GDPR and Privacy Policy

Privacy Policy & GDPR Policy
Effective Date: 01.01.2026
Business Name: Reiki with Kat
Sole Trader: Kathryn Hannah Roberts
Business Address: Ceol na Mara, Abereiddy Road, Croesgoch, Haverfordwest. Pembrokeshire. SA62 5LF
Email: hello@kathryn-roberts.com

________________________________________
1. Introduction
This Privacy Policy explains how [Business Name] ("we", "us", "our") collects, uses, stores, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
As a holistic wellbeing practitioner offering services including Reiki, Shamanic practices, and Coaching, we are committed to handling your personal and sensitive data with care, confidentiality, and integrity.
________________________________________
2. Data Controller
Kathryn Hannah Roberts, trading as Reiki with Kat, is the Data Controller responsible for your personal data.
Contact: Kat
Email: hello@kathryn-roberts.com
Address: Ceol na Mara, Abereiddy Road, Croesgoch, Haverfordwest. Pembrokeshire. SA62 5LF
________________________________________
3. The Personal Data We Collect
We may collect:
General Personal Data
• Full name
• Email address
• Phone number
• Address (if required for bookings)
• Emergency contact details (if applicable)
• Appointment history
• Information submitted via contact forms
Special Category Data (Sensitive Data)
Due to the nature of holistic and wellbeing services, we may collect:
• Physical health information
• Mental and emotional wellbeing information
• Medical history (where relevant to sessions)
• Spiritual beliefs (where voluntarily shared)
This data is collected only where necessary to provide safe and appropriate services.
________________________________________
4. How We Collect Your Data
We collect information when you:
• Book a session
• Complete a client intake form
• Contact us via email, phone, or website
• Subscribe to marketing communications
• Attend a consultation or session
________________________________________
5. Lawful Basis for Processing (UK GDPR)
We rely on the following lawful bases:
For General Personal Data:
• Contractual necessity – to deliver booked services
• Legal obligation – for record keeping and tax compliance
• Legitimate interests – to operate and improve our services
• Consent – for marketing communications
For Special Category (Health) Data:
We process sensitive data under:
• Explicit consent
• Provision of health or wellbeing services
You may withdraw your consent at any time.
________________________________________
6. How We Use Your Data
We use your information to:
• Provide holistic wellbeing sessions safely
• Assess suitability for Reiki, shamanic work, or coaching
• Maintain confidential client records
• Communicate about appointments
• Send newsletters or marketing (if opted in)
• Comply with legal and insurance requirements
________________________________________
7. Confidentiality
All client information is treated as strictly confidential.
Information will only be shared:
• With your explicit written consent
• If required by law
• If there is a serious risk of harm to you or others
________________________________________
8. Data Storage & Security
We implement appropriate security measures including:
• Password-protected devices
• Secure email systems
• Locked storage for paper records (if applicable)
• Limited access to personal data
• Encrypted cloud storage (if used)
We retain client records for up to 7 years for insurance and legal purposes unless a longer retention period is required.
________________________________________
9. Marketing Communications
We may send occasional marketing emails about services, workshops, or events if you have opted in.
You can unsubscribe at any time by:
• Clicking the unsubscribe link
• Emailing us directly
We do not sell or share your data for marketing purposes.
________________________________________
10. Future Online Payments
We do not currently process payments online.
If online payments are introduced in the future, they will be processed securely via a third-party payment provider compliant with PCI-DSS standards. We will not store full card details.
________________________________________
11. Your Data Protection Rights
Under UK GDPR, you have the right to:
• Access your personal data
• Correct inaccurate data
• Request erasure
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
________________________________________
12. Cookies
Our website uses cookies to improve user experience and analyse website traffic.
You can manage cookies via your browser settings.
________________________________________
13. Changes to This Policy
We may update this policy periodically. The latest version will always be available on request or on our website.
________________________________________
14. Contact
If you have questions about this policy or your data:
Kathryn Hannah Roberts
Reiki with Kat
hello@kathryn-roberts.com
Ceol na Mara, Abereiddy Road, Croesgoch, Haverfordwest. Pembrokeshire. SA62 5LF

Company Address: Ceol na Mara, Abereiddy Road, Croesgoch, Haverforwest Pembrokeshire. SA62 5LF