Privacy Policy

1. Who we are

This privacy policy applies to ResetPostpartum, a nutritional therapy and yoga/fascia release practice operated as a sole trader.

Data controller:

Regina Howes

Calle Armelina, 37
Malaga,
29013

resetpostpartum@gmail.com

ResetPostpartum operates across the United Kingdom and Spain and works with clients based in both countries and across the European Union. This policy is designed to comply with both the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR / Regulation 2016/679).

2. What personal data we collect

We collect the following categories of personal data when you enquire about or use our services:

2.1 General personal data

  • Full name and contact details (email address, phone number)

  • Country of residence

  • How you found us

  • Payment information (processed securely via Stripe — we do not store card details)

  • Correspondence and communications between us

2.2 Special category health data

We collect and process special category data relating to your physical and mental health. This includes but is not limited to:

  • Full health history, including past and current diagnoses, medications, and treatments

  • Reproductive history including pregnancy, postpartum experience, and preconception details

  • Menstrual cycle information and hormonal health data

  • Mental health and emotional wellbeing information

  • Dietary habits, lifestyle, sleep, and movement patterns

  • Laboratory and functional test results including HTMA, blood panels, DUTCH hormone tests, GI Map, and DNA testing

  • Supplement and medication use

Under Article 9 of the UK GDPR and EU GDPR, health data is classified as special category data and requires an additional lawful basis for processing. We rely on Article 9(2)(h) — processing necessary for the purposes of preventive or occupational medicine and the provision of health care — alongside your explicit consent.

3. How we collect your data

  • Via our online enquiry form (hosted on Tally)

  • Via our pre-consultation intake questionnaire (hosted on Tally)

  • Via email correspondence to our Gmail address

  • During consultation calls and check-in sessions

  • Via test results you share with us directly or upload via our forms

  • Via our booking system (cal.com)

  • Via our payment processor (Stripe)

4. Our lawful basis for processing your data

We rely on the following lawful bases under Article 6 of the UK GDPR and EU GDPR:

  • Explicit consent (Article 6(1)(a)) — for collecting and processing your personal and health data for the purpose of providing nutritional therapy and wellness services

  • Contract performance (Article 6(1)(b)) — for processing data necessary to deliver the services you have purchased

  • Legitimate interests (Article 6(1)(f)) — for administrative purposes such as maintaining client records and communicating with you about your programme

For special category health data, we rely on:

  • Explicit consent (Article 9(2)(a)) — you provide explicit consent when completing your intake questionnaire

  • Health care provision (Article 9(2)(h)) — processing necessary for the provision of health care and the management of health care systems

5. How we use your data

We use your personal and health data solely for the following purposes:

  • To provide nutritional therapy consultations, protocol writing, and ongoing support

  • To interpret and analyse functional test results on your behalf

  • To build and update your personalised health protocol

  • To communicate with you about your programme via email

  • To process payments for our services

  • To maintain client records for continuity of care

  • To send administrative communications, including appointment reminders and booking confirmations

We will never use your data for marketing purposes without your separate explicit consent, and we will never sell or share your data with third parties for commercial purposes.

6. Who we share your data with

We share your data only with the following third-party service providers, solely to the extent necessary to deliver our services:

  • Tally (form collection) — tally.so — forms are submitted securely and data is stored on Tally's servers

  • cal.com (appointment booking) — cal.com — name, email address, and appointment details are processed to manage bookings and send reminders

  • Stripe (payment processing) — stripe.com — payment details are processed securely by Stripe. We do not store your card details

  • Gmail / Google (email communications) — your name and email address are processed via Google's email infrastructure when we correspond with you

All third-party providers are required to handle your data in accordance with applicable data protection law. Where these providers are based outside the UK or EU, we rely on appropriate safeguards including Standard Contractual Clauses.

We do not share your health data or personal information with any other third parties unless required by law.

7. How long we keep your data

We retain your personal and health data for as long as you are an active client and for a period of 7 years after our working relationship ends. This retention period reflects our professional obligations and allows us to provide continuity of care should you return to work with us.

After this period, your data will be securely deleted. You may request deletion of your data at any time — please see Section 9 for your rights.

8. How we protect your data

We take the security of your personal and health data seriously. The measures we take include:

  • All client files and records are stored on password-protected devices

  • Email communications are conducted via a secured Gmail account

  • Test results and health information shared with us are stored securely and not accessible to third parties

  • Payment processing is handled entirely by Stripe using industry-standard encryption — we never see or store your card details

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with our obligations under UK GDPR and EU GDPR.

9. Your rights

Under the UK GDPR and EU GDPR you have the following rights in relation to your personal data:

  • Right of access — you have the right to request a copy of the personal data we hold about you

  • Right to rectification — you have the right to ask us to correct any inaccurate or incomplete data

  • Right to erasure — you have the right to ask us to delete your personal data in certain circumstances

  • Right to restrict processing — you have the right to ask us to limit how we use your data

  • Right to data portability — you have the right to receive your data in a structured, commonly used format

  • Right to object — you have the right to object to our processing of your data where we rely on legitimate interests

  • Right to withdraw consent — where we rely on your consent, you have the right to withdraw it at any time. This will not affect the lawfulness of processing before the withdrawal

To exercise any of these rights, please contact us at:

resetpostpartum@gmail.com

We will respond to all requests within one month. We will not charge a fee for reasonable requests.

10. How to make a complaint

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the relevant supervisory authority:

If you are based in the UK:

Information Commissioner's Office (ICO)

ico.org.uk | 0303 123 1113

If you are based in Spain or the EU:

Agencia Espanola de Proteccion de Datos (AEPD)

aepd.es | 901 100 099

We would always appreciate the opportunity to address your concerns directly before you approach a supervisory authority, so please do contact us in the first instance.

11. Cookies and website

Our site is built on Squarespace at www.resetpostpartum.com. Like all Squarespace websites, this site uses cookies — small text files stored on your device — to ensure the site functions correctly, measure visitor traffic, and improve your experience.

The cookies used include:

Essential cookiesrequired for the site to function. These cannot be disabled.

Analytics cookiesSquarespace uses these to understand how visitors use the site (pages visited, time spent, etc.). No personally identifiable information is collected.

Third-party cookies if you have any embedded content such as Instagram feeds or booking widgets, those third parties may also set cookies.

You can control or disable cookies through your browser settings at any time, though this may affect how the site functions. By continuing to use this site, you consent to the use of cookies as described above.

For full details of how Squarespace handles data, see: squarespace.com/privacy

12. Changes to this policy

We may update this privacy policy from time to time. When we do, we will update the date at the top of this document. Where changes are significant, we will notify active clients directly by email.

This policy was last updated in April 2026.

ResetPostpartum  |  Sole trader  |  UK & Spain  |  Compliant with UK GDPR and EU GDPR