top of page

Privacy Policy

Effective Date: 23 June 2025

​

1.0 General Information

1.1 Introduction

ANANTA Home of Healing is committed to protecting your privacy and handling your personal data with care. This Privacy Policy explains how we collect, use, store, and protect your personal and health-related data when you access our website, book our Services, or otherwise engage with us. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 to ensure that your data is processed securely and transparently. By using our website or Services, you agree to the collection and use of your personal data as described in this policy. Please read this Privacy Policy carefully to understand how we manage your data and your rights under data protection law. 

​

1.2 Definitions

In this Privacy Policy:

  • 'We', 'us', and 'our' refer to ANANTA Home of Healing.

  • 'You', 'your', and 'individual' refer to any person accessing this website, making a booking, or receiving Services from us.

  • 'Services' refers to Ayurvedic consultations, personalised treatment plans, Ayurvedic treatments (including massage), and the set detox plan offered and booked through us.

  • 'Personal data' means any information that relates to an identified or identifiable individual. This may include, for example, your full name, contact details, health-related information, payment details, IP address, and other data that could be used to identify you directly or indirectly.

​

2.0 Personal Data We Collect

In order to provide our Services safely and effectively, we collect and process a range of personal data. This includes special category data (also known as sensitive personal data), such as information related to your health and wellbeing. The types of personal data we collect include, but are not limited to: 

  • Personally identifiable information: Full name, date of birth, and gender.

  • Contact information: Address, email address, and telephone number.

  • Health and lifestyle information (special category data): Information relevant to your consultation or treatment, including medical history, current health conditions, medications, allergies, menstrual cycle, pregnancy, sleep patterns, digestion, stress levels, and emotional wellbeing.

  • Emergency contact information: Name and contact details of someone we can reach in the event of an emergency during an appointment.

  • Appointment information: Booking history and any related correspondence or notes.

  • Payment information: Card payment details (e.g. amount, date, method). We do not collect or store your full card details; all payments are securely processed by third-party service providers.

  • Technical information: IP address, browser type, and other relevant technical data collected automatically when using our website platform for essential website functionality, security, and technical support purposes. 

​

3.0 How We Collect Personal Data

We collect personal data through various channels, depending on how you engage with our Services. This includes:

  • Contact form submissions: When you complete and submit the contact form on our website.

  • Email and telephone communications: When you contact us by email or telephone.

  • Online forms: When you complete secure online forms via Jotform, including the Health Questionnaire, Consultation Consent Form, Treatment Consent Form, and Appointment Confirmation. 

  • Consultations: Information shared during consultations is recorded as written notes, which are then securely scanned and stored digitally. Physical copies are confidentially destroyed once digitised. 

  • Treatments: Additional relevant medical or health information collected during treatment sessions.

  • Payments: Payments online are processed securely via Stripe, and in person payments are processed securely via SumUp. We do not collect or store your card payment details directly.

  • Website analytics: Non-personal and anonymised data about your visit are automatically collected through our website. See Section 5.1 Website Analytics for details. 

​​

4.0 Legal Basis for Processing Your Personal Data

We process your personal data in accordance with applicable data protection laws. Depending on the nature of your interaction with us, we rely on one or more of the following legal bases:

4.1 Consent

We rely on your explicit consent to process special category data (sensitive personal data) such as health and lifestyle information. This consent is obtained when you complete relevant online forms including the Health Questionnaire and Treatment Consent Form. You have the right to withdraw your consent at any time by contacting us. Please refer to Section 14.0 Contact Information.

4.2 Contractual Necessity 

Some personal data is processed because it is necessary to enter into or perform a contract with you, for example, to manage bookings, deliver consultations and treatments, and handle payments.

4.3 Legal Obligation

We may process your personal data where necessary to comply with our legal, regulatory, and insurance-related obligations, such as maintaining records for tax and insurance purposes or health and safety requirements. 

4.4. Legitimate Interests

We process your personal data where it is necessary for our legitimate business interests, provided your rights and freedoms are not overridden. This includes ensuring the safe delivery of our Services, improving our Services, maintaining accurate business records, and communicating with you regarding your appointments or queries.

​​

5.0 How We Use Your Personal Data

We use the personal data we collect for the following purposes:

  • To provide, manage, and deliver our Services to you.

  • To assess your suitability for Ayurvedic treatments and ensure your safety.

  • To manage bookings and communicate with you about your appointments.

  • To respond to enquiries, requests, or feedback you submit.

  • To send an automated email confirming receipt of enquiries submitted via our website, which includes a link to manage your communication preferences.

  • To maintain accurate and up-to-date records of consultations and treatments.

  • To process payments for Services.

  • To send receipts for payments made for Services.

  • To comply with legal, regulatory, and insurance-related obligations (e.g. health, tax, and record keeping).

  • To monitor and improve the quality, safety, and effectiveness of our Services.

​​​

​​​6.0 Sharing Your Personal Data

We will share your personal data with trusted third-party service providers who assist us in delivering our Services. These providers are contractually obligated to maintain the confidentiality and security of your data and to use it solely for the purposes we specify. They comply with all applicable data protection laws, including UK GDPR.  

The key third-party service providers with whom we share your information include:

  • Wix: Our website platform provider, responsible for website operation and analytics. See their Privacy Policy for more information. 

  • Jotform: Our secure online form provider, used to collect health questionnaires, consent forms, and appointment confirmations. Jotform ensures secure data transmission and storage. See their Privacy Policy for more information.

  • Stripe: Handles all online payment processing securely. We do not collect or store your card payment details. See their Privacy Policy for more information.

  • SumUp: Processes in person payments securely at appointments. We do not collect or store your card payment details. See their Privacy Policy for more information. 

We do not sell, rent, or trade your personal data to any third parties for marketing purposes or any other unrelated uses. 

 

7.0 International Data Transfers

Some of the third-party service providers we use, such as Wix, Jotform, Stripe, and SumUp may process or store your personal data outside of the UK or European Economic Area (EEA), including in countries that may not have the same level of data protections laws.

Where such transfers occur, we rely on our third-party service providers to implement appropriate safeguards in accordance with the UK GDPR. These may include:  

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO)

  • Data processing agreements that include adequate protection measures

By using our website and Services, you acknowledge and accept that your personal data may be transferred outside the UK or EEA in accordance with the measures described above. ​

​​​

8.0 Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal, regulatory, or insurance obligations. In line with the requirements of our professional indemnity insurer, we retain consultation records, personalised treatment plans, treatment notes, completed health questionnaires, and signed consent forms for a minimum of five (5) years from the date of your last appointment. After this period, your personal data will be securely deleted or destroyed, unless we are required to retain it for longer under applicable laws (e.g. for tax or accounting purposes).

​

9.0 Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right to be informed: You have the right to be informed about the collection and use of your personal data, including the purposes, retention periods, and who it may be shared with.

  • Right to access: You have the right to request access to and receive a copy of your personal data, along with other supplementary information.

  • Right to rectification: You can request that we correct any inaccurate or incomplete personal data we hold about you

  • Right to erasure: In certain circumstances, you have the right to to request that we delete your personal data.

  • Right to restrict processing: In certain circumstances, you can request that we restrict or suppress the processing of your personal data.

  • Right to data portability: Where applicable, you have the right to request a copy of your personal data in a commonly used format, and to have it transferred to another provider.

  • Right to object: You have the right to object to the processing of your personal data in certain circumstances, such as for direct marketing.

  • Right to manage preferences: If you receive automated communication in response to an enquiry, you can manage your preferences or opt out using the link provided in the message.

  • Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

  • Right to lodge a complaint: If you have any concerns about how we handle your personal data, you can lodge a complaint with the Information Commissioner's Office (ICO). 

You can find more information about your data protection rights by visiting the ICO's website https://ico.org.uk/for-the-public/

To exercise any of your rights, please contact us using the details provided in Section 14.0 Contact Information

​​​

10.0 Security of Your Personal Data  

We are committed to protecting your personal data and ensuring it is handled securely and in compliance with UK GDPR. To maintain data security, we implement the following measures:

  • Website Security: Our website is hosted by Wix, which uses HTTPS and Secure Socket Layer (SSL) encryption to ensure all data shared via our site is securely transmitted.

  • Online Forms: We use Jotform for health questionnaires, consent forms, and appointment confirmations which are transmitted using SSL encryption. Additionally, these forms are end-to-end encrypted. Only ANANTA Home of Healing holds the private encryption key, which means the submitted data cannot be accessed by Jotform, internet service providers, or any other external party. This ensures maximum confidentiality and data security during collection, transmission, and storage.  

  • Consultation Notes: Initial consultation notes are taken on paper, then scanned and securely stored on password-protected computer. Once digitised, the paper notes are securely destroyed.

  • Payments:  We use Stripe for online payments and SumUp for in person transactions. Both use SSL encryption and are PCI-DSS compliant. We never collect or store your card payment details. 

  • Device & Access Controls:  All devices used to store or access your personal data are protected by passwords, encryption, and security updates. Access to personal data is limited to authorised personnel only.  

  • Third-Party Service Providers: We only share your personal data with trusted third-party service providers (See Section 6.0 Sharing Your Personal Data) who are contractually obligated to maintain the confidentiality and security of your personal data. These providers comply with applicable data protection laws and are only permitted to use your personal data for the purposes we specify.  

  • Ongoing Review & Compliance: We regularly review and update our data handling practices to ensure continued compliance with UK GDPR and to maintain a high standard of data protection.  

While we take all reasonable steps to protect your personal data, no system can be guaranteed ​to be completely secure. We therefore cannot guarantee absolute security, but we are committed to maintaining industry best practices and continually reviewing our safeguards. 

​

11.0 Cookies & Tracking Technologies 

Our website uses essential cookies provided by our website platform, Wix. These cookies are necessary to ensure the core functionality, security, and performance of the site. They support features such as session management, fraud prevention, load balancing, and secure connection handling. As these are strictly necessary for the operation of the site, no consent is required under data protection laws. Please refer to Wix's Cookie Policy for further information. 

We do not use any additional cookies or tracking technologies for analytics, marketing, profiling, or third-party purposes. on our website. 

​

12.0 Children's Privacy

Our Services are intended for individuals 18 years of age or older. We do not knowingly collect or process personal data from anyone under this age. If you are under 18 years of age, you are not permitted to use our Services or provide us with your personal data. If you believe that an individual under the age of 18 has submitted personal data to us, please contact us using the details provided in Section 14.0 Contact Information. We will take appropriate steps to delete the data as soon as possible.

​

13.0 Changes to The Privacy Policy

We reserve the right, to update, modify, or replace any part of the Privacy Policy at our sole discretion by posting the revised version on our website. While we encourage you to review this page periodically, we will notify you of any material changes. Continued use of our website or Services after any such updates will constitute acceptance of the revised Privacy Policy.

 

14.0 Contact Information 

If you have any questions or concerns regarding your personal data or this Privacy Policy, or wish to exercise your rights, please contact us at info@anantahomeofhealing.com â€‹â€‹â€‹â€‹â€‹â€‹â€‹

bottom of page