Privacy Policy

Data Protection Policy

 Holistic Healing with Celtic Soul Academy

Last updated

12th March 2025

Definitions

Organisation

means Celtic Soul Academy registered as a sole trader

DPA

means the Data Protection Act 2018 which implements the EU’s General Data Protection Regulation.

Responsible Person

means Yvonne Buchanan.

Register of Systems

means a register of all systems or contexts in which personal data is processed by the Organisation.

Privacy Policy

This website is operated by Celtic Soul Academy. I am committed to protecting and preserving the privacy of our visitors when visiting our site or communicating electronically with us.

This policy sets out how we process any personal data we collect from you or that you provide to us through our website. We confirm that we will keep your information secure and that we will comply fully with all applicable UK Data Protection legislation and regulations. Please read the following carefully to understand what happens to personal data that you choose to provide to us, or that we collect from you when you visit this site. By visiting Celtic Soul Academy (our website) you are accepting and consenting to the practices described in this policy.

Celtic Soul Academy is committed to respecting your privacy and to complying with applicable data protection and privacy laws.

 You can visit our websites without disclosing any personally identifiable information about yourself (although please note that we may use cookies and collect other non-personally identifiable information about your browsing activity - see our cookie policy for detailed information).

 If you do submit personal information by ordering products, services, registering for an event or completing a web form registration, for example, you can be assured that we will use your personal information only to support your continuing relationship with the Celtic Soul Academy.

 We have provided this Privacy Policy Statement to help you understand how we collect, use and protect your information when you visit our websites and when you generally use our products and services.

 We wish to help you make informed decisions, so please take a few moments to read the sections below and learn how we may use your personal information.

Personal Information Collection

We endeavour to collect and use your personal information only with your knowledge and consent and typically when you order and subsequently use products and services, make customer enquiries, register for an event, register for information or other services, request product information, submit a job application or when you respond to communications from us (such as questionnaires or surveys).

The type of personal information we may collect could include, for example, your name and postal address, date of birth, telephone number, email address, and credit/debit card information; lifestyle and other information collected on registration or through surveys.

If you choose to provide us with personal information it will be used in support of the intended purposes stated at the time at which it was collected, and subject to any preferences indicated by you.

Non-personal Identifying Information.

We may also collect non-personally identifying information about your visit to our websites based on your browsing activities. This information may include the pages you browse and products and services viewed or ordered for example. This helps us to better manage and develop our sites, to provide you with a more enjoyable, customised service and experience in the future, and to help us develop and deliver better products and services tailored to your individual interests and needs.

 From time to time, if you consented accordingly we may also store and use your information to contact you for market research and marketing purposes. We may contact you by email, phone or mail.

How will we use your information?

 We may use your information for a number of purposes which includes: processing your orders and managing and administering your account; delivering any services, products or information requested by you; responding to complaints or account enquiries; administering debt recoveries; verifying your identity when required (you may lose your password or security information for example, and we may then need to ask you for other 'identifiable' information to protect your data from unauthorised access).

 We may also undertake market and product analysis based on your use of our services and products and contact you with information about new developments, products, services and special offers by post, telephone and automated means such as mobile text message (SMS), Email and the internet (subject to any preferences expressed by you).

 If you have consented to receive details of products and services, events and training you can contact us at any time to have your details removed from lists used by us for any or all of those purposes or from lists maintained by our headhunting division, to update your information or to otherwise tell us how you would like to receive information about our and/or third party products and services - the choice is yours.

 To update your marketing preferences please email [email protected] and quote your full name in the body of the email and tell us what you want us to do (i.e. 'opt-out Email', 'opt-out SMS' etc or if you have previously objected to receiving information by post for example, but would now like to change your mind and receive information then just say, 'opt-in post' in the subject header of your email).

When will we disclose your information to others?

We may only disclose information about you and contact details to (i) companies within the Celtic Soul Academy Group for the purposes and subject always to the terms of this Privacy Policy Statement; (ii) in the event that we undergo re-organisation or are sold to a third party, in which case you agree that any personal information we hold about you may be transferred to that re-organised entity or third party for the purposes and subject to the terms of this Privacy Policy Statement

For the purposes of this Privacy Policy Statement, " Celtic Soul Academy" means Celtic Soul Academy or any company or other entity in which Celtic Soul Academy owns (directly or indirectly) more than 50% of the issued share capital.

Please note that Celtic Soul Academy does not sell or pass your personal information to third parties (other than as set out in the paragraph above) unless you have given us permission or unless it is strictly necessary to deliver the products and services ordered or used by you and you are notified beforehand.

For example, we may disclose your data to a credit card company to validate your credit card details and obtain payment when you buy a phone or other product or service.

Celtic Soul Academy may also be obliged to disclose your personal information to meet any legal or regulatory requirements (for example to comply with a court order) or obligations in accordance with applicable law.

Social media, blogs, reviews

Any social media posts or comments you send to us (on the Celtic Soul Academy Facebook pages or associated pages, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook / Twitter) on which they are written and could be made public.

Other people, not us, control these platforms. We are not responsible for this kind of sharing. We recommend you should review the terms and conditions and privacy policies of the social media platforms you use. That way, you will understand how they will use your information, what information relating to you they will place in the public domain, and how you can stop them from doing so if you are unhappy about it.

Any blog, review or other posts or comments you make about us, our products and services on any of our blogs, reviews or user community services will be shared with all other members of that service and the public at large. Any comments you make on these services and on social media in general must be not offensive, insulting or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.

How long do we keep your information for?

To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we actually need it for the purposes we acquired it for in the first place.

In most cases, this means we will keep your information for as long as you continue to use our services having expressed interest in them, and for a reasonable period of time afterwards if you stop doing so, to see if we can persuade you to come back to us. After that we will delete it other than where we lawfully can keep any data for audit or legal reasons.

We shall keep data on our prospect database for not longer than 3 years from receipt subject to an individual’s right to unsubscribe or be forgotten at any time.

Access to your Information

You can write to us at any time to obtain details of the personal information we may hold about you. Please write to: [email protected]  or Data Protection Officer, 36 Clanna Rury, Claudy, Londonderry, Northern Ireland, BT47 4FB.

Please quote your name and address together with your mobile and/or email address (if relevant). We would be grateful if could also provide brief details of what information you want a copy of (this helps us to more readily locate your data).

We will take all reasonable steps to confirm your identity before providing you with details of any personal information we may hold about you.

Information Security

Celtic Soul Academy recognises that its customers are increasingly concerned about how companies protect personal information from misuse and abuse and about privacy in general. Celtic Soul Academy is constantly reviewing and enhancing its technical, physical and managerial procedures and rules to protect your personal data from unauthorised access, accidental loss and/or destruction. We use industry standard TLS certificates to provide encryption of data in transit, for example, all access to Celtic Soul Academy’s websites and management portals is covered by HTTPS.

Please be aware that communications over the Internet, such as emails/webmails, are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered - this is the nature of the World Wide Web/Internet. Celtic Soul Academy cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

Privacy Support

Celtic Soul Academy reserves the right to amend or modify this Privacy Policy Statement at any time and in response to changes in applicable data protection and privacy legislation.

If we decide to change our Privacy Policy, we will post the changes on our website so you know what information we collect and how we use it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will tell you. You will have a choice as to whether or not we are able to use your information in this different manner.

If you have any enquiry about Celtic Soul Academy’s privacy policy or practices, please write to: Data Protection Officer, 36 Clanna Rury, Claudy, Londonderry, Northern Ireland, BT47 4FB or send an email to: [email protected].

Monitoring and or recording of all your Communications

Monitoring or recording of your calls, emails, text messages and other communications may take place in accordance with UK law, and in particular for business purposes, such as for quality control and training, to prevent unauthorised use of Celtic Soul Academy’s websites, to ensure effective systems operation and in order to prevent or detect crime.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service.

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies re56main on your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close your web browser. Learn more about cookies:

All About Cookies.

We use both session and persistent Cookies for the purposes set out below:

Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

Targeting and Advertising Cookies

Type: Persistent Cookies

Administered by: Third-Parties

Purpose: These Cookies track your browsing habits to enable Us to show advertising which is more likely to be of interest to You. These Cookies use information about your browsing history to group You with other users who have similar interests. Based on that information, and with Our permission, third party advertisers can place Cookies to enable them to show adverts which We think will be relevant to your interests while You are on third party websites.

For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

How we may use the information we collect

Information you supply to us. We will use this information:

  • to provide you with information and/or services that you request from us;
  • to contact you, by email, telephone calls, SMS or other equivalent forms of electronic communication such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
  • To manage Your requests: To attend and manage Your requests to Us.

Information we automatically collect about you.

We will use this information:

  • to administer our site including troubleshooting and statistical purposes;
  • to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
  • security and debugging as part of our efforts to keep our site safe and secure.

Disclosure of your information

We use a trusted third party website and hosting provider (Kajabi) to facilitate the running and management of this website. Kajabi meet high data protection and security standards and are bound by contract to keep any information they process on our behalf confidential. Any data that may be collected through this website that Kajabi process, is kept secure and only processed in the manner we instruct them to. Kajabi cannot access, provide, rectify or delete any data that they store on our behalf without permission.

We do not rent, sell or share personal information about you with other people or non-affiliated companies.

We will use all reasonable efforts to ensure that your personal data is not disclosed to regional/national institutions and authorities, unless required by law or other regulations.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Third party links

Our site may, from time to time, contain links to and from the third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Your rights – access to your personal data

You have the right to ensure that your personal data is being processed lawfully (“Subject Access Right”). Your subject access right can be exercised in accordance with data protection laws and regulations. Any subject access request must be made in writing to Holistic Healing with Yvonne. We will provide your personal data to you within the statutory time frames. To enable us to trace any of your personal data that we may be holding, we may need to request further information from you. If you have a complaint about how we have used your information, you have the right to complain to the Information Commissioner’s Office (ICO).

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to Yvonne Buchanan [email protected].

GDPR Specific Provisions

1. Data protection principles

The Organisation is committed to processing data in accordance with its responsibilities under the DPA.

DPA requires that personal data shall be:

  1. processed lawfully, fairly and in a transparent manner in relation to individuals;
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the DPA in order to safeguard the rights and freedoms of individuals; and
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”

2. General provisions

  1. This policy applies to all personal data processed by the Organisation.
  2. The Responsible Person shall take responsibility for the Organisation’s ongoing compliance with this policy.
  3. This policy shall be reviewed at least annually.
  4. The Organisation shall register with the Information Commissioner’s Office as an organisation that processes personal data.

3. Lawful, fair and transparent processing

  1. To ensure its processing of data is lawful, fair and transparent, the Organisation shall maintain a Register of Systems.
  2. The Register of Systems shall be reviewed at least annually.
  3. Individuals have the right to access their personal data and any such requests made to the Organisation shall be dealt with in a timely manner.

4. Lawful purposes

  1. All data processed by the Organisation must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests
  2. The Organisation shall note the appropriate lawful basis in the Register of Systems.
  3. Where consent is relied upon as a lawful basis for processing data, evidence of opt-in  consent shall be kept with the personal data.
  4. Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Organisation’s systems. 

5. Data minimisation

  1. The Organisation shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

 

6. Accuracy

  1. The Organisation shall take reasonable steps to ensure personal data is accurate.
  2. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.

7. Archiving / removal

  1. To ensure that personal data is kept for no longer than necessary, the Organisation shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
  2. The archiving policy shall consider what data should/must be retained, for how long, and why.

8. Security

  1. The Organisation shall ensure that personal data is stored securely using modern software that is kept-up-to-date. 
  2. Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
  3. When personal data is deleted this should be done safely such that the data is irrecoverable.
  4. Appropriate back-up and disaster recovery solutions shall be in place.

9. Breach

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Organisation shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO

END OF POLICY 

Credit for this policy is given to White Fuse: https://whitefuse.com/blog/privacy-policy-notice-template