Privacy Policy

1. Introduction

This Privacy Policy explains how Boneseavibrantir ("we", "us", "our") collects and uses personal data when you visit boneseavibrantir.world or use our services. We process data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Boneseavibrantir, Unit C, Forstal Farm, Goudhurst Road, Lamberhurst, Tunbridge Wells TN3 8AG, United Kingdom. Email: talk@boneseavibrantir.world. Telephone: +44 1892 890690.

3. Personal Data We Collect

• Identity data: name and professional title when voluntarily provided
• Contact data: email address, telephone number, and postal address
• Communication data: messages submitted through our contact form or correspondence
• Transaction data: booking details and payment references where applicable
• Technical data: IP address, browser type, device information, and pages visited
• Preference data: cookie consent choices stored in your browser

4. How We Collect Data

We collect data when you complete our contact form, book a service, email or telephone us, subscribe to communications (where offered), or browse our website through cookies and similar technologies.

5. Lawful Basis for Processing

• Consent: when you submit an enquiry, accept non-essential cookies, or opt in to marketing
• Contract: when processing is necessary to deliver services you have requested
• Legitimate interests: to maintain website security, prevent fraud, and improve our services, balanced against your rights
• Legal obligation: when required to comply with UK law, including tax and accounting requirements

6. How We Use Your Data

We use personal data to respond to enquiries, deliver pause practice services, manage bookings, issue invoices, improve our website, send service-related communications, and comply with legal obligations. We do not sell personal data to third parties.

7. Data Retention

Contact form submissions: up to 24 months unless a longer period is required for contractual or legal purposes. Client records: up to 7 years for accounting and tax purposes. Technical logs: up to 12 months. Cookie preferences: until you clear browser storage or withdraw consent.

8. Data Security

We implement appropriate technical and organisational measures including HTTPS encryption, access controls, staff training, and periodic security reviews to protect personal data against unauthorised access, loss, or disclosure.

9. Third-Party Processors

We may share data with trusted processors who assist with hosting, email delivery, payment processing, and analytics. All processors are bound by UK GDPR-compliant data processing agreements and process data only on our instructions.

10. International Transfers

Where data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements or transfers to countries with UK adequacy regulations.

11. Your Rights Under UK GDPR

You have the right to access, rectify, erase, restrict processing, data portability, and to object to processing based on legitimate interests or for direct marketing. You may withdraw consent at any time. To exercise your rights, contact us using the details above. We will respond within one month.

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

13. Children's Data

Our services are intended for adults aged 18 and over. We do not knowingly collect data from children.

14. Complaints to the ICO

If you believe your data protection rights have been breached, you may lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Telephone: 0303 123 1113.

15. Changes to This Policy

We may update this policy periodically. Material changes will be indicated by updating the date above. We encourage you to review this page regularly.