Last reviewed: June 2026  |  Next review: June 2027, or sooner if a significant business or regulatory change occurs

 

1. Introduction

This notice explains how Soul of Nature ("we", "us", "our") collects, uses, stores, and protects your personal data. It is written in plain language because we believe you deserve to understand exactly how your information is handled.

We are committed to protecting your privacy and handling your personal data with care, transparency, and respect. Our practices comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The data controller for the purposes of this notice is:

• Business name: Soul of Nature

• Practitioner: Emma Griffiths

• Address: Powys, Wales

• Email: soulofnature.life@outlook.com

 

2. What Personal Data We Collect

Depending on how you interact with us, we may collect the following types of personal data:

Contact & Identity

• Full name

• Email address

• Phone number

• General location (town/county)

Health & Session Information

• Health history and current health conditions (via consultation forms)

• Emergency contact details

• Session notes and records

• Any personal information you choose to share in emails or conversations

Booking & Payment

• Booking history and appointment records

• Payment confirmation records (we do not store card details — see Section 6)

Website Usage

• IP address and browser information (collected automatically via cookies and analytics)

• Pages visited and interaction data

 

3. Why We Collect Your Data and Our Legal Basis

UK GDPR requires us to have a lawful basis for processing your personal data. We rely on the following:

 

3.1 Contractual necessity

When you book a session or purchase a service, we process your name, contact details, and booking information to fulfil our agreement with you — including confirming appointments, sending reminders, and processing payments.

 

3.2 Consent

We collect health information and session notes on the basis of your explicit consent, given when you complete a consultation form. You may withdraw consent at any time by contacting us at soulofnature.life@outlook.com, though this may affect our ability to provide services safely.

​

We also rely on consent for any marketing communications (such as newsletters) and for the use of non-essential cookies on our website.

​

3.3 Legitimate interests

We retain basic contact and communication records after your sessions have ended for the purposes of continuity of care and business administration. We have assessed that this does not override your rights and interests.

 

3.4 Legal obligation

We may need to process or disclose your personal data where required by law — for example, in response to a valid court order or request from a statutory authority.

 

4. How Long We Keep Your Data

We keep your personal data only for as long as necessary. Our retention periods are:

• Contact details (name, email, phone): retained while you are an active client and for up to 3 years after your last appointment, then securely deleted unless you request earlier deletion.

• Health and session records: retained for a minimum of 7 years after your last appointment, in accordance with professional practice guidance, or longer if required by law.

• Booking and payment records: retained for 6 years for tax and financial compliance purposes.

• Email correspondence: retained for up to 3 years, then deleted unless there is an ongoing reason to keep it.

• Website analytics data: retained in aggregated, non-identifiable form. No retention limit applies as it cannot identify you.

 

5. Who We Share Your Data With

We do not sell, rent, or trade your personal data. We share it only in the following limited circumstances:

• Booking platform provider: Your name, contact details, and appointment information are processed by our third-party booking system in order to manage appointments. This provider is contractually bound to handle your data securely and only for the purpose of delivering the booking service.

• Payment processor: Payment transactions are handled by our payment gateway provider (e.g., Stripe, Square, or similar). We do not see or store your full card details. All payment processing is PCI-DSS compliant.

• Email and communication tools: We use standard email services for correspondence. Emails you send to us are stored within that system.

• Legal authorities: We may disclose personal data if required to do so by law or in response to a valid legal request such as a court order or warrant.

• Credit reference agencies: In cases of disputed or fraudulent payment chargebacks where no valid reason has been given, we may share relevant information with a credit reference agency.

 

Where we use third-party service providers, we ensure appropriate data processing agreements are in place.

 

6. Payment Card Data

Soul of Nature does not store, process, or have access to your full payment card details. All card payments are handled directly by our payment gateway provider, which is fully PCI-DSS compliant. When you pay, you are transferred to or interact with their secure payment environment.

 

7. Cookies and Website Analytics

 

What are cookies?

Cookies are small text files placed on your device by websites you visit. They help websites function, remember your preferences, and provide usage statistics.

 

What cookies do we use?

• Essential cookies: Necessary for the website to function (e.g., session management). These cannot be disabled.

• Analytics cookies: We use Google Analytics to collect anonymous, aggregated data about how visitors use our website (pages viewed, time spent, etc.). This data cannot identify you personally.

• Preference cookies: May be used to remember your choices on the website.

• Marketing/re-targeting cookies: If enabled, these allow us to show advertisements for our services on other websites you visit after leaving ours.

 

Your choices

You can control and delete cookies through your browser settings at any time. Please be aware that disabling certain cookies may affect the functionality of our website. Where required by law, we will obtain your consent before setting non-essential cookies.

 

8. Data Transfers Outside the UK

Our website is hosted in the United Kingdom. Some of the third-party services we use (such as booking platforms, payment processors, or email services) may process data outside the UK or the European Economic Area (EEA).

Where this occurs, we ensure that appropriate safeguards are in place — such as the use of UK adequacy decisions, Standard Contractual Clauses, or providers certified under recognised frameworks — to protect your data to the same standard as required under UK GDPR.

 

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you (a 'Subject Access Request').

• Right to rectification: You may ask us to correct inaccurate or incomplete data.

• Right to erasure: You may request that we delete your personal data, subject to any legal obligations we have to retain it.

• Right to restrict processing: You may ask us to pause how we use your data in certain circumstances.

• Right to data portability: You may request your data in a structured, commonly used format.

• Right to object: You may object to processing based on our legitimate interests.

• Rights related to automated decision-making: We do not use automated decision-making or profiling.

 

To exercise any of these rights, please contact us at soulofnature.life@outlook.com. We will respond within one calendar month. We may ask you to verify your identity before acting on a request.

 

10. Data Security

We take the security of your personal data seriously. Our measures include:

• SSL encryption on all data transmitted between your browser and our website (look for the padlock symbol in your browser bar).

• Password-protected access to client records and correspondence.

• Use of reputable, secure third-party platforms for bookings and payments.

• Limiting access to your personal data to only those who need it.

 

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) in accordance with our legal obligations.

 

11. Children

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 18 without verifiable parental or guardian consent. If services are provided to a minor, a parent or guardian must consent to both the service and the collection of the child's personal data on their behalf.

 

12. How to Contact Us or Make a Complaint

 

Contact us:

For any questions about this privacy notice, to exercise your rights, or to request access to or deletion of your data:

• Email: soulofnature.life@outlook.com

 

Complaints

If you are unhappy with how we have handled your personal data, please contact us in the first instance and we will do our best to resolve the matter.

 

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent data protection authority:

• Website: ico.org.uk/make-a-complaint

• Telephone: 0303 123 1113

 

13. Changes to This Notice

​

We may update this privacy notice from time to time to reflect changes in our practices, services, or legal requirements. When we make significant changes, we will update the 'Last reviewed' date at the top of this document and, where appropriate, notify you by email.

​

We recommend checking this page periodically. The version published on our website on the day you visit applies to your visit.

 

Soul of Nature — soulofnature.life@outlook.com — Powys, Wales