Last updated: March 2026

1. Who I am

The Soft Rebellion Sanctuary is a UK-based sole trader wellness practice operated by Nikki (the "practitioner", "I", "me"). For the purposes of UK data protection law, I am the "data controller" of your personal information.

2. What personal data I collect

The type of information I collect will depend on how you interact with The Soft Rebellion Sanctuary. This may include:

• Contact details: your name, email address and (if you choose to provide it) telephone number.
• Enquiry details: information you share via the contact form or email about your current situation, what you feel you need support with, and which services you are interested in.
• Session information: notes taken to support our work together, such as themes you are exploring, intentions for the work, and brief reflections on our sessions. These are kept minimal and respectful.
• Technical information: basic website usage data such as IP address, browser type and pages visited, collected through standard web server logs or privacy-respecting analytics tools (if used).

3. How your data is collected

I may collect your personal data in the following ways:

• When you complete and submit the online contact form on this website.
• When you email me directly or contact me through social media.
• When you book or attend a Reiki, hypnotherapy or crystal healing session.
• Through basic website analytics tools that help me understand how the website is used (these will not be used to identify you personally).

4. Why I collect your data (legal bases)

Under UK GDPR, I must have a lawful basis for processing your personal data. The main legal bases I rely on are:

• Consent: when you voluntarily provide your details via the contact form or sign up for optional updates.
• Contract: when processing your information is necessary to provide the services you have requested (e.g. to arrange or deliver a session).
• Legitimate interests: for reasonable business purposes such as responding to your enquiries, keeping basic records, and improving services, provided these interests do not override your rights.
• Legal obligation: where I am required to retain certain information for tax, accounting or regulatory reasons.

5. How your data is used

Your data may be used to:

• Respond to your enquiries and communicate with you about sessions.
• Provide and manage the wellbeing services you have requested, including Reiki, hypnotherapy and crystal healing sessions.
• Keep brief, respectful notes to support continuity and safety in our work together.
• Send you occasional updates about services or offerings if you have explicitly asked to receive them (you can opt out at any time).
• Maintain basic business records and comply with my legal and professional obligations.

6. How long your data is kept

I only keep your personal data for as long as is reasonably necessary for the purposes described in this policy, and to meet any legal, accounting or professional obligations.

• Enquiry emails and contact form submissions: usually retained for up to 12 months after our last contact, unless we begin working together.
• Session notes and booking records: typically retained for up to 7 years after your last session, in line with common professional guidance for wellness practitioners in the UK.
• Newsletter or updates list (if applicable): retained until you choose to unsubscribe or ask for your data to be removed.

After these periods, information will be securely deleted or anonymised so that it can no longer be linked back to you.

7. Data sharing and third parties

I do not sell or trade your personal data. Your information may be shared with trusted third-party services only where necessary to run the business, for example:

• Website hosting and form processing providers (such as Netlify).
• Email service providers used to send and receive communications.
• Secure cloud storage or document services used for records and notes.

These providers are chosen carefully and are required to keep your information secure and to process it only according to my instructions and applicable data protection law.

In rare circumstances, I may also need to share limited information if required to do so by law, or to protect your vital interests or the vital interests of another person (for example, where there is a serious and immediate risk of harm).

8. International transfers

Some service providers may store or process data outside the UK or European Economic Area. Where this happens, I aim to ensure that appropriate safeguards are in place, such as the use of standard contractual clauses or equivalent protections recognised under UK data protection law.

9. How your data is protected

I take reasonable steps to protect your data from loss, misuse and unauthorised access. This includes using password protection, secure devices and reputable service providers. However, no method of transmission or storage can be guaranteed as completely secure, so I cannot promise absolute security.

10. Your rights under UK GDPR

Under UK data protection law, you have a number of rights in relation to your personal data, including:

• Right of access: to ask for a copy of the personal data I hold about you.
• Right to rectification: to ask me to correct inaccurate or incomplete information.
• Right to erasure: in certain circumstances, to request that your data is deleted.
• Right to restrict processing: to ask me to limit how your data is used in certain situations.
• Right to object: to object to certain types of processing, such as direct marketing.
• Right to data portability: in some cases, to receive your data in a commonly used, machine-readable format.

These rights are not absolute and may be subject to legal or professional obligations. If you would like to exercise any of these rights, please contact me using the details below.

11. Contact details and complaints

If you have any questions about this privacy policy or how your data is handled, or if you wish to exercise your data protection rights, please contact me via the contact form on this website.

If you are not happy with how your personal data is being handled, you also have the right to make a complaint to the UK Information Commissioner's Office (ICO) at ico.org.uk.

12. Changes to this policy

This privacy policy may be updated from time to time to reflect changes in law or how The Soft Rebellion Sanctuary operates. The "Last updated" date at the top of this page will be revised accordingly. I encourage you to review this page periodically.