1. Who I Am

​

My name is Deborah Maddison and I am a breathwork practitioner based in Bath & North East Somerset, UK.

For the purposes of data protection law, I am the data controller of the personal information you provide to me.

If you have any questions about this privacy policy or how your data is handled, you can contact me at:

Email: deborahjmaddison@gmail.com

 

2. What Information I Collect

​

In order to provide safe and effective breathwork sessions, I may collect and store the following information:

Personal Information

•           Name

•           Email address

•           Phone number

Health and Personal Information

•           Relevant medical history

•           Mental and emotional wellbeing information

•           Lifestyle or personal background information shared during intake or sessions

Session Records

•           Notes from sessions (non-judgemental and factual)

•           Attendance records

Website / Marketing Data (if applicable)

•           Email sign-up information

•           Website usage data (e.g. cookies, analytics)

 

3. Why I Collect This Information

​

I collect and use your information for the following purposes:

•           To assess your suitability for breathwork sessions

•           To provide safe and appropriate sessions

•           To maintain accurate records of our work together

•           To communicate with you about sessions or enquiries

•           To send occasional updates or newsletters (only with your consent)

•           To comply with the requirements of my insurance company, Balens

 

4. Lawful Basis for Processing

​

Under UK GDPR, I process your data on the following legal bases:

•           Consent – where you have given clear permission (e.g. intake forms, marketing emails)

•           Legitimate interest – to provide you with a safe and effective service

•           Health data processing – necessary for providing wellbeing services (special category data)

You have the right to withdraw your consent at any time.

 

5. Confidentiality

​

All information shared during sessions is treated as confidential.

Your information will not be shared with third parties without your consent, except in the following circumstances:

•           Where there is a risk of serious harm to yourself or others

•           Where required by law (e.g. court order)

Where possible, this will be discussed with you first.

 

6. How Your Data Is Stored

​

I take appropriate steps to ensure your data is stored securely:

•           Digital records are password-protected

•           Paper records are stored securely

•           Access is limited to me as the practitioner

 

7. How Long I Keep Your Data

​

Client records are kept for a minimum of 7 years, in line with professional standards.

After this period, your data will be securely deleted or destroyed.

 

8. Sharing Your Information

​

Your data will not be sold or shared for marketing purposes.

I may use secure third-party services (e.g. email platforms or booking systems), which process data on my behalf in accordance with data protection law.

 

9. Your Rights

​

Under UK GDPR, you have the right to:

•           Access the personal data I hold about you

•           Request correction of inaccurate information

•           Request deletion of your data (where applicable)

•           Withdraw consent at any time

•           Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any of these rights, please contact me using the details above.

 

10. Cookies and Website Data

​

If you use my website, cookies may be used to improve your experience and gather anonymous usage data.

You can control or disable cookies through your browser settings.

 

11. Updates to This Policy

​

This privacy policy may be updated from time to time.

The most recent version will always be available on my website or upon request.

 

Last updated: 24th April 2026