---

Privacy Policy

1. INTRODUCTION 

This Privacy Policy outlines how Ark Healing (“we,” “us,” or “our”) collects, processes, and protects your personal data when you use our services, including our website and any interactions where you provide information, such as purchasing products/services or subscribing to our newsletter. Our commitment to your privacy is paramount.

Your Consent and Age: By providing your data, you confirm that you are over 18 years of age.

Data Controller Information: Ark Healing is the data controller responsible for your personal data.

Complaints and Contact: If you have concerns about our data handling, you have the right to complain to the Information Commissioner’s Office (ICO), the UK’s data protection supervisory authority (www.ico.org.uk). We kindly request you contact us first at contact@arkhealing.com so we can resolve any issues directly.

Accuracy of Your Data: It is crucial that the personal information we hold about you remains accurate and current. Please inform us of any changes by emailing contact@arkhealing.com.

---

2. WHAT DATA WE COLLECT ABOUT YOU 

Personal data refers to any information that can identify an individual. This excludes anonymized data.

We may process the following types of personal data about you:

• Identity Data: Your first name, maiden name, last name, username, title, date of birth, and gender.
• Contact Data: Your billing address, delivery address, email address, telephone numbers, and emergency contact details.
• Financial Data: Your bank account and payment card details.
• Transaction Data: Details of payments between us and your purchase history.
• Technical Data: Your login information, internet protocol (IP) addresses, browser type and version, browser plug-in types and versions, time zone, location, operating system, platform, and other technology used to access our site.
• Profile Data: Your username, password, purchase/order history, interests, preferences, feedback, and survey responses.
• Usage Data: Information about how you interact with our website, products, and services.
• Marketing and Communications Data: Your preferences for receiving marketing communications from us and our third parties, and your communication preferences.

Aggregated Data: We may also process Aggregated Data, which is derived from your personal data but does not reveal your identity. For example, analyzing Usage Data to understand website feature popularity. If Aggregated Data is linked back to your personal data, it will be treated as personal data.

Sensitive Data: We collect certain Sensitive Data only with your explicit consent, typically provided via the initial Intake Form. This includes information concerning your:

• Race or ethnicity
• Religious or philosophical beliefs
• Sex life or sexual orientation
• Political opinions
• Health information
• Genetic and biometric data

We do NOT collect any information about criminal convictions and offences.

---

3. HOW WE COLLECT YOUR PERSONAL DATA 

We gather personal data through various methods:

• Direct Interactions: You may provide data by filling in forms on our site (or offline) or by communicating with us via post, phone, or email. This includes when you:
  • Order our products or services.
  • Create an account on our site.
  • Subscribe to our services or publications.
  • Request resources or marketing materials.
  • Provide feedback.
• Automated Technologies or Interactions: As you browse our site, we automatically collect Technical Data about your equipment, Browse actions, and usage patterns using cookies, server logs, and similar technologies. We may also receive Technical Data when you visit other websites that use our cookies.
• Third Parties or Publicly Available Sources: We may receive personal data from various third parties and public sources, including:
  • Analytics Providers: Such as Google (based outside the EU).
  • Advertising Networks: Such as Facebook and LinkedIn (based outside the EU).
  • Search Information Providers: Such as Google (based outside the EU).
  • Payment & Delivery Services: Contact, Financial, and Transaction Data from providers like Stripe (based outside the EU) and Etsy (based outside the EU for web shop delivery services).
  • Marketing Services: Marketing Data from providers like MailChimp (based outside the EU).

---

4. HOW WE USE YOUR PERSONAL DATA 

We process your personal data only when legally permitted. The most common legal bases for using your data include:

• Legitimate Interests: Where it’s necessary for our legitimate interests (or a third party’s) and your fundamental rights do not override these interests.
• Contractual Performance: Where we need to fulfill a contract with you.
• Legal Obligation: Where we must comply with a legal or regulatory requirement.

Generally, we do not rely on consent as a legal basis for processing personal data, except for sending marketing communications via email or text message. You have the right to withdraw your consent for marketing at any time by emailing contact@arkhealing.com.

Purposes for Processing Your Personal Data: Below describes how we intend to use your personal data and the legal grounds for such processing, always with your privacy in mind. We also specify our legitimate interests where applicable. Please note that we may process your data under more than one lawful ground depending on the specific purpose. For detailed legal grounds, contact us at contact@arkhealing.com.

Purpose/ActivityType of dataLawful basis for processing:

To register you as a new customer(a) Identity (b) Contact (c) Intake Form (d) Terms and Conditions Form (e) Opt-in for Newsletter (f) Picture. Necessary for our legitimate interests to keep our records updated and for research & follow up of clients.

Performance of a contract with you.

To process and deliver your service & orders including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us (a) Identity (b) Contact (c) Financial (d) Transaction (e)

Marketing and Communications(a) Performance of a contract with you (b) Necessary for our legitimate interests to recover debts owed to us

To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey(a) Identity (b) Contact (c) Profile (d) Marketing and Communications(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests to keep our records updated and to study how customers use our products/services

To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)(a) Identity (b) Contact (c) Technical(a) Necessary for our legitimate interests for running our business, provision of administration  and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise (b) Necessary to comply with a legal obligation

To deliver relevant content and advertisements to you and measure and understand the effectiveness of our advertising(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) TechnicalNecessary for our legitimate interests to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences(a) Technical (b) UsageNecessary for our legitimate interests to define types of customers for our products and services, to keep our site updated and relevant, to develop our business and to inform our marketing strategyTo make suggestions and recommendations to you about goods or services that may be of interest to you(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile. Necessary for our legitimate interests to develop our products/services and grow our business

Marketing communications 

You will receive marketing communications from us if you have:

1 Purchased goods or services from us; and

2 you have opted in of receiving that marketing. 

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes. 

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you OR by emailing us at contact@arkhealing.com at any time.

We may also process Aggregated Data about your personal data, which directly identifies you. If we link it, then it is personal data and is thusly directly identifiable. If it remains undisclosed and non-identifiable it is not considered personal data by default.

---

5. DISCLOSURE OF YOUR PERSONAL DATA 

We may share your personal data with the following parties for the purposes outlined in Section 4:

• Service Providers: Including IT and system administration providers.
• Professional Advisers: Lawyers, bankers, auditors/accountants, and insurers offering consultancy, banking, legal, insurance, and accounting services.
• Regulators and Authorities: HM Revenue & Customs, other regulatory bodies, and relevant authorities in the United Kingdom and other jurisdictions that require reporting of processing activities.
• Business Transfers: Third parties to whom we may sell, transfer, or merge parts of our business or assets.

We mandate that all third parties handling your data respect its security and process it in accordance with legal requirements. We authorize them to process your personal data only for specified purposes and strictly according to our instructions.

---

6. INTERNATIONAL TRANSFERS 

We may transfer your personal data outside the European Economic Area (EEA) as part of our group of companies’ operations or through our third-party service providers.

Data Protection Outside the EEA: Countries outside the EEA may not always provide the same level of privacy and personal data protection. European law prohibits such transfers unless specific criteria are met to safeguard your data.

Our Safeguards for International Transfers: To ensure a comparable level of data security when transferring your personal data outside the EEA, we implement at least one of the following safeguards:

• Adequacy Decisions: We transfer data only to countries deemed by the European Commission to provide an adequate level of personal data protection.
• Standard Contractual Clauses (SCCs): We utilize specific contracts, codes of conduct, or certification mechanisms approved by the European Commission that ensure personal data receives equivalent protection as in Europe.
• EU-US Privacy Shield (where applicable): For providers based in the United States, we may transfer data if they are part of the EU-US Privacy Shield framework, which requires similar protection for data shared between Europe and the US.
• Explicit Consent: If none of the above safeguards are available, we may request your explicit consent for the specific transfer. You retain the right to withdraw this consent at any time.

For further details on the specific mechanisms we use for international data transfers, please email us at contact@arkhealing.com.

---

7. DATA SECURITY 

We implement robust security measures to protect your personal data from accidental loss, unauthorized use or access, alteration, or disclosure.

Access Limitation: Access to your personal data is restricted to employees, agents, contractors, and other third parties who have a legitimate business need to access such data. These individuals are authorized to process your data only on our instructions and are bound by a duty of confidentiality.

Data Breach Procedures: We have established procedures to manage any suspected personal data breach and will notify you and any applicable regulator as legally required.

---

8. DATA RETENTION 

We retain your personal data only for as long as necessary to fullfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.

Determining Retention Periods: To establish the appropriate retention period for personal data, we consider:

• The volume, nature, and sensitivity of the data.
• The potential risk of harm from unauthorized use or disclosure.
• The purposes for which we process your data and whether these can be achieved through other means.
• Applicable legal requirements.

Specific Retention Examples:

• Customer Records: By law, we are required to retain basic customer information (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being customers, primarily for tax purposes.
• Healing Session Information: Information and drawings related to healing/group work sessions may be documented similarly to medical records. These write-ups are primarily for research into the effectiveness of healing work. As research data, these write-ups are generally not accessible to clients and clients typically do not have a right to rectification or erasure regarding this specific research data, due to its nature and purpose.
• Anonymisation for Research: In certain circumstances, we may anonymize your personal data (rendering it unidentifiable) for research or statistical purposes. In such cases, we may use this anonymized information indefinitely without further notice.

You may have rights to request data deletion in some circumstances; please see Section 9 for more information.

---

9. YOUR LEGAL RIGHTS 

Under applicable data protection laws, you have specific privacy rights concerning your personal data. These rights include:

• Right to Access: Request access to your personal data.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure (Right to be Forgotten): Request the deletion of your personal data.
• Right to Object to Processing: Object to the processing of your personal data.
• Right to Restriction of Processing: Request limitations on the processing of your personal data.
• Right to Data Portability: Request the transfer of your personal data to another party.
• Right to Withdraw Consent: Withdraw your consent where processing is based on consent.

For more details on these rights, please visit the ICO website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights

To exercise any of these rights, please email us at contact@arkhealing.com.

Fees and Identity Verification: You generally will not pay a fee to access your personal data or exercise other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. In such cases, we may also refuse to comply.

To confirm your identity and ensure data security, we may request specific information from you before fulfilling your request. We may also contact you for further information to expedite our response.

We aim to respond to all legitimate requests within one month. For complex or multiple requests, it may take longer, in which case we will inform you and keep you updated.

---

10. THIRD-PARTY LINKS 

Our website may contain links to third-party websites, plug-ins, and applications. Clicking on these links or enabling these connections may allow third parties to collect or share data about you.

We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to review the privacy notice of every website you visit upon leaving ours.

---

11. COOKIES 

You can configure your browser to refuse some or all browser cookies, or to alert you when websites set or access cookies. Please be aware that disabling or refusing cookies may result in certain parts of this website becoming inaccessible or functioning improperly.