top of page

Privacy Policy

Welcome to www.theheartsmystery.com (the “Website”).
I, Hayley Millbank, trading as The Heart’s Mystery, respect your privacy and am committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​

1. Information I Collect

​

Personal Data You Provide

I may collect and process the following information:

  • Name, email address, postal address, phone number, and other contact details

  • Booking and purchase information

  • Information you voluntarily provide when making enquiries or bookings

Where relevant to mother and baby postnatal groups (Held Together), I may also collect limited information provided by a parent or legal guardian, such as a baby’s name and date of birth, solely for wellbeing, safeguarding, and group facilitation purposes.

In some circumstances, I may request additional information to confirm booking suitability or eligibility. Any such information is requested only where necessary and retained for the minimum period required.

​

Automatically Collected Data

When you use this Website, I may automatically collect:

  • IP address

  • Browser type and device information

  • Website usage data via cookies and similar technologies

​

2. How I Use Your Personal Data

Your personal data is used to:

  • Provide and deliver products and services you request

  • Process orders and payments

  • Communicate with you regarding enquiries, bookings, or customer support

  • Verify booking suitability or eligibility where appropriate

  • Support safe and appropriate facilitation of mother and baby postnatal groups

  • Maintain safeguarding practices and a safe environment

  • Improve and administer the Website and services

  • Send marketing communications where you have given consent (you may unsubscribe at any time)

  • Protect Website security and prevent fraud

​

3. Lawful Bases for Processing

I process your personal data under the following lawful bases:

  • Contractual necessity – to fulfil purchases and service bookings

  • Consent – for marketing communications and any optional information you choose to provide

  • Legitimate interests – for Website operation, customer service, safeguarding, and business administration, balanced against your rights

​

4. Cookies

This Website uses cookies and similar technologies to improve functionality and gather analytics.
For more information, please see the Cookie Policy.

​

5. Data Sharing

I may share your personal data with trusted third-party service providers acting as data processors, including:

  • Payment processing services

  • Delivery providers

  • Email and Website service platforms

These providers are required to process your data securely and in accordance with data protection law.
I do not sell your personal data.

I may disclose data where required by law or to protect legal rights.

​

6. International Data Transfers

Where personal data is transferred outside the UK, appropriate safeguards are in place, such as UK adequacy regulations or standard contractual protections.

​

7. Data Security

I take appropriate technical and organisational measures to protect your personal data. While no system is entirely secure, reasonable steps are taken to prevent unauthorised access, loss, or misuse.

​

8. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes outlined in this policy and to meet legal or accounting requirements.

Information relating to mother and baby postnatal groups is retained only for as long as reasonably necessary to support service delivery and safeguarding obligations.

​

9. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure where applicable

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent at any time

To exercise your rights, please contact me at hayley@theheartsmystery.com. I will respond within one month.

​

10. Children’s Privacy

This Website is intended for use by adults. I do not knowingly collect personal data directly from children.

Where services involve babies or children (such as mother and baby postnatal 1 to 1 sessions and/or groups), any personal data is provided by a parent or legal guardian and used solely for wellbeing, safeguarding, and facilitation purposes.

​

11. Data Breaches

I have procedures in place to detect, investigate, and respond to data breaches and will notify affected individuals and the Information Commissioner’s Office (ICO) where legally required.

​

12. Changes to This Policy

This Privacy Policy may be updated from time to time. The most recent version will always be available on this Website.

​

13. Contact

If you have questions about this Privacy Policy or how your data is handled, please contact:

Email: hayley@theheartsmystery.com
Phone: 07971 311636

​

Last amended 3 February 2026

bottom of page