top of page

Privacy Policy - GDPR 2018 compliant


The General Data Protection Regulation (GDPR) and the current Data Protection Act 2018 regulate our use of your personal data.


Gorgeous Hearts understands and takes seriously that the personal information you entrust us with is important. We are committed to respecting and protecting your personal information and ensuring compliance with data protection legislation. The purpose of this Privacy Policy is to define how we collect, use, retain and protect your personal information.

For the purpose of the General Data Protection Regulation (GDPR):

The ‘Data Controller’ is Gorgeous Hearts, INSERT ADRESS. References to “we”, “us”, “our” or “the Business” in this Privacy Policy are references to Gorgeous Hearts.


Data Protection Policy

This policy applies to all clients and visitors. It confirms that Gorgeous Hearts will comply with all statutory GDPR requirements by registering all personal data held on its computer and or/related electronic equipment and by taking all reasonable steps to ensure the accuracy and confidentiality of such information.


For the purposes of your personal data Gorgeous Hearts determines the purpose and means of the processing of your personal data.

The GDPR sets out seven key principles:

  • Lawfulness, fairness and transparency – how it is processed

  • Purpose limitation – collected and processed only for specified, explicit and legitimate purposes

  • Data minimisation - adequate, relevant and limited to what is necessary for the purposes for which it is processed

  • Accuracy - accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay

  • Storage limitation - not be kept for longer than is necessary for the purposes for which it is processed

  • Integrity and confidentiality (security) - be processed secure

  • Accountability -  Gorgeous Hearts is accountable for these principles and must be able to show that we are compliant.


The Data protection Act 2018 also stipulates that Personal data shall be processed in accordance with the rights of data subjects under this Act and Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.



  • We only collect personal information you have consented to provide, and you may withdraw your consent at any time. You can contact us at any time using the details provided below.

  • We are committed to acting promptly and respectfully to any request you have to view, amend or delete any personal information we hold about you, and equally any request to join or withdraw from any mailing lists we manage.

  • We will not sell your personal information to a third party and will only share your personal information without your consent in response to requests by law enforcement agencies.

  • We will not send you service marketing material unless you have given us permission to do so and make it simple for you to opt out at any time that you elect to be removed from our mailing list.

  • We will protect your personal information. In order to prevent unauthorised access or disclosure we have put in place robust physical, electronic and managerial procedures to safeguard and secure the information we collect both online and offline.

  • We will retain your information for only as long as is necessary.

  • We review our Privacy Policy regularly and any updates will be posted on this page and in relevant policy communications.

  • We ensure we notify the Information Commissioner’s Office (ICO) on an annual basis of the personal information we hold or are likely to hold and the general purposes that this information will be used for.

  • Our website may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites or services and they are not covered by this privacy policy.

Information we collect

We only collect information that you or your organisation have provided to Gorgeous Hearts for the purposes of registering and applying for sessions and or the Newsletter. As a client of Gorgeous Hearts you may provide us with:


Contact Information such as name, title, email address, physical address, telephone numbers, job title and bank account details in order to process payments (sort code and account number only).

Children’s Information

We do not knowingly collect personally identifiable information from children under 13 years of age. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we discover that a child under the age of 13 has provided us with personal information, we will delete such information from our servers and systems immediately.



The only circumstances under which we will disclose your personal information without your consent is when we are required to do so by law or subpoena.


How we use the information you provide us

We will gather the information you provide us with in order to carry out our function as a business, which may include:

  • Communication with you or your organisation by way of email or postal address;

  • Internal record keeping for financial reporting and public accountability;

  • Developing and improving our service;

  • Processing payments;

  • We may also use anonymised IP address information as part of website analytics; (Google Analytics), however this is not traceable to an individual.


How we securely handle and store your information

  • We will take precautions to prevent the loss, misuse or alteration of information you give us.

  • When not in use, personal information collected in hard copy (paper) form is stored confidentially in a locked cabinet.

  • We make sure that any personal information no longer required in hard copy (paper) form is shredded and disposed of securely, or in electronic form is permanently deleted from computers and electronic devices.

  • Any devices through which personal information storage is accessed, are password protected and effective security software enabled. Electronic devices are shut and all devices locked when left unattended. 

  • Communication with the Business may be sent by electronic means e.g. email and, for ease of use and compatibility, communications (other than payments where applicable) will not be sent in an encrypted form. Email unless encrypted is not a fully secure means of communication. The security of your personal information is important to us, but no method of transmission over the internet, or other method of electronic storage is 100% secure. To the extent we can, we are committed to protecting your personal information and to preventing unauthorised access to your data.


Retention of your information

  • Personal information will only be held by the Business to enable it to perform its functions and to ensure the information it processes is accurate.

  • The information we gather about you is subject to various regulatory and legislative requirements. Our aim is not to retain your information any longer than is necessary for us to fulfil our obligations.

  • The business shall only retain personal information for as long as it is necessary for the purpose for which it was collected.

  • We will only retain the information you provide us for as long as it is necessary for the purpose for which it was collected.

  • If you unsubscribe from our Newsletter, we will remove your details from our list immediately. You can unsubscribe from our newsletter by using the ‘Un-subscribe” function at the bottom of every newsletter. You can also send a request by email to: with the word “Unsubscribe” in the subject box.

Your Data Subject Rights

  • You have the right to information about what personal data we process, how and on what basis as set out in this policy.

  • You have the right to access your own personal data by way of a subject access request (see above).

  • You can correct any inaccuracies in your personal data. To do you should contact of the person for responsible for Data in the Business.

  • You have the right to request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected. To do so you should contact the person for responsible for Data in the Business.

  • While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made. To do so you should contact the person for responsible for Data in the Business.

  • You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.

  • You have the right to object if we process your personal data for the purposes of direct marketing.

  • You have the right to receive a copy of your personal data and to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.

  • With some exceptions, you have the right not to be subjected to automated decision-making.

  • You have the right to be notified of a data security breach concerning your personal data.

  • In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later. To withdraw your consent, you should contact the person for responsible for Data in the Business.



The security of your personal information is of the utmost importance to us, and we have robust procedures in place to prevent unauthorized access.


Credit and Debit Card data provided by you through our website, via third party booking agents and other channels is automatically encrypted and stored in compliance with the current Payment Card Industry Data Security Standard Level 1 compliant payment gateway providers on our web based reservations platform. It is deleted seven (7) days after the expiry date of the service purchased by you.


Correspondence that is received in the post or printed out is stored in locked drawers or a locked storage area and we encourage a clear desk policy. Any devices through which personal information storage is accessed, are password protected and effective security software enabled. Electronic devices time out automatically and all devices are password protected when left unattended.


In the unlikely event of a data breach that affects your personal information we will advise you within 72 hours.


Controlling your personal information

If you believe that any information we are holding on you is incorrect or incomplete, please write to us at the above address or email us. We will promptly correct any information found to be incorrect.


For any questions, concerns, complaints about how we process your information, or if you would like information deleted from our records, please email:


Gorgeous Hearts Ltd.

37 Westfield Drive 

Aldridge, Westmidlands WS9 8ZD


bottom of page