top of page

Privacy Policy

This Privacy Policy outlines how I, Hayley Millbank, trading as The Heart's Mystery, collect, use, disclose, and store your personal information when you visit my website, https://theheartsmystery.com (the "Website"). I am committed to protecting your privacy and ensuring the security of your personal information.

​

1. Data Collection

I may collect personal data that you voluntarily provide when you interact with my Website, products, or services. This may include, but is not limited to:

  • Your name

  • Email address

  • Postal address

  • Phone number

  • Other contact details

​

I may also automatically collect non-personal information when you visit my Website, such as:

  • IP address

  • Browser type

  • Operating system

  • Browsing behaviour

​

This information is used to analyse trends, administer the site, track user movements, and gather demographic information.

​

For baby massage courses, I request that parents complete a medical form containing the following details about the baby to ensure I can provide appropriate care during the course:

  • Baby’s name

  • Baby’s age and date of birth

  • Baby’s GP details

  • Pregnancy and birth issues (if any)

​

This personal and medical information assists in tailoring the baby massage experience to the specific needs of the baby and mother.

​

2. Use of Personal Data

I use the personal data I collect for the following purposes:

  • To provide and personalise my products and services to meet your needs.

  • To communicate with you, including responding to your enquiries and providing customer support.

  • To send you important updates, newsletters, marketing materials, and information about my products and services. You can opt-out of receiving these communications at any time.

  • To analyse and improve my Website, products, and services, as well as develop new features and offerings.

  • To process purchases made via my online shop.

  • To protect the security and integrity of my Website, products, and services.

  • To ensure that I can provide the appropriate care and support for baby massage courses by reviewing and using medical information as provided by parents via the medical form.

​

3. Legal Basis for Processing Personal Data

I rely on the following legal bases to process your personal data:

  • Consent: I will obtain your consent before collecting and using your personal data for specific purposes. You have the right to withdraw your consent at any time.

  • Contractual Necessity: I may process your personal data to fulfil contractual obligations to you, such as delivering products or services you have requested.

  • Legitimate Interests: I may process your personal data for legitimate interests, such as improving my services and communicating with you about relevant products or offers. I will balance my interests against your rights and privacy.

For baby massage courses, I process your personal data based on your consent, which is required when you submit the medical form to ensure I provide proper care.

​

4. Data Sharing and Disclosure

I may share your personal data with trusted third parties under the following circumstances:

  • Service Providers: I may engage third-party service providers to assist in delivering my products and services. These providers are contractually obligated to protect your personal data and may only use it in accordance with my instructions (e.g., Royal Mail for delivering your shop purchases).

  • Legal Compliance: I may disclose your personal data if required by law, regulation, legal process, or governmental request.

​

5. International Data Transfers

If I transfer your personal data to countries outside the European Economic Area (EEA), I will ensure adequate safeguards are in place to protect your privacy rights, as required by applicable data protection laws, such as using standard contractual clauses.

​

6. Data Security

I take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, loss, misuse, or alteration. However, please note that no data transmission over the internet or storage method is 100% secure.

​

7. Data Retention

I will retain your personal data for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. For baby massage course medical forms, I will retain the data for the duration of the course and for a reasonable period after, to ensure continued care if needed.

​

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request access to the personal data I hold about you.

  • Right to Rectification: You can request the correction of inaccurate or incomplete personal data.

  • Right to Erasure: You can request the erasure of your personal data under certain conditions.

  • Right to Restriction of Processing: You can request the restriction of processing your personal data under certain circumstances.

  • Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format.

  • Right to Object: You can object to the processing of your personal data in certain situations, including direct marketing.

  • Right to Withdraw Consent: If I rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise your rights or make requests regarding your personal data, please contact me using the information provided at the end of this Privacy Policy. I will respond to your request within a reasonable timeframe and in accordance with applicable data protection laws.

​

9. Children’s Privacy

My Website, products, and services are not directed to individuals under the age of 16. I do not knowingly collect personal data from children. If you believe I have inadvertently collected personal data from a child, please contact me, and I will take steps to delete that information.

​

10. Insurance and Liability

As a professional in the holistic and wellness industry, I hold professional indemnity insurance through Westminster Insurance. This insurance ensures that both my services and my clients are protected in the event of any issues arising from treatments offered. However, please note that the advice and information provided on this Website are not intended as medical advice, and you should always consult with a healthcare professional for any medical-related matters.

​

11. Changes to this Privacy Policy

I may update this Privacy Policy from time to time to reflect changes in practices or applicable laws. The updated version will be indicated by an updated "Effective Date" at the beginning of this Privacy Policy. I encourage you to review this Privacy Policy periodically for any changes.

​

12. Contact Me

If you have any questions, concerns, or requests regarding this Privacy Policy or my data practices, please contact me at:
Email: hayley@theheartsmystery.com
Phone: 07971 311636

Please provide sufficient information to allow me to respond to your request effectively.

bottom of page