Privacy Policy (UK GDPR)

This Privacy Policy explains how Faye Kazmi Bodywork and Sound Therapist ("the Practitioner"), led by Faye Kazmi, collects, uses, and protects your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to both your use of the website and any booking systems associated with the practice.

Who we are

Faye Kazmi provides coaching, bodywork, and sound therapy services.

Data Controller: Faye Kazmi
Contact Email: hello@fayekazmi.co.uk

What data we collect

We collect only the information necessary to provide safe, ethical, and effective services.

This may include:

  • Personal details (name, email address, phone number)

  • Health and well-being information (via intake forms)

  • Session notes (where relevant)

  • Booking and payment information

  • Communication records (emails, messages)

  • Website usage data (via cookies and analytics, where applicable)

How your data is used

Your data is used to:

  • Provide and manage sessions

  • Ensure treatments are safe and appropriate

  • Communicate with you regarding bookings and services

  • Process payments securely

  • Maintain professional records

  • Meet legal and insurance obligations

  • Improve website functionality and user experience

Your data is held with care, intention, and respect.

Lawful basis for processing

We process your data under the following lawful bases:

  • Consent – when you provide information via forms or communication

  • Contract – to deliver the services you have booked

  • Legal obligation – for record-keeping and compliance requirements

  • Legitimate interests – to run and improve the practice responsibly

Health-related data is treated as special category data and is processed only with your explicit consent.

Third-party services

To support the running of the practice, trusted third-party services may be used:

  • Stripe – to process payments securely

  • Booking platforms (e.g. Calendly, Fresha, or similar) – to manage appointments

  • Email providers – to communicate with you

These providers process your data in accordance with their own privacy policies and UK GDPR requirements.

Your payment details are never stored directly by the Practitioner.

How your data is stored

  • Data is stored securely using password-protected systems and/or encrypted storage.

  • Physical records (if any) are kept in secure, locked locations.

  • Access to your personal data is limited to the Practitioner.

Data retention

  • Your data will be kept only for as long as necessary to fulfil the purposes outlined above.

  • This may include retention for legal, insurance, or professional requirements (typically up to 7 years where applicable).

  • After this period, your data will be securely deleted or destroyed.

Sharing Your Data

Your data will never be sold or shared for marketing purposes.

Data may only be shared:

  • With your explicit consent

  • Where required by law

  • Where there is a safeguarding concern involving risk of harm

Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you

  • Request correction of inaccurate or incomplete data

  • Request erasure of your data (where legally permissible)

  • Restrict or object to processing

  • Withdraw consent at any time

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Cookies and website data

This website may use cookies to improve your experience and understand how the site is used.

Cookies may include:

  • Essential cookies (required for site functionality)

  • Analytics cookies (to understand website usage)

You will be given the option to accept or decline non-essential cookies when visiting the site.

Contact

If you have any questions about this policy or how your data is handled, you are welcome to reach out:

Faye Kazmi
hello@fayekazmi.co.uk

This policy supports a space where your information is held with clarity, care, and integrity.