top of page

Privacy Policy

Welcome to www.theheartsmystery.com (the “Website”). I, Hayley Millbank, trading as The Heart's Mystery, respect your privacy and am committed to protecting your personal data in accordance with the UK GDPR and Data Protection Act 2018.

​

1. Information I Collect

Personal Data You Provide:

  • Name, email address, postal address, phone number, and other contact details.

  • Baby massage course medical information: baby’s name, date of birth, GP details, pregnancy/birth info (for care purposes).

Automatically Collected Data:

  • IP address, browser type, device information, browsing behaviour via cookies and similar technologies.

​

2. How I Use Your Personal Data

I use your data for the following purposes:

  • To provide and personalise products and services you request.

  • To communicate with you (enquiries, support, updates).

  • To send marketing communications with your consent (you may unsubscribe anytime).

  • To administer and improve my Website and services.

  • To process payments and orders.

  • To ensure safe and appropriate care during baby massage courses using the medical info provided.

  • To protect Website security and prevent fraud.

​

3. Lawful Bases for Processing

  • Consent: For marketing communications and baby massage medical info. You may withdraw consent anytime.

  • Contractual Necessity: To perform and manage contracts for goods and services you purchase.

  • Legitimate Interests: For Website administration, security, customer service, and improving my business, balanced against your rights.

​

4. Cookies and Tracking Technologies

I use cookies to improve your experience and gather analytics. For detailed information, please see my Cookie Policy.

​

5. Data Sharing and Disclosure

I may share your data with trusted service providers acting as data processors under contract, including:

  • Payment processors

  • Delivery services (e.g., Royal Mail)

  • Email marketing platforms (only with your consent)

I do not sell your personal data. I may disclose your data if required by law or to protect legal rights.

​

6. International Transfers

Where data is transferred outside the UK or EEA, I ensure adequate safeguards such as UK adequacy decisions or Standard Contractual Clauses are in place.

​

7. Data Security

I implement appropriate technical and organisational measures to protect your data from unauthorised access, loss, or misuse. However, no system is completely secure.

​

8. Data Retention

I retain personal data only as long as necessary for the purposes described and as required by law. Baby massage medical data is retained for the course duration plus a reasonable period afterwards for ongoing care.

​

9. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access your data

  • Correct inaccurate data

  • Request deletion where applicable

  • Restrict processing

  • Object to processing (including marketing)

  • Data portability

  • Withdraw consent

To exercise your rights, please contact me at hayley@theheartsmystery.com. I will respond within one month as required by law.

​

10. Children’s Privacy

My Website and services are not intended for children under 16. I do not knowingly collect data from children. If you believe I have collected such data, please contact me for removal.

​

11. Data Breach Notification

I have procedures to detect, report, and investigate data breaches and will notify you and the ICO if legally required.

​

12. Insurance

I hold professional indemnity insurance with Westminster Insurance covering services offered but this does not extend to medical advice.

​

13. Changes to This Policy

I may update this policy occasionally. The latest version is always available here with the updated date.

​

14. Contact Me

Questions or concerns about your data? Contact me at:
Email: hayley@theheartsmystery.com
Phone: 07971 311636

​

Last amended 25/05/2025

bottom of page