Privacy Policy

This Privacy Policy explains how personal data is collected, used, stored and shared by Desiree  via this website (hosted on Wix) and associated services. It describes your rights and how to contact me about data protection.

Controller Desiree Castennelli Email: desireecassanelli@gmai.com Website / Domain: desireecassanelli.com Phone: [phone number.

Data I collect

• Contact information: name, email address, telephone number (from enquiry/booking forms and email).

• Booking & payment data: session details, invoices and payment records (limited card data handled by payment provider).

• Health & wellbeing information: any medical or mental‑health details you provide when booking coaching, readings or massage (necessary for safe service delivery).

• Session content: notes, session recordings (with your consent), PDF reports (e.g. Soul‑Plan chart).

• Website & technical data: IP address, device/browser type, pages visited, referrer, cookies and analytics data collected by Wix and third‑party services.

​

How I use your data

• To provide and administer services: bookings, session delivery, follow‑up, invoicing and receipts.

• To communicate: respond to enquiries, confirm appointments, send reminders and necessary correspondence.

• To ensure safety: assess suitability for massage or somatic work and manage health‑related risks.

• To improve services: anonymised analytics and feedback to understand website use and client needs.

• To comply with legal obligations (accounting, safeguarding or regulatory reporting where required).

​

Legal bases for processing (UK)

• Performance of a contract: to fulfil bookings and provide services.

• Legitimate interests: for administrative communications, website analytics and service improvement (balanced against your rights).

• Consent: for optional recordings, marketing communications and processing of special category data when explicit consent is obtained.

• Legal compliance: to meet statutory obligations where applicable.

​

Special category (sensitive) data Health and wellbeing information is treated as special category data. It is collected only when necessary for safe and effective service delivery and processed with appropriate safeguards, usually on the basis of explicit consent.

Cookies and tracking The site uses cookies and similar technologies via Wix and third‑party providers (analytics, booking/payment platforms). Cookies may be essential (site functionality), performance (analytics) or marketing. You can manage cookie preferences via your browser or Wix cookie controls. See Wix’s cookie and privacy information for details.

​

Data sharing and third parties

• Service providers: data is shared with trusted third parties to deliver services (Wix for hosting, payment processors, Dropbox for file delivery, email/booking platforms and professional advisors). These providers act as processors and are contractually required to protect your data.

• Legal requests: data may be disclosed to comply with legal obligations or to protect the safety of clients or others.

• Aggregated/anonymised data: non‑identifiable information may be used for reporting and improvement.

​

Transfers outside the UK Some third‑party service providers (including Wix, Dropbox or payment processors) may transfer or store data outside the UK. Where transfers occur, appropriate safeguards (standard contractual clauses, adequacy decisions) will be used.

​

Data retention

• Contact, booking and session records: retained as necessary to provide services and meet legal and accounting requirements (typically up to 7 years for tax purposes).

• Session recordings and charts: retained only with your consent for the agreed period; if no timeframe is agreed, recordings will be retained for up to 2 years unless you request deletion sooner.

• Marketing data: retained until you unsubscribe or request deletion.
  Specific retention periods may vary; details are available on request.

​

Your rights Under UK data‑protection law you have the right to:

• Request access to the personal data held about you.

• Request rectification of inaccurate or incomplete data.

• Request erasure in certain circumstances.

• Request restriction of processing in certain circumstances.

• Object to processing based on legitimate interests or direct marketing.

• Request data portability where applicable.

• Withdraw consent at any time where processing is based on consent.

​

To exercise these rights, contact desireecassanelli@gmai.com. I will respond within one month (or longer where permitted by law). You also have the right to complain to the UK Information Commissioner’s Office (ICO).

​

Security Appropriate technical and organisational measures are used to protect personal data (secure hosting via Wix, encrypted communications, access controls). If you suspect misuse or a data breach, please contact me immediately.

​

Children Services are for adults only. I do not knowingly collect personal data from children under 16. If you believe such data has been collected, contact me to request deletion.

Marketing communications Newsletters and offers are sent only with consent. You can opt out at any time via the unsubscribe link or by emailing desireecassanelli@gmai.com.

​

Links to other sites This site may link to external websites. I am not responsible for the privacy practices of other sites; review their privacy policies before providing personal data.

​

Changes to this policy This policy may be updated occasionally. Material changes will be posted here with an updated “Last updated” date. Continued use of the site after changes indicates acceptance.