top of page

1. Introduction

Welcome to BONSAI MINDSET. We value your privacy and are committed to protecting your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, and protect your information when you visit our website www.bonsai-mindset.com, use our online holistic health coaching services, or otherwise interact with us.

By using our website or services, you consent to the practices described in this policy.

 

2. Who We Are

Bonsai Mindset is an independent holistic health coaching service based in the United Kingdom. 1-1 coaching is provided online to clients who are looking to improve their health and lifestyle. Clients can chose one of the coaching programmes, where they can work though their challenges and achieve their wellness goals.

Data Controller: Bonsai Mindset
Email: [Insert Contact Email]
Telephone: [Insert Phone Number]

We are responsible for deciding how your personal data is collected, used, and stored.

 

3. Information We Collect

We may collect the following types of personal information:

a. Personal and Contact Details

  • Full name

  • Email address

  • Telephone number

  • Postal address (if relevant)

 

b. Health and Lifestyle Information

  • Information you voluntarily share as part of coaching sessions or assessments, such as lifestyle habits, health goals, or wellbeing history.
    (Note: This may include special category data under UK GDPR, which is treated with extra care and processed only with your explicit consent.)

c. Transaction and Payment Information

  • Payment details (processed securely via trusted third-party payment providers; we do not store your card information).

  • Billing history and invoices.

d. Technical Information

  • IP address, browser type, operating system, and browsing behaviour on our website (collected via cookies and analytics tools).

 

4. How We Use Your Information

We use your personal information to:

  • Provide and personalise our coaching services.

  • Communicate with you about appointments, updates, and resources.

  • Process payments and manage bookings.

  • Send newsletters or marketing communications (only if you opt in).

  • Maintain records for tax, accounting, and professional purposes.

  • Comply with legal and regulatory obligations.

 

We will always ensure that we have a lawful basis for processing your data.

 

5. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Consent: when you explicitly agree to share personal or health-related information.

  • Contract: when processing is necessary to deliver our services to you.

  • Legal Obligation: when required for tax, accounting, or record-keeping purposes.

  • Legitimate Interests: for business administration, service improvement, and client support (provided your rights are not overridden).

 

For health-related information (special category data), we rely on your explicit consent under Article 9(2)(a) UK GDPR.

 

6. Data Sharing and Disclosure

We will never sell or rent your personal information.
We may share data only when necessary:

  • With trusted third-party service providers (e.g., payment processors, booking platforms, email systems, web hosting).

  • With professional advisers (e.g., accountants or legal advisers) where required.

  • When legally required to comply with a court order, law, or regulatory obligation.

 

All third parties are required to handle your data securely and in accordance with UK GDPR.

 

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy and comply with legal obligations.

Health coaching notes and session records are typically retained for six (6) years after your last session, unless you request earlier deletion (unless required otherwise by law).

 

8. Your Rights

Under the UK GDPR, you have the following rights:

  • Access: to request a copy of your personal data.

  • Rectification: to correct inaccurate or incomplete information.

  • Erasure (“Right to be Forgotten”): to request deletion of your data.

  • Restriction: to limit how we process your data.

  • Data Portability: to receive a copy in a structured, machine-readable format.

  • Objection: to object to processing based on legitimate interests or direct marketing.

  • Withdraw Consent: at any time, where processing is based on consent.

 

To exercise your rights, please contact us at [Insert Contact Email].
We will respond to your request within one month.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):  Website: https://www.ico.org.uk

 

9. Cookies and Analytics

Our website uses cookies to improve your browsing experience, monitor site performance, and personalise content.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. You can adjust your cookie preferences or disable them through your browser settings.

 

10. Data Security

We take appropriate technical and organisational measures to protect your personal information from loss, misuse, unauthorised access, alteration, or disclosure.

These include secure password protection, encrypted communications, and limiting access to authorised personnel only.

While we strive to ensure your data is safe, no online transmission can be guaranteed as 100% secure.

 

11. International Data Transfers

Your data may be transferred to and processed by service providers located outside the UK (e.g., email or scheduling platforms).
In such cases, we ensure that appropriate safeguards are in place — such as standard contractual clauses — to protect your data in line with UK GDPR requirements.

 

12. Children’s Privacy

Our services are intended for individuals aged 18 and over. We do not knowingly collect or store personal information from children. On occasions, coaching that is delivered to clients aged between 16-18yrs, will only take place with consent and signed contracts from parents/guardians.

 

13. Updates to This Policy

We may update this Privacy Policy periodically.
Any changes will be posted on this page with the new “Last Updated” date.
You are encouraged to review this policy occasionally to stay informed about how we protect your information.

 

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact:

BONSAI MINDSET
Email: [Insert Contact Email]
Phone: [Insert Business Phone Number]

Health Coach Diploma Badge
PCI logo
Bonsai Mindset Logo RGB.png
  • Instagram
  • LinkedIn
Anamika Jalalvand

Contact me

BOOK YOUR FREE 30 MINUTE CONSULTATION

  Photo Credit: Roxanne Withy Photography

©BONSAI MINDSET 2025 . SITE DESIGNED BY WHATBOX CREATIVE

PRIVACY POLICY

bottom of page