Privacy Policy
How we handle your information
These documents explain how Blue Bird Holistics collects, stores, and protects your personal data in line with UK GDPR and the Data (Use and Access) Act 2025.
Blue Bird Holistics is:
ICO-registered - UK GDPR compliant - DUAA 2025 compliant
1. Who we are
Blue Bird Holistics is a complementary therapy practice, sound baths and Reiki training run by Kerri Saunders. We are registered with the Information Commissioner's Office (ICO) under registration number ZB066218.
Information Controller – Kerri Saunders. If you have any questions about how we handle your personal data, you can contact Kerri at kerri@bluebirdholistics.co.uk
2. The personal data we collect
We collect and process the following types of personal data:
-
Contact details — your name, date of birth, address, telephone number and email address.
-
Health and therapy-related information — details about your presenting issues, relevant medical history, medications, and any other health information you share with us.
-
Session notes — records of our sessions together, including observations and treatment plans.
-
Enquiry details — information you submit via our website contact form.
Important: Your health and therapy-related information is classified as "special category data" under Article 9(1) of the UK GDPR. This type of data receives enhanced legal protection because of its sensitive nature.
3. How we collect your data
We collect personal data directly from you:
-
When you first contact us to enquire about complementary therapy treatments or Reiki training.
-
During your initial consultation
-
Throughout our sessions together
-
Via email, telephone, or our website contact form or booking page
We do not collect personal data about you from any other source.
4. Why we process your data — lawful basis
To process your personal data lawfully under the UK GDPR, we rely on the following legal bases:
Article 6 basis (general personal data):
Legitimate interests in retaining information necessary to provide you with the best possible treatment and to comply with our professional insurance requirements with Wellbeing Insurance and as a member of the Federation of Holistic Therapists.
Article 9 basis (special category health data):
Processing is necessary for the provision of health care treatment by a health professional subject to a professional obligation of confidentiality. The additional DPA 2018 Schedule 1 condition is Part 1, paragraph 2 (health or social care). Our professional obligation of confidentiality is defined by the Federation of Holistic Therapist Code of Practice and Ethics.
Professional body note:
As a member of the Federation of Holistic Therapists, our processing of your health data is specifically authorised under the FHT Code of Practice and Ethics, which creates a professional obligation of confidentiality.
5. Who we share your data with
We use the following third-party services which may process your data:
-
Wix — website hosting platform
-
WhatsApp — messaging communication
Each of these services is bound by their own terms of service and privacy policies. Links to their privacy policies are available on request.
We will never sell your personal data to anyone.
6. How long we keep your data:
We retain your personal data for the following periods:
-
Therapy records (adult clients): 5 years after our last session, as per Hiscox guidance and professional indemnity insurance requirements
-
Therapy records (clients under 18 at time of therapy): until the client reaches the age of 25
-
Financial records: 6 years (HMRC legal requirement)
-
Website enquiries and WhatsApp messages: 12 months
After the applicable retention period ends, paper records are securely destroyed and electronic records are permanently deleted.
7. Your rights under UK GDPR
You have the following rights regarding your personal data:
-
Right to be informed — to know how we use your data (this privacy policy fulfils this right)
-
Right of access — to request a copy of the personal data we hold about you
-
Right to rectification — to ask us to correct any inaccurate or incomplete data
-
Right to erasure — to ask us to delete your data in certain circumstances. However, this right is not absolute, we may need to retain your records until the end of the applicable retention period where required by professional guidelines, insurance, or law
-
Right to restrict processing — to ask me to limit how we use your data
-
Right to data portability — to receive your data in a commonly used format
-
Right to object — to object to certain types of processing
-
Rights related to automated decision-making — we do not use automated decision-making or profiling
To exercise any of these rights, please contact Kerri at kerri@blulebirdholistics.co.uk
If you make a subject access request, we will conduct a reasonable and proportionate search for your data as required under the Data (Use and Access) Act 2025.
8. Data protection complaints — your right under the Data (Use and Access) Act 2025
Please submit your complaint to kerri@bluebirdholsitics.co.uk
To help us investigate your concern as efficiently as possible, please include:
-
Your full name and preferred contact details
-
A clear description of your concern and which data protection right(s) you believe have been affected
-
The approximate date(s) when the issue occurred
-
Any relevant reference numbers, correspondence or documents
9. Data protection complaints Procedure
Once we receive your complaint, we will follow the steps below. We are committed to handling all complaints promptly, fairly and confidentially.
-
We will acknowledge your complaint in writing within 30 days of receiving it, confirming that we have recorded it and will be investigating.
-
If we need any additional details to fully investigate your complaint, we will contact you as soon as possible and explain what we need and why.
-
We will carry out a thorough and impartial review of your complaint. We will agree a realistic timescale with you once we have all necessary information, and we will keep you updated if there are any delays.
-
We will communicate the outcome of our investigation to you clearly and in writing within one calendar month of receiving all the information needed (this may be extended by up to two further months for complex complaints — we will notify you if this is the case).
-
If you are satisfied with the outcome, we will close your complaint. If you remain dissatisfied, you have the right to refer your complaint to the ICO free of charge (see below).
If you remain dissatisfied with our response, you have the right to escalate your complaint with the Information Commissioner’s Office (ICO) — the UK’s independent supervisory authority for data protection. This service is free of charge.
ICO website: https://ico.org.uk/make-a-complaint/
ICO helpline: 0303 123 1113 (Monday–Friday, 9am–5pm)
ICO postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
10. Confidentiality exceptions
Everything you share with us is treated as confidential. However, there are limited circumstances where we may need to share information without your consent:
-
Risk of serious harm — if we believe you or someone else is at risk of serious harm
-
Safeguarding concerns — if we have concerns about the safety of a child or vulnerable adult
-
Court order — if we are legally required to disclose information by a court
In these situations, we will always try to discuss this with you first, unless doing so would itself put someone at risk.
11. Cookies
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse Our Service. The technologies We use may include:
-
Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
-
Flash Cookies. Certain features of our Service may use local stored objects (or Flash Cookies) to collect and store information about Your preferences or Your activity on our Service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. For more information on how You can delete Flash Cookies, please read "Where can I change the settings for disabling, or deleting local shared objects?" available at https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html#main_Where_can_I_change_the_settings_for_disabling__or_deleting_local_shared_objects_
-
Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. Learn more about cookies: What Are Cookies?.
We use both Session and Persistent Cookies for the purposes set out below:
Necessary / Essential Cookies
Type: Session Cookies
Administered by: Us
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
Functionality Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
12. Changes to this policy
We review this privacy policy annually and whenever the services offered change. If we make any significant changes that affect how we handle your personal data, we will inform you directly.
Updated 19 June 2026
This is the privacy notice of Blue Bird Holistics. In this document, "we", "our", or "us" refer to Blue Bird Holistics.
