Purpose of this Policy
This policy outlines how Spiritual Gradient Ltd handles the personal data of its users, clients, donors, volunteers, and supporters. It applies to operations in England and Wales and aligns with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other international data protection frameworks such as the EU GDPR, CCPA (California), and PIPEDA (Canada).
Definitions
- Data Subject: Any living individual whose personal data is processed.
- Personal Data: Information that identifies or can identify a natural person (e.g. name, ID number, email).
- Special Category Data: Sensitive data such as racial/ethnic origin, religious beliefs, health, etc.
- Controller: Spiritual Gradient Ltd, who determines how and why personal data is processed.
- Processor: A third party who processes personal data on behalf of the Controller.
- Processing: Any action performed on personal data, from collection to deletion.
Data Protection Principles
We uphold the following principles:
- Lawfulness, Fairness & Transparency
- Purpose Limitation – Data collected for specific, lawful purposes.
- Data Minimisation – Only data necessary for specified purposes is collected.
- Accuracy – We keep data accurate and up to date.
- Storage Limitation – Data retained only as long as needed.
- Integrity & Confidentiality – Data is stored securely.
Data Subject Rights
You have the right to:
- Access your data
- Rectify inaccuracies
- Erase your data
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent (where applicable)
- Lodge a complaint with the Information Commissioner’s Office (ICO) or your relevant data protection authority
Requests
To exercise any of your rights, email: [email protected]. We aim to respond within one calendar month.
Lawful Bases for Processing
We process your data under:
- Consent
- Contractual necessity
- Legal obligation
- Legitimate interest
What We Collect
- Name, email, contact information
- Payment and booking information
- Communication history
- Session notes (with consent)
How We Use Your Data
- To deliver and improve services
- For communications (marketing with consent)
- For legal or financial record-keeping
- To comply with our safeguarding duties
International Transfers
We use third-party tools that may store data outside the UK. We ensure appropriate safeguards, such as Standard Contractual Clauses, are in place.
Retention
We retain data only for as long as necessary:
- Clients: Up to 6 years post-engagement
- Newsletter sign-ups: Until unsubscribed
- Staff/volunteers: In accordance with legal obligations
Cookies
Cookies are used to enhance functionality and analyse usage. Users will be notified and can consent via a banner. Please refer to our Cookie Policy.
Children’s Data
We do not knowingly collect personal data from children under 13. Teen users aged 13–18 require parental consent. Data of minors is only processed with guardian agreement.
Privacy by Design
Our systems are designed to minimise data usage and maximise security.
Data Security
We use encryption, access controls, secure hosting, and backup systems to protect data. Regular reviews ensure data remains safe.
Data Breaches
If a breach poses a risk to your rights, we will report it to the ICO within 72 hours and notify you within 5 days, unless the risk is minimal.
Sharing of Data
We only share your data with trusted processors for payment handling, email delivery, and session booking. We do not sell data to third parties.
Transparency Notifications
Under Articles 13 & 14 (UK GDPR), we provide notice of:
- Data source (direct or indirect)
- Purpose and legal basis
- Retention period
- Right to object or withdraw consent
- Whether provision of data is mandatory
- Any automated decision-making
Contact Us
If you have questions or concerns:
Email: [email protected]
Or contact the Information Commissioner’s Office: www.ico.org.uk | Tel: 0303 123 1113
Last Updated: May 2025
