Privacy Policy
Last updated: June 2026
This policy explains how Endeepenment collects, uses and protects your personal information when you use our website, attend our sessions or events, or buy our products or services. It also explains your rights under UK data protection law: the UK GDPR and the Data Protection Act 2018, as amended by the Data (Use and Access) Act 2025.
> Our approach, in plain terms
>
> We collect only what we need, encrypt it in transit and at rest, and keep access tightly limited. We never sell or rent your data, and we never use it to train AI models. You can ask to see, correct or delete your information at any time.
1. Who is responsible for your data (the data controller)
The data controller responsible for your personal information is Jonathan Fawcett, trading as Endeepenment, a sole trader.
- Address: 123 Sirdar Road, London N22 6QS
- Email: info@endeepenment.com
- ICO registration number: CSN7800420.
2. The information we collect
- Personal details: name, email, postal address, phone number.
- Health and wellbeing information: relevant medical or psychological information you give us in your Participation Agreement & Health Declaration. This is "special category" data — see Section 4.
- Transaction data: billing and delivery details. Payments are handled by third-party providers; we do not store your full card details.
- Communication data: your messages, feedback, preferences and mailing-list subscription status.
- Technical and usage data: IP address, browser and device type, and how you use the Site (see Section 9 on cookies).
We collect only what we need. We ask for the minimum required to run your sessions safely, and we design our systems to expose as little as possible — for example, scheduling feeds show only a first name, and a sensitive address can be kept off them entirely.
3. How we use your information, and our lawful basis
| What we use it for | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Taking and managing bookings, payments and event registrations | Performance of a contract |
| Keeping you informed about your sessions and answering enquiries | Performance of a contract / legitimate interests |
| Assessing your suitability and keeping you safe in sessions | Your explicit consent for health data (Art. 9 — see Section 4) |
| Sending newsletters, offers and marketing | Your consent (you can opt out at any time) |
| Improving and securing the Site and our services | Legitimate interests |
| Meeting legal and regulatory obligations | Legal obligation |
We do not use your data for automated decision-making or profiling that has legal or similarly significant effects on you.
4. Health information (special category data)
Some information you give us — about your physical or mental health, medication or wellbeing — is special category data under Article 9 of the UK GDPR.
- We collect it only with your explicit consent, given through the Participation Agreement & Health Declaration, under Article 9(2)(a).
- We use it only to assess your suitability for breathwork, to keep you safe, and to adapt a session where needed.
- It is kept confidential and accessed only by the facilitator(s) and any staff who need it, or by medical professionals in an emergency.
- We do not share it with third parties except where required by law or where necessary to protect your or another person's life or safety.
- You can withdraw your consent at any time by emailing us; however, if you do, we may not be able to let you take part in sessions where this information is needed for safety.
5. Sharing your information
We never sell or rent your personal data, never use it for advertising, and never use it to train AI models. We share it only with trusted service providers acting on our instructions, with authorities or advisers where we are legally required to, or with a successor if the business is transferred. The providers we rely on are established, security-certified services (for example, SOC 2), and we can provide a Data Processing Agreement on request.
In summary, we share your information only with:
- Trusted service providers acting on our instructions (for example, payment processors, booking and email/newsletter tools), who are contractually required to protect it;
- Authorities or advisers where we are legally required to, or to protect our legal rights; and
- A successor if our business is transferred, in which case we will tell you.
6. International transfers
If your data is transferred outside the UK (for example, because a service provider stores data abroad), we put in place safeguards required by UK data protection law, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or reliance on a UK adequacy decision.
7. How long we keep your data
We keep personal data only as long as necessary for the purposes it was collected, or as the law requires. We retain your Participation Agreement, health declaration and session records for six years after your last session with us, so that we can respond to any legal claim arising from your participation — after which we securely delete or anonymise them. Financial and booking records are kept for six years from the end of the relevant financial year, in line with HMRC requirements. If you are on our mailing list, we keep your contact details until you unsubscribe. When any data is no longer required, we delete or anonymise it securely.
8. Your rights
Under UK data protection law you have the right to:
- access a copy of your data;
- have inaccurate data corrected;
- have data erased (subject to legal exceptions);
- restrict or object to processing;
- data portability; and
- withdraw consent where we rely on it (including for marketing).
To exercise any of these, email info@endeepenment.com. We will respond within one month. There is normally no charge.
You can unsubscribe from marketing at any time using the link in any email, or by contacting us.
9. Cookies and similar technologies
We use cookies and similar storage technologies to make the Site work, to understand how it is used, and to improve it. UK cookie rules changed on 5 February 2026 under the Data (Use and Access) Act 2025; this section reflects the current position.
Cookies that do not need your consent. Following the 2025–26 changes to PECR, we may use the following without asking for consent, provided we tell you about them and you can opt out where relevant:
- Strictly necessary cookies — needed for the Site to function (e.g. security, load balancing, remembering items in a basket).
- Analytics/statistical cookies — used solely to measure how the Site is used so we can improve it. Our current analytics tool is cookieless and sets none.
- Functionality cookies — to remember your preferences (e.g. language or display settings).
- Security and software-update cookies — to keep the Site secure and working.
Cookies that DO need your consent (opt-in). We will ask for your explicit, opt-in consent before using any advertising, marketing or behavioural-tracking cookies — for example, a Meta/Facebook or Instagram pixel, or other ad-targeting tools. We do not use any such cookies at present; if that ever changes, they will stay off until you accept them, and you can change your mind at any time via our cookie settings.
You can also manage or delete cookies in your browser settings, though some features may not work properly without them.
10. Analytics
We use Vercel Web Analytics, a privacy-friendly, cookieless analytics tool, to understand in aggregate how the Site is used. It does not set cookies, does not collect or store personal data or full IP addresses, and does not track you across other websites. We do not use Google Analytics or any advertising/tracking pixel.
11. AI features
Where we use AI to help run the practice, we keep your personal information to a minimum and pseudonymise it where we can. Under our AI provider's terms, information sent through these features is not used to train AI models.
12. Third-party links
The Site may link to other websites. We are not responsible for their content or privacy practices — please read their own privacy notices.
13. Children
Our Services are for adults (18+). We do not knowingly collect data from children under 18.
14. How we keep your data safe
We use strong technical and organisational measures to protect your information:
- Encryption. Your data is encrypted in transit and at rest.
- Tight access. Your records are reachable only by Jon, protected by phishing-resistant passkeys rather than reusable passwords.
- Payments stay with the processor. Card details go directly to our payment provider (Stripe, PCI DSS Level 1) and never reach our systems — we keep only a reference and receipt.
- Private video sessions. Online sessions run in your browser over an encrypted connection and are never recorded unless you ask.
- Minimal by default. We limit what we expose internally too — for example, only your first name appears on scheduling feeds, and a sensitive address can be kept off them entirely.
- Maintained and recoverable. We keep systems current with security updates and run regular backups.
No online system can be guaranteed perfectly secure, but these measures protect your data and keep access to those who need it.
For technical reviewers, a full security and data-handling overview is available on request.
15. Complaints
If you are unhappy with how we handle your data, please contact us first at info@endeepenment.com. We will acknowledge your complaint and respond as quickly as we can. You also have the right to complain to the UK supervisory authority:
> Information Commissioner's Office (ICO)
> Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
> Helpline: 0303 123 1113 — ico.org.uk
16. Changes to this policy
We may update this policy from time to time. The current version, with its "last updated" date, will always be posted here.
Contact: info@endeepenment.com
© 2026 Endeepenment