Rocks n Rituals – Privacy Policy 

(Last updated: April 2026)

1. Introduction

This Privacy Policy explains how Debi Barr t/a Rocks n Rituals collects, uses, stores, and protects your personal data. It applies to all clients, students, members, customers, and website visitors.

I take data protection seriously. Your personal information is treated with respect and is never sold, rented, or shared with third parties for their own marketing.

The data controller for all personal data processed under this policy is:

Debi Barr, Rocks n Rituals

Email: info@rocksnrituals.co.uk

2. Legislation This Policy Complies With

This policy is designed to meet the requirements of:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

  • Data (Use and Access) Act 2025

  • Privacy and Electronic Communications Regulations (PECR)

If you are based outside the UK and unsure whether this policy meets your local requirements, please contact me.

3. What Personal Data I Collect and Why

3.1 Website Analytics & Cookies

This website uses cookies and similar technologies to understand how visitors use the site and to improve performance.

Some low‑risk analytics cookies may operate without consent under the 2026 PECR reforms. All other cookies require your consent and can be managed through the cookie banner.

Data collected may include:

  • IP address

  • device type

  • browser

  • operating system

  • general location

Lawful basis: Recognised Legitimate Interests – website performance and security.

3.2 Blog Comments

If you leave a comment, your name, email address, IP address, and timestamp are stored in the website database. Only your name appears publicly.

You must be 16 or over to comment.

Lawful basis: Legitimate Interests – managing user‑generated content.

3.3 Contact & Enquiries

When you contact me, I use your name and email address to respond.

Lawful basis: Legitimate Interests – responding to enquiries.

3.4 Email Newsletter & Marketing

If you subscribe to my mailing list, your name and email address are stored with MailerLite.

You can unsubscribe at any time.

Lawful basis:

  • Consent (opt‑in subscribers)

  • Recognised Legitimate Interests (direct marketing to existing clients or enquirers)

3.5 Online Booking

When you book an appointment through Setmore, your name, email, and phone number are collected to manage your booking.

Lawful basis: Contract – delivering your appointment.

3.6 Client Records

For 1:1 services, mentoring, or training, I create a client record containing your contact details and relevant session information. Records are stored in Notion and retained for up to 10 years to meet professional and insurance requirements.

Lawful basis: Contract and Legal Obligation.

3.7 Memberships & Courses

If you join Sacred Rebel Circle or purchase a course, I collect your name, email, payment information (processed by Stripe/PayPal), and participation records.

Lawful basis: Contract – delivering your membership or course.

3.8 Messaging Platforms (Telegram & WhatsApp)

If you communicate with me via Telegram or WhatsApp, your messages remain within those platforms.

Lawful basis: Contract – providing agreed support.

3.9 Children’s Data

My services are designed for adults.

I do not knowingly provide services to individuals under 18.

4. Automated Decision‑Making (ADM) & Profiling

Some processes may involve automated systems, such as:

  • automated booking confirmations

  • automated email segmentation

  • course or membership access automation

These systems do not make legally significant decisions about you.

You have the right to:

  • request human review

  • object to automated processing

  • ask for an explanation of how decisions are made

5. How Your Data Is Stored

Your data may be stored in the following systems:

  • Google Workspace (email & files)

  • Notion (client records)

  • Microsoft OneDrive (business documentation)

  • Setmore (booking data)

  • MailerLite (email marketing)

  • Stripe / PayPal (payments)

  • Circle (membership & course platform)

  • WordPress (website & blog comments)

  • Locked filing cabinet (legacy paper records)

I take reasonable technical and organisational measures to protect your data.

6. Your Rights

Under UK GDPR, you have the right to:

  • access your data

  • correct inaccurate data

  • request deletion

  • restrict processing

  • data portability

  • object to processing (including direct marketing)

2026 DSAR Updates

I may:

  • request clarification before responding

  • pause the response deadline (“stop the clock”) while awaiting clarification

  • refuse manifestly excessive or unfounded requests

To exercise your rights, email info@rocksnrituals.co.uk.

7. Third‑Party Data Processors

I use trusted third‑party providers who process data on my behalf:

  • Google (Workspace, Analytics, YouTube)

  • MailerLite

  • Setmore

  • Notion

  • Microsoft OneDrive

  • WordPress / Weblify

  • Stripe / PayPal

  • Membervault (membership & courses)

  • Telegram

  • WhatsApp

  • Facebook / Instagram

  • LinkedIn

These providers have been assessed for compliance with UK data protection law.

I do not sell or share your data for third‑party marketing.

8. Data Breaches

If a data breach occurs that risks your rights or freedoms, I will notify you and the ICO within 72 hours, in line with legal requirements.

9. Complaints Procedure

I operate a formal internal data‑protection complaints process.

If you have concerns about how your data is handled, please contact me at info@rocksnrituals.co.uk.

I will:

  • acknowledge your concern within 5 business days

  • aim to resolve it within 28 days

If you remain dissatisfied, you can contact the ICO:

Website: ico.org.uk

Telephone: 0303 123 1113

10. Contact Details

Data Controller:

Debi Barr t/a Rocks n Rituals

Email: info@rocksnrituals.co.uk

Telephone: 028 9142 2214

11. Changes to This Policy

This policy may be updated to reflect changes in legislation or business practices.

The most recent update date is shown at the top of this page.