GDPR Compliance Statement

Last updated: 13 Nov 2025

 At Healing Harmony LTD, trading as The Black Swan Mindset, your privacy is not an afterthought — it is a core value woven into the way we work, communicate, and support your healing journey.

We are committed to handling your personal data with integrity, transparency, and full compliance with UK GDPR, the Data Protection Act 2018, and all relevant privacy laws governing digital services in the United Kingdom.

This statement explains how we uphold your rights, protect your information, and honour the trust you place in us.

 Healing Harmony LTD
Trading as: The Black Swan Mindset
Registered Address: 7 Bell Yard, London, WC2A 2JR
Company Number: 11380953
Email: help@blackswanmindset.com

We act as the Data Controller — meaning we decide why and how your personal information is processed.

 We are committed to:

• Collecting only what we genuinely need
• Using information with respect and lawful purpose
•  Never selling or sharing personal data unnecessarily
• Using secure systems and encrypted platforms
• Ensuring your information is always handled with care and transparency

Your data belongs to you, and we honour that sovereignty fully.

 Depending on how you interact with The Black Swan Mindset, we may collect:

• Name
• Email address
• Phone number
• Billing details
   

• Relevant history
• Intake notes
• Personal goals and concerns
• This information is collected only with your consent and is kept strictly confidential.
   

• IP address
• Device and browser type
• Interaction data through analytics (if consented)
• Cookie preferences
   

• Orders (digital downloads, sessions)
• Payment confirmations (processed securely by third-party providers)
   

We do not store full card details.
 

 We process your personal data under the following lawful bases:

To deliver services you’ve booked (e.g., sessions, account access).

For:

• Newsletter subscription
• Digital product purchase
• Marketing communications
• Optional cookies
  You may withdraw consent at any time.
   

For:

• Website improvement
• Security monitoring
• Preventing misuse
   

To comply with UK tax, accounting, and regulatory requirements.

Your safety is our priority.

We use:

• Encrypted platforms (e.g., Zoom, secure email providers)
• Encrypted payment processors (Stripe, PayPal, GoDaddy Payments)
• Password-protected systems
• GDPR-compliant third-party services
• Regular monitoring for security updates
   

Only authorised personnel (currently only the practitioner) have access to client files.

 We do not sell or trade personal data.

We only share data with:

• Secure payment processors
• Trusted service providers supporting the website
• Legal authorities only when required
• Email service providers (for newsletter delivery)
   

All third-party processors are GDPR compliant.

 We retain information only for as long as necessary:

• Session notes: up to 7 years (standard professional practice for well-being services)
• Purchase records: 6 years (legal requirement)
• Newsletter data: until you unsubscribe
• Analytics cookies: per your consent settings
   

Once data is no longer required, it is securely deleted.

   You have the right to:

• Access your data
• Correct inaccurate information
• Delete your data (where legally permissible)
• Withdraw consent at any time
• Restrict processing
• Object to certain uses
• Request data portability

To exercise your rights, simply email: help@blackswanmindset.com

We respond with care, respect, and within legal timeframes.

 If data is transferred outside the UK (e.g., through cloud services), it is protected by:

• UK GDPR adequacy decisions
• Standard Contractual Clauses (SCCs)
• Secure encryption and privacy frameworks
   

Your information always remains protected.

 As The Black Swan Mindset continues to grow, this policy may evolve to reflect new services, technologies, or legal requirements.

Any updates will be published on this page..