our contact form.

Transferring your data outside of the EU

Personal data processed for the purpose of providing our training courses, eBooks and free resources is processed in the EU. Our email and document storage platform transfers personal data to the USA and we rely on EU approved Standard Contractual Clauses for that international transfer.

Retention periods

We will retain your data only for the time we require it for the purposes stated and / or where we have a legal obligation or other legitimate purpose. We will normally delete your data upon request or when you unsubscribe.

Your rights

The GDPR provides you with several rights in relation to the data of your we process. The rights relevant to our activities are:

You have the right to get access to and copies of your personal data.

You can ask us to rectify any inaccurate information we may be holding.

You can request we restrict our processing of your data.

You can ask us to erase your personal data if it is no longer required for the purpose we collected it or have no legal obligation to retain it.

You have the right to object to processing we undertake under a legitimate interest basis.

If you want to exercise any of these rights, please contact us using the above contact details.

You also have the right to lodge a complaint about our processing with a supervisory authority. We have decided our lead authority in the EU is:

An Coimisiún um Chosaint Sonraí

21 Fitzwilliam Square South

Dublin 2, D02 RD28



“Personal Information” is information someone can use to identify you.