Washingspine
Last updated:

Privacy Policy

This Privacy Policy explains how Washingspine collects, uses, stores, and protects personal data when you visit our website or use our services. We are committed to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable international data protection standards.

1. Data Controller Information

The data controller responsible for your personal data is:

Washingspine
50 Pingle Dr, Bicester OX26 6WD, United Kingdom
Telephone: +44 1869 366200
Email: hello@washingspine.world
Website: https://washingspine.world

For any questions regarding this Privacy Policy or the processing of your personal data, please contact us using the details above. We aim to respond to all data-related enquiries within thirty calendar days.

2. Scope of This Policy

This Privacy Policy applies to all personal data collected through our website at washingspine.world, including when you browse our pages, submit a contact form, purchase educational products, book consultations, participate in programmes, or interact with our cookie consent mechanism. It does not apply to third-party websites that may be linked from our pages, and we encourage you to review the privacy policies of any external sites you visit.

Our website provides general informational content about food variety in daily nutrition. We do not collect health records, medical histories, or clinical data through our standard contact or booking processes.

3. Categories of Personal Data We Collect

3.1 Data You Provide Directly

When you contact us, book a consultation, or purchase a product, we may collect the following information:

  • Full name
  • Email address
  • Telephone number (if provided)
  • Postal address (if required for product delivery)
  • Message content and enquiry details submitted through our contact form
  • Payment-related information processed by our payment provider (we do not store full card details on our servers)
  • Consent records, including GDPR consent checkbox confirmations and cookie preferences

3.2 Data Collected Automatically

When you visit our website, certain technical data may be collected automatically through cookies and similar technologies, subject to your consent preferences:

  • IP address (which may be truncated or anonymised for analytics purposes)
  • Browser type and version
  • Operating system
  • Device type and screen resolution
  • Referring URL and pages visited on our site
  • Date and time of access
  • Session duration and interaction patterns

3.3 Consultation-Related Data

During food variety consultations, we may record notes about your stated food preferences, ingredient usage, household size, and general eating habits. This information is collected solely to deliver our educational consulting services and is not used for medical profiling or health assessments.

4. Legal Bases for Processing

Under UK GDPR, we process personal data only when a lawful basis applies. The bases we rely upon include:

  • Consent (Article 6(1)(a)): For non-essential cookies, marketing communications, and certain optional data processing activities. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Contract (Article 6(1)(b)): To perform our contract with you when you purchase products, book consultations, or enrol in programmes.
  • Legitimate Interests (Article 6(1)(f)): To operate and improve our website, prevent fraud, ensure network security, and respond to enquiries — balanced against your rights and freedoms.
  • Legal Obligation (Article 6(1)(c)): To comply with applicable laws, including tax and accounting requirements.

5. Purposes of Data Processing

We use your personal data for the following specific purposes:

  1. Responding to enquiries submitted through our contact form or email
  2. Scheduling and delivering food variety consultations and educational programmes
  3. Processing orders for educational products and issuing related documentation
  4. Managing payments, invoicing, and refund requests in accordance with our Refund Policy
  5. Storing and honouring your cookie consent preferences
  6. Analysing website usage to improve content, navigation, and user experience (with consent)
  7. Sending service-related communications, such as booking confirmations and session summaries
  8. Sending marketing communications about our services where you have opted in
  9. Complying with legal obligations and defending legal claims
  10. Maintaining the security and integrity of our website and systems

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law. Our standard retention periods are:

  • Contact form submissions: Twenty-four months from the date of submission, unless an ongoing client relationship exists.
  • Client consultation records: Thirty-six months from the date of the last session, after which notes are securely deleted or anonymised.
  • Transaction and invoicing data: Seven years, in accordance with UK tax and accounting regulations.
  • Cookie consent records: Twelve months, after which we will request renewed consent.
  • Analytics data: Twenty-six months in aggregated or anonymised form, where consent has been granted.
  • Marketing consent records: Until you withdraw consent, plus six months for audit purposes.

When retention periods expire, data is securely deleted or irreversibly anonymised so that it can no longer be associated with you.

7. Data Sharing and Third Parties

We do not sell your personal data. We may share data with trusted third parties only where necessary and under appropriate safeguards:

  • Hosting and infrastructure providers: To maintain website availability and data storage within secure data centres.
  • Payment processors: To handle secure payment transactions for products and services.
  • Email service providers: To deliver transactional and, where consented, marketing emails.
  • Analytics providers: To measure website performance, only when you have accepted analytics cookies.
  • Professional advisers: Including accountants and legal counsel, bound by confidentiality obligations.
  • Law enforcement or regulatory bodies: When required by applicable law or court order.

All third-party processors are required to process data in accordance with UK GDPR and our written instructions. Where data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

8. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption across all pages of our website
  • Secure socket layer (SSL/TLS) certificates for data in transit
  • Access controls limiting personal data access to authorised personnel only
  • Regular review of data processing activities and security practices
  • Encrypted storage for sensitive records where technically feasible
  • Staff awareness of data protection responsibilities
  • Incident response procedures for suspected data breaches

While we take reasonable steps to protect your data, no method of transmission over the internet is completely secure. We encourage you to use strong passwords for any accounts and to contact us immediately if you suspect unauthorised access to your information.

9. Your Rights Under UK GDPR

As a data subject, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data where no compelling reason for continued processing exists.
  • Right to restrict processing: Request that we limit how we use your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format where processing is based on consent or contract.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw consent at any time for processing that relies on consent, without affecting prior lawful processing.
  • Right not to be subject to automated decision-making: We do not use automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, contact us at hello@washingspine.world. We will respond within one month, which may be extended by two further months for complex requests. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

10. Children's Data

Our website and services are directed at adults. We do not knowingly collect personal data from individuals under the age of sixteen without parental or guardian consent. If you believe we have inadvertently collected data from a minor, please contact us and we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The date at the top of this page indicates when the policy was last revised. Material changes will be communicated through a notice on our website. We encourage you to review this page periodically.

12. Contact and Data Protection Enquiries

For all privacy-related questions, data subject requests, or concerns about how we handle your information, please contact:

Washingspine — Data Protection
50 Pingle Dr, Bicester OX26 6WD, United Kingdom
Email: hello@washingspine.world
Telephone: +44 1869 366200