SISU Sound Serenity – PRIVACY POLICY

Date of last update: 11th February 2026

​

This privacy policy explains how we look after personal data we collect from you or that you provide to us (directly or indirectly) and tells you about your privacy rights and how the law protects you. “Personal data” is any information capable of identifying a living individual; it does not include anonymised data.

​

Website data collection

​

This website does not use analytics or tracking technologies. Our hosting provider may automatically collect minimal technical data (such as IP address and browser type) for security and functionality. We use only a strictly necessary security cookie that prevents cross-site request forgery.

 

What data we collect about you

​

When you contact us, we will have your name, phone number, e-mail address and/or any other information you share with us. 

​

As part of the services we provide, we may process the following types of personal data about you:

• Contact information, such as your email address, postal address, and phone number;

• Financial data, such as your bank account and payment card details;

• Identity data, such as your name and date of birth;

• Marketing and communications data, which includes your preferences in receiving marketing communications from us and your communications preferences;

• Transaction data, such as details about payments between us;

• Special category/sensitive personal data:

  • All clients will be asked to complete and sign a health form in advance of any treatments or events, which includes details such as medical conditions, medications, and surgery details. More details are in the health form;

  • Following sound therapy, forest bathing or related treatments, notes will be kept on what is discussed between us before and after the session, as well as any information you choose to share with us between sessions. 

 

We only keep information for as long as it is necessary to provide the services, for our own accounts and records, or to meet legal or insurance obligations. 

 

How we use your information

​

We only use your personal information to:

• reply to your e-mails or telephone calls;

• provide the services;

• communicate with you about our services and events;

• issue and communicate with you about payment and invoices; 

• maintain accounts and records; and

• comply with a legal or regulatory obligation.

 

If you are happy with our work, we may ask you to provide a testimonial. This will only include your name if you want it to.

 

If you make a purchase as a gift on the site or book a service or event on behalf of someone else, and enter that person’s name and contact details, it is your responsibility to seek that person’s permission for SISU Sound Serenity Limited to process and/or store that data.

 

Marketing Communications 

​

We may send you marketing emails about our services if you have purchased from us, booked an event or treatment, or asked us for information about what we offer. This is permitted under the “soft opt‑in” rule in UK privacy law.

 

You can opt out of marketing at any time by emailing us at sisusoundserenity@outlook.com

We will not send marketing to anyone who has opted out. Opting out of marketing does not affect service‑related communications such as appointment confirmations, invoices, or information needed to provide the services you have requested.

 

Your rights

​

At any time you can ask us for a copy of all the information we hold about you. You can also update any of your information that is inaccurate. Under certain circumstances, you have rights to deletion, objection and restriction.  The portability right is accommodated by the access right. 

​

You can learn more about your privacy rights and complain to the ICO here: https://ico.org.uk/your-data-matters/

​

Legal information

 

Data controller: Sisu Sound Serenity Limited

​

Lawful bases for processing:

 

We rely on different lawful bases depending on the type of processing we carry out. We have set out below the basis that applies to which activity.

​

1. Performance of a Contract

Used where processing is necessary to provide the services you have requested.

Activities covered:

• Managing bookings, appointments and event registrations

• Communicating with you about your booking

• Providing treatments, sessions or events

• Issuing invoices and taking payment

• Following up with essential service‑related information

• Maintaining client records needed for ongoing services

 

2. Legitimate Interests

Used where processing is necessary for our business operations and does not override your rights.

Activities covered:

• Responding to general enquiries

• Keeping basic business records

• Preventing fraud or misuse of our website

• Sending marketing emails under the “soft opt‑in” rule

• Improving our services and client experience

• Protecting our legal rights (e.g., handling disputes)

 

Our legitimate interest is to operate and grow a safe and effective wellbeing practice.

 

3. Legal Obligation

Used where we must process data to comply with UK law.

Activities covered:

• Keeping financial and accounting records

• Retaining records required by insurers

• Responding to lawful requests from authorities

• Meeting tax, audit or regulatory requirements

 

4. Consent

Used only where the processing is genuinely optional.

Activities covered:

• Using your name in a testimonial

• Sending marketing communications where you have explicitly opted in

• Processing any optional information you voluntarily share

 

You can withdraw consent at any time.

 

5. Special Category Data – Article 9(2)(h)

Used for health information and therapy‑related notes.

Activities covered:

• Collecting and reviewing your health form

• Recording information relevant to your treatment or wellbeing

• Keeping notes from sessions to ensure safe and effective care

• Adjusting treatments based on your medical history or needs

 

Processing is necessary for the provision of health or wellbeing‑related services.

​

Retention

 

Accounts and records retention: 6 years from the end of the last company financial year they relate to. Health-related information is retained only for as long as required for service provision, insurance or legal obligations.

​

Service Providers

 

We use trusted service providers including: 

• WIX (website hosting)

• Microsoft (email and productivity tools)

• Meta (communications and advertising tools

 

Disclosures

 

We only share data with:

• our service providers (as part of using their services)

• our professional advisers, or insurers

• authorities where legally required. 

 

We do not sell your personal data.

​

International transfers

 

Some service providers store data outside the UK. Appropriate safeguards (such as standard contractual clauses with the UK Addendum) are in place.

​

Third-party links

 

Our site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these websites and are not responsible for their privacy statements. When you leave our site, we encourage you to read the privacy notice of every website you visit. Occasionally links will be affiliate links but we do not share any of your data with other companies whether we are affiliated or not.

​

Cookies

​

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this site may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

​

Contact

​

Please email: sisusoundserenity@outlook.com for any questions or to make a rights request.

​

Changes to our privacy policy

 

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.