Privacy Policy

Privacy Policy

Last Updated: 22 June 2026

Your privacy is really important to me, and I aim to handle your information with care, respect and transparency.

What I collect

If you sign up to my newsletter, enquire about services, or work with me as a homeopathy client, I may collect:

• Your name
• Your email address
• Your telephone number (if provided)
• Health information and consultation notes (for homeopathy clients)
• Payment information relating to consultations

Health information is considered special category data under UK GDPR and is treated with the highest level of confidentiality.

Why I collect it

I collect information in order to:

• Provide homeopathy consultations and ongoing support;
• Respond to enquiries;
• Send newsletters, updates and offerings to individuals who have actively consented to receive them;
• Maintain accurate client records;
• Meet legal, professional and insurance obligations.

How your information is stored

Personal information is stored securely using password-protected devices and trusted third-party providers where appropriate, including:

• Google Workspace, Gmail and Google Drive for email communications, appointment administration and secure record storage;
• Zoom and Doxy for live online consultations (consultations are not recorded);
• Kit for email newsletters and marketing communications;
• Stripe and PayPal for payment processing.

Subscribers joining my mailing list are asked to actively consent to receiving marketing communications. Emails contain an unsubscribe link, which can be used at any time. I may monitor email opens and link clicks to help improve the content I provide.

I may use ChatGPT to assist with professional support, remedy research, content creation and marketing. Only anonymous, non-identifiable information is used, and no identifiable client information is shared.

Some third-party providers may process information outside the United Kingdom. These providers are responsible for maintaining appropriate safeguards to protect personal information in accordance with applicable data protection laws.

Health information and consultation records are stored securely and treated confidentially.

How long I keep your information

To protect both clients and practitioner, homeopathy consultation records are retained for seven years after the last consultation, after which they will be securely deleted, unless a longer retention period is required by law.

Newsletter subscription information is retained until you unsubscribe or request deletion.

Your rights

Under UK data protection law, you have the right to:

• Request access to your personal information;
• Request correction of inaccurate information;
• Request deletion of your information where appropriate;
• Restrict or object to certain processing activities;
• Withdraw consent for marketing communications at any time.

Requests will usually be responded to within one month.

Complaints

If you have concerns about how your personal information has been handled, please contact me at:

serenitybsarah@gmail.com

Complaints relating to personal data will be acknowledged within 30 days, investigated promptly and responded to without undue delay.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Sharing your information

I will never sell your personal information.

I only share information with trusted service providers where necessary to operate my practice, process payments, deliver consultations or send newsletters. These providers are required to protect personal information appropriately.

Data Protection, Complaints and Breach Procedure

Last updated: 22 June 2026

Serenity by Sarah is committed to protecting the privacy, confidentiality and security of personal information in accordance with UK GDPR, the Data Protection Act 2018 and the Data (Use and Access) Act 2025.

Information Held

I collect and process personal information necessary to provide homeopathic consultations and services, including contact details, health information, consultation notes, remedy recommendations and payment information.

Health information is treated as special category data and handled confidentially.

Security Measures

Personal information is stored electronically using password-protected devices and secure cloud storage. Two-factor authentication is enabled where available, and access to client records is restricted solely to the practitioner.

To provide homeopathic services and manage the practice, Serenity by Sarah uses the following third-party service providers where applicable:

• Google Workspace, Gmail and Google Drive – for email communications, appointment administration and secure storage of client records;
• Zoom and Doxy – for live online consultations (consultations are not recorded);
• Kit – for email newsletters and marketing communications, sent only to individuals who have provided consent, with the option to unsubscribe at any time;
• Stripe and PayPal – for processing payments;
• ChatGPT – used only with anonymous, non-identifiable information for professional support, remedy research, content creation and marketing assistance. No identifiable client information is shared with ChatGPT.

Some third-party service providers may process information outside the United Kingdom. These providers are responsible for maintaining appropriate safeguards and security measures to protect personal information in accordance with applicable data protection laws.

Client records are retained for seven years after the last consultation unless a longer retention period is required by law.

Data Subject Rights

Individuals have the right to:

  • Request access to their personal data.

  • Request correction of inaccurate information.

  • Request deletion where appropriate.

  • Restrict or object to certain processing activities.

  • Withdraw consent for marketing communications at any time.

Requests should be submitted by email and will normally be responded to within one month.

Data Protection Complaints Procedure

Any concerns regarding the handling of personal data should first be directed to Sarah Heczko at:

Email: serenitybsarah@gmail.com

Complaints will:

  • Be acknowledged within 30 days;

  • Be investigated promptly;

  • Receive a response without undue delay;

  • Include information about further steps if the complainant remains dissatisfied.

Individuals may also complain to the Information Commissioner's Office (ICO).

Personal Data Breach Procedure

Examples of a personal data breach include:

  • Loss or theft of a device;

  • Hacking or unauthorised account access;

  • Sending information to the wrong recipient;

  • Accidental deletion of records.

In the event of a suspected breach:

  1. Immediate steps will be taken to contain the breach.

  2. The type of information involved and possible risks will be assessed.

  3. Passwords will be changed and access secured where necessary.

  4. A written record of the breach and actions taken will be maintained.

  5. If the breach is likely to result in a risk to individuals' rights and freedoms, the ICO will be notified within 72 hours.

  6. Affected individuals will be informed where legally required.

This procedure will be reviewed periodically to ensure ongoing compliance with data protection legislation.