top of page

Privacy Policy for Wild Lotus Wellbeing

Last updated: [26.09.2025]

Welcome to Wild Lotus Wellbeing (“we”, “us”, “our”). We are committed to protecting and respecting your privacy.

​

This Privacy Policy explains how we collect, use, disclose, and store your personal data when you use our website www.wildlotuswellbeing.co.uk (the “Site”), contact us, or otherwise interact with us. It also tells you about your rights and how you can exercise them.

1. Who we are & how to contact us

Controller
Wild Lotus Wellbeing
1a Moorside Rd, Heaton Moor, Stockport SK4 4DT
claire@wildlotuswellbeing.co.uk
07547240854

​

If you have any questions about this privacy policy or how we handle your data, you can contact us at the email or address above.

​

If you are unhappy with how we process your data, you have the right to lodge a complaint with the UK data protection authority (the Information Commissioner’s Office, ICO). ICO+1

2. What personal data we collect

We may collect and process the following types of personal data:

  • Contact information: such as your name, email address, telephone number, postal address (e.g. when you fill in a contact or booking form)

  • Communications: records of communications between you and us (e.g. emails, messages)

  • Website usage data: your IP address, browser type, pages visited, time and date of visit, referral URLs, device information, and other analytics data

  • Cookies and tracking technologies: we may use cookies and similar tracking technologies (see Section 6 below)

  • Other data you provide: any other information you choose to provide (e.g. in feedback or notes when booking a service)

3. Purposes and lawful basis for processing your data

We will only process your personal data when we have a lawful basis to do so under the UK GDPR. The main purposes and legal grounds are:

  • Communicating with you: We may use your details to respond to enquiries, booking requests, or customer support messages. The lawful basis is either contractual necessity (so we can provide the service you asked for) or your consent (for example, when you choose to contact us via a form).

  • Providing services you request: When you book a therapy or wellbeing session, we process your information as necessary to perform the contract with you.

  • Sending marketing or newsletters: If you choose to opt in, we may use your information to send you updates, offers, or newsletters. This is based on your consent, and you can withdraw it at any time.

  • Analytics, site improvement, security, and debugging: We may use aggregated or pseudonymised data to understand how visitors use our website, to improve our services, and to keep the site secure. The lawful basis for this is our legitimate interest.

  • Legal or compliance obligations: In some cases, we must process your data because the law requires it (for example, for accounting, tax records, or to prevent fraud).

​

4. Sharing, disclosures & transfers

We do not sell your personal data. We may share your data in limited circumstances, for example:

  • With service providers or contractors who help us operate the website, process payments, send emails, host data, or perform customer relationship management (they act as “processors” under GDPR)

  • If required by law, regulation, or a court order

  • To safeguard rights, property, or safety

  • In the event of a business sale, merger, or reorganisation (with appropriate protection)

If we transfer personal data outside the UK (or European Economic Area), we will only do so where there are appropriate safeguards (such as standard contractual clauses) or an adequacy decision in place. ICO+1

5. How long we keep your data

We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including any legal, accounting, or reporting requirements.

For example:

  • Contact form submissions and enquiry emails: kept for up to [e.g. 2 years]

  • Customer / client records and session details: kept for [e.g. 6 years] (or as required by applicable industry standards or insurance)

  • Analytics and logs: retained in aggregated or anonymised form; raw logs for [e.g. 12 months]

We regularly review our retention periods and securely delete or anonymise data once no longer needed.

6. Cookies and tracking

We use cookies and similar technologies to track usage, improve user experience, and deliver functionality. Examples include:

  • Strictly necessary cookies — needed for website functionality

  • Performance / analytics cookies — to understand how visitors use our site

  • Functional cookies — to remember preferences

  • Marketing / advertising cookies — to deliver relevant adverts (if used)

When required, we will obtain your consent before placing non-essential cookies. You can manage or disable cookies via your browser settings or through our cookie settings banner.

7. Your rights

Under UK GDPR, you have certain rights in relation to your personal data. These include:

  • Right to be informed — to know how your data is processed (this policy helps with that) ICO+1

  • Right of access — you can request a copy of personal data we hold about you

  • Right to rectification — to correct or update inaccurate or incomplete data

  • Right to erasure (“right to be forgotten”) — in certain circumstances, request deletion of your data

  • Right to restrict processing — you may ask us to limit how your data is used

  • Right to data portability — in some cases, receive your data in a structured, machine-readable format

  • Right to object — you can object to certain processing (e.g. legitimate interest)

  • Right to withdraw consent — if processing is based on consent, you can withdraw at any time

  • Right to complain — if you believe your data has been misused, you can complain to the ICO

To exercise any of these rights, contact us at [your email/contact]. We will respond within one month (or longer if complexity demands, with notice).

8. Security

We take reasonable technical and organisational measures to protect your data from unauthorised access, loss, alteration, or destruction. This includes:

  • Using encryption (e.g. HTTPS)

  • Access controls (restricted access to personal data)

  • Regular security testing and updates

  • Secure backups

However, no method of transmission or storage is 100% secure, so we cannot guarantee absolute security. If there is a data breach that is likely to result in a high risk to your rights, we will notify you and the ICO as required by law.

9. Children & minors

Our Site is not intended for individuals under 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.

If your services involve or may involve minors, you should include additional protections and get explicit parental/guardian consent.

10. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will reflect when changes were made. Significant changes will be notified via prominent notices on our site (or via direct contact) before they take effect.

11. Third-party links

Our Site may contain links to third-party sites (e.g. for payment, external resources). We do not control their privacy practices, so we recommend you review their privacy policies separately.

bottom of page