Privacy policy

1. Who We Are

This website is operated by Sarah Thum-Bonanno, trading as Yoga and Coaching with Sarah, based at Ashen Plains, Waterley Bottom, North Nibley, Gloucestershire, GL11 6EF, United Kingdom.

Sarah Thum-Bonanno is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions about this Privacy Policy or how your personal data is used, please contact us.

2. What Information We Collect

Information you provide to us

When you use the contact form on our website or get in touch by email, we may collect:

•       Your name

•       Your email address

•       Any other information you choose to share in your message

Information collected automatically

This website site is hosted on Squarespace, which may collect certain technical data automatically, including:

•       Your IP address

•       Browser type and version

•       Pages visited and time spent on the site

•       Referring website

This data is collected by Squarespace and subject to their own privacy policy, available at squarespace.com/privacy.

3. How We Use Your Information

We use the information you provide to:

•       Respond to your enquiries about yoga, coaching, or natural therapy services

•       Arrange and manage appointments or sessions

•       Send information you have requested about our services

•       Comply with our legal obligations

We will not use your personal information for any other purpose without your explicit consent.

4. Our Legal Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

•       Legitimate interests — to respond to your enquiries and manage our client relationships

•       Contract performance — to deliver the services you have engaged us for

•       Legal obligation — where we are required to retain records for tax or regulatory purposes

•       Consent — where you have specifically given us permission (for example, to receive updates or newsletters, if offered)

5. Health and Sensitive Information

In providing yoga, coaching, or natural therapy services, we may sometimes collect information about your physical or mental health in order to tailor our sessions to your needs. This is treated as special category data under UK GDPR.

We will only collect and use this type of information with your explicit consent and will handle it with the utmost care and confidentiality.

6. How We Store Your Data

Your personal data is stored securely. Any information submitted via our contact form is received through Squarespace's secure servers. Email correspondence may be retained in our email system.

We take reasonable steps to protect your data from unauthorised access, loss, or disclosure. We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law.

Client notes and session records are retained for a maximum of 7 years in line with professional best practice, after which they are securely deleted.

7. Sharing Your Information

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Your data may be shared with:

•       Squarespace, Inc. — our website hosting provider (operating under a data processing agreement)

•       Our email service provider, for the purpose of correspondence

•       Professional supervisors or legal advisors, in confidence and only where necessary

•       Regulatory or law enforcement authorities, if required by law

8. Cookies

Our website uses cookies. Cookies are small text files placed on your device by the website you visit. Squarespace may set cookies for analytics and functionality purposes.

By continuing to use this website, you consent to the use of cookies in accordance with Squarespace's cookie policy. You can control cookies through your browser settings, though disabling them may affect how the site functions.

9. Your Rights

Under UK GDPR, you have the right to:

•       Access — request a copy of the personal data we hold about you

•       Rectification — ask us to correct inaccurate or incomplete data

•       Erasure — request that we delete your personal data in certain circumstances

•       Restriction — ask us to restrict how we use your data

•       Portability — receive your data in a structured, commonly used format

•       Object — object to us processing your data based on legitimate interests

•       Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at the email address above. We will respond within one month.

10. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority.

ICO website: ico.org.uk | Helpline: 0303 123 1113

11. Links to Other Websites

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date at the top. We encourage you to review this policy periodically.