Moonflower Energy Healing – Privacy Policy
Moonflower Energy Healing respects your privacy and is committed to protecting your personal data. This policy explains how your information is collected, used and stored when you visit the Moonflower Energy Healing website, book a session or interact with the business.
This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
For the purposes of this policy, "I", "me" and "my" refer to Moonflower Energy Healing. "You" refers to you as a visitor to the website or as a client using my services.
1. Who I Am
Moonflower Energy Healing is a holistic wellness practice operated by me, sole trader, Emma, based in Great Sankey, Warrington, United Kingdom.
Email: moonflower.energy.healing@gmail.com
Website: www.moonflowerenergyhealing.com
For the purposes of data protection law, Moonflower Energy Healing is the “data controller” of your personal data.
2. What Information I Collect
I may collect and process the following types of information:
-
Your name
-
Email address
-
Phone number
-
Billing and payment details
-
Any information you share with me as part of a consultation, treatment or group event intake form
Distance Session Data
-
Photographs provided for the purpose of non-contact distance healing sessions. These are used solely for that session and are deleted immediately afterwards.
Booking & Communication Data
-
Appointment history
-
Messages sent via email, WhatsApp, forms or social media
-
Social media profile names and message content when you contact or interact with us via Instagram or Facebook
Website & Technical Data
-
IP address
-
Browser type and device information
-
Pages visited and time spent on the site
This is standard website analytics data and helps me understand how people are finding and using the site.
3. How Your Information Is Collected
Your data may be collected when you:
-
Book a session or an event
-
Complete a consultation form
-
Contact or interact with me via the website, email, WhatsApp or social media platforms including Instagram and Facebook
-
Send a photograph for a non-contact distance healing session
-
Access my Linktree page, which acts as a link directory to my online platforms
4. How I Use Your Information
I use the information I collect to:
-
Process and manage your bookings and appointments
-
Send you appointment reminders and relevant follow-up information
-
Deliver personalised sessions
-
Send you newsletters, offers, and updates, but only if you've signed up for these (and you can unsubscribe at any time)
-
Process payments
-
Improve my services and website experience based on how they're being used
-
Meet any legal or regulatory obligations
I will never use your information for purposes you wouldn't reasonably expect and I will never sell your data to third parties.
5. Lawful Bases for Processing
Under UK GDPR, I need a lawful basis to process your personal data. Depending on how and why I'm using your information, this will be one of the following:
-
Contract – to provide services you have booked
-
Consent – for health information and marketing communications, you can withdraw consent at any time.
-
Legal obligation – where I'm required to retain or share data by law.
-
Legitimate interests – to operate and improve the website and business
You may withdraw consent at any time where applicable.
6. How Your Information Is Stored
-
Data is stored securely using password-protected systems and/or secure paper records.
-
Access is limited to the practitioner only.
-
Appropriate measures are taken to prevent unauthorised access, loss or misuse.
-
Photographs received for distance healing sessions are used solely for the purpose of that session and are deleted immediately afterwards.
I only keep your personal data for as long as necessary. This means:
Data Retention
-
Booking and client records are retained for up to 7 years in line with HMRC guidance for sole traders.
-
Consultation and treatment records are retained for a minimum of 7 years (or longer if required by professional guidelines).
-
Enquiries: up to 12 months
-
Newsletter and email subscribers' data is kept until you unsubscribe or ask me to remove it.
-
Website analytics data is typically retained for 26 months.
-
Distance session photographs: deleted immediately following the session
When data is no longer needed, it is securely deleted.
7. Sharing Your Information
Your personal data is never sold. I use a small number of trusted third-party platforms. Each has its own privacy policy and data practices.
I may share your data with:
-
Payment providers (e.g. Wix Payments, Monzo, SumUp).
-
Website and booking platforms (e.g. Wix).
-
Messaging platforms (e.g. WhatsApp, operated by Meta) used for session communication and distance session materials. WhatsApp data is subject to Meta's own privacy terms.
-
Social media platforms (Instagram and Facebook, operated by Meta). Interactions on these platforms are subject to Meta's own privacy policies.
-
Linktree, used as a link directory to connect you with my online platforms. Linktree's own privacy policy applies to any data processed through their platform.
-
Professional advisors or insurers where required.
-
Legal authorities if required by law.
All third parties are required to keep your data secure.
8. International Data Transfers
Some third-party services (such as Wix, Meta platforms or payment providers) may store or process data outside the UK. Where this occurs, appropriate safeguards are in place to ensure your data is protected in accordance with UK GDPR.
9. Cookies & Website Tracking
My website uses cookies and similar technologies, which are small files placed on your device that help the site function properly and allow me to analyse traffic.
The types of cookies used include:
-
Essential cookies: they ensure the website functions properly and cannot be switched off.
-
Analytics cookies: help me understand how visitors use the site so I can improve it.
-
Preference cookies: to improve your website experience
You can adjust your browser settings to refuse cookies, though this may affect how some parts of the site work.
10. Marketing and Communications
Moonflower Energy Healing will only contact you for marketing purposes, such as newsletters, promotions or event announcements, where you have given your explicit consent to do so.
You may withdraw this consent and unsubscribe at any time by contacting us directly or using the unsubscribe link provided in any marketing emails.
I will never add you to a mailing list without your permission.
11. Confidentiality
All sessions and client information are treated with care and confidentiality. I use appropriate measures to protect it. However, no method of transmitting or storing data online is completely secure, and I cannot guarantee absolute security.
Information will only be shared where:
Required by law.
There is a serious risk of harm to you or others. In rare circumstances where there is a serious concern for the safety or wellbeing of you or another person, it may be necessary to share information with an appropriate authority. This would only ever be done where there is a genuine safeguarding concern and where legally required or permitted.
If you have any concerns about data security, please get in touch.
12. Your Rights
Under UK data protection law, you have the right to:
-
Access your personal data
-
Request correction of inaccurate data
-
Request deletion of your data
-
Restrict or object to how I process your data
-
Withdraw consent at any time, where applicable
-
Make a complaint. See Section 13 below for how to do this
-
Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been mishandled
To exercise your rights, please contact us via email - moonflower.energy.healing@gmail.com
13. Complaints
If you have a concern about how I have handled your personal data, or about my services, I would always encourage you to come to me directly first. I take all complaints seriously and will do my best to resolve things quickly and fairly.
To lodge a complaint, please email me at moonflower.energy.healing@gmail.com with your name, contact details, and a description of your concern. I will acknowledge your complaint within 3 working days and provide a full response within 14 working days.
My full complaints procedure is set out in the Moonflower Energy Healing’s Terms & Conditions, available at moonflowerenergyhealing.com
If you are not satisfied with my response, or if your complaint relates specifically to data protection, you have the right to escalate your concern to the Information Commissioner's Office (ICO) via the ICO website or their helpline: 0303 123 1113
14. Children’s Data
Moonflower Energy Healing sessions are intended for individuals aged 18 and over unless agreed otherwise with full parental or guardian consent.
Where a session is booked for a person under the age of 18, the parent or guardian provides consent and their contact details are used for all booking and communication purposes. The child's data is handled with the same care and confidentiality as all client information.
Children's yoga sessions are delivered under Happy Kids Yoga. Data for these sessions is handled under their own policies, and Moonflower Energy Healing is not responsible for their data processing.
15. Changes to This Policy
This Privacy Policy may be updated from time to time. The latest version will always be available on the website with a revised date.
16. Contact
If you have any questions about this policy or your data, please contact Moonflower Energy Healing:
moonflowerenergyhealing.com
moonflower.energy.healing@gmail.com
Your trust is deeply valued. All information you share is held with care, respect and integrity.

Last updated: 24th June 2026
