Privacy Policy

Privacy Policy for ReikiTrainingNI

Last updated: April 2026

ReikiTrainingNI (“we”, “us”, “our”) is part of the Rocks n Rituals family of services. Both ReikiTrainingNI and Rocks n Rituals are owned and operated by Debi Garrett, who acts as the sole Data Controller for all activities across both brands.

This policy explains how your personal data is collected, used, and protected under the UK GDPR, PECR, and the Data (Use and Access) Act 2025.

If you have any questions, you can contact the Data Controller at: debi@rocksnrituals.co.uk

1. Who We Are

ReikiTrainingNI provides Reiki training, attunements, workshops, and related wellbeing education in Northern Ireland. It is operated by the same Data Controller as Rocks n Rituals.

Data Controller: Debi Garrett, Rocks n Rituals Donaghadee, Northern Ireland Email: debi@rocksnrituals.co.uk

All data collected through ReikiTrainingNI is processed in accordance with the same governance, safeguarding, and compliance framework used by Rocks n Rituals.

2. What Personal Data We Collect

We collect only what is necessary to deliver training, manage bookings, and meet legal obligations.

Information you provide directly

  • Name and contact details
  • Booking and course enrolment information
  • Payment details (processed securely by third‑party providers)
  • Email preferences
  • Messages or enquiries sent through the website

Information collected automatically

  • IP address
  • Device and browser information
  • Cookie preferences
  • Basic analytics data (see Cookies section)

Special category data (only if relevant)

  • Health information you choose to share during Reiki training or attunements
  • Safeguarding information (if required by law)

We do not collect unnecessary or excessive data.

3. How We Use Your Data

Your data is used for:

  • Managing bookings and course enrolments
  • Providing Reiki training and support
  • Sending essential service emails
  • Sending marketing emails (only with your consent)
  • Processing payments
  • Maintaining training and attunement records
  • Safeguarding and legal compliance
  • Improving our website and services

4. Legal Bases for Processing

We rely on:

  • Contract: to deliver training and services
  • Consent: for marketing emails and optional information
  • Legal obligation: safeguarding, tax, and financial record‑keeping
  • Recognised Legitimate Interests:
    • direct marketing
    • internal administration
    • network and information security
    • preventing fraud or misuse

You may withdraw consent at any time.

5. Automated Decision-Making & Profiling

We use limited automated systems for:

  • Booking confirmations
  • Course access
  • Email segmentation
  • Training progression (if applicable)

These do not have legal or significant effects. You may request human review or object to automated processing.

6. Cookies & Analytics

ReikiTrainingNI uses cookies to:

  • Remember your preferences
  • Enable essential site functions
  • Provide basic analytics
  • Manage consent via our cookie banner

We use WPConsent to block non‑essential cookies until you choose your preferences.

You can change or withdraw consent at any time.

Essential

Essential cookies enable basic functions and are necessary for the proper function of the website.

NameDescriptionDuration
wpconsent_preferencesThis cookie is used to store the user's cookie consent preferences.30 days

Comments

These cookies are needed for adding comments on this website.

NameDescriptionDuration
comment_authorUsed to track the user across multiple sessions.Session
comment_author_emailUsed to track the user across multiple sessions.Session
comment_author_urlUsed to track the user across multiple sessions.Session

Google reCAPTCHA

Google reCAPTCHA helps protect websites from spam and abuse by verifying user interactions through challenges.

NameDescriptionDuration
_GRECAPTCHAGoogle reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.179 days

7. Sharing Your Data

We only share your data with trusted third‑party processors who support our services, such as:

  • Website hosting providers
  • Email marketing platforms
  • Payment processors (e.g., Stripe or PayPal)
  • Learning or membership platforms (if used)
  • Analytics tools
  • IT and security providers

All processors comply with UK GDPR and only process data on our instructions. We never sell your data.

8. International Transfers

Some processors may store data outside the UK. Where this occurs, we ensure appropriate safeguards (e.g., adequacy decisions or standard contractual clauses).

9. Data Retention

We retain data only as long as necessary:

  • Training and attunement records: 10 years
  • Financial records: 6 years
  • Email subscribers: until you unsubscribe
  • Website enquiries: 12 months
  • Safeguarding records: as required by law
  • Cookies: according to your preferences

After this, data is securely deleted or anonymised.

10. Your Rights

You have the right to:

  • Access your data
  • Correct inaccurate information
  • Request deletion
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • Request human review of automated decisions
  • Data portability

To exercise your rights, email debi@rocksnrituals.co.uk.

11. Data Subject Access Requests (DSARs)

We will:

  • Acknowledge your request
  • Respond within one month
  • Pause (“stop the clock”) if clarification is needed
  • Conduct reasonable and proportionate searches
  • Refuse manifestly excessive or unfounded requests (as permitted by law)

12. Children’s Data

Our services are for adults aged 18 and over. We do not knowingly collect data from anyone under 18.

13. Security

We use appropriate technical and organisational measures to protect your data, including:

  • Secure hosting
  • Encrypted connections (SSL)
  • Access controls
  • Regular updates and security monitoring

14. Complaints

If you have concerns, please contact us first at debi@rocksnrituals.co.uk.

You also have the right to complain to the Information Commissioner’s Office (ICO).

15. Changes to This Policy

We may update this policy to reflect legal or operational changes.
The latest version will always be available on this page.