Privacy Policy & Data Protection
1. Introduction
The Energy Room in Swansea, Wales, is committed to protecting your privacy and personal data in accordance with UK GDPR regulations. This Privacy Policy outlines the types of personal information that The Energy Room ("we," "our," or "us") may collect when you use our website, book our services, or visit our facility, and explains how we collect, use, store, and protect that information.
We are dedicated to complying with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This policy describes your data protection rights and how the law protects you. By using our services or website, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
The Energy Room is the data controller responsible for your personal information. We determine the purposes and means of processing your personal data. For any questions regarding this Privacy Policy or our data protection practices, please contact us using the details provided at the end of this document.
3. Information We Collect
We may collect, store, and use the following categories of personal information about you:
Personal Contact Details
Full name
Email address
Telephone or mobile number
Postal address
Booking and Service Information
Session booking details and preferences
Payment and transaction history
Session attendance records
Communication preferences
Health and Wellness Information
Health conditions or concerns relevant to service provision (provided voluntarily)
Feedback regarding session experiences
Wellness goals and outcomes (where shared)
Technical Information
IP address
Browser type and version
Operating system
Pages visited on our website
Time and date of visits
Referring website addresses
Financial Information
Payment card details (processed securely through third-party payment processors)
Billing address
Transaction records
We only collect personal information that is necessary for the legitimate purposes outlined in this policy. We do not collect sensitive personal data unnecessarily, and any health information is collected only with your explicit consent and for the purpose of safely delivering our services.
4. How We Collect Information
We collect personal information through various methods:
Direct Interactions
You provide information when you complete booking forms, contact us by telephone or email, subscribe to our newsletter, purchase products, provide feedback, or engage with us on social media.
Automated Technologies
When you visit our website, we may automatically collect technical data about your browsing actions and patterns through cookies and similar technologies. For more information, please see our Cookie Policy.
Third Parties
We may receive personal information from third-party service providers, including payment processors, analytics providers, and marketing platforms, where you have given appropriate consent for such sharing.
5. Legal Basis for Processing Your Personal Information
We will only collect and use your personal information where we have a lawful basis to do so. Our legal bases for processing include:
Consent
Where you have given clear consent for us to process your personal information for specific purposes, such as sending marketing communications or storing health information. You may withdraw your consent at any time.
Contractual Necessity
Where processing is necessary to fulfil a contract we have with you, such as processing your booking, providing services you have requested, or processing payments.
Legal Obligation
Where we need to comply with legal or regulatory requirements, such as maintaining financial records for tax purposes or responding to lawful requests from authorities.
Legitimate Interests
Where processing is necessary for our legitimate business interests, such as improving our services, ensuring security, fraud prevention, or internal administrative purposes, provided such interests do not override your fundamental rights and freedoms.
6. How We Use Your Personal Information
We use your personal information for the following purposes:
Service Provision
Processing and managing your bookings
Providing access to Energy Enhancement System sessions
Processing payments and maintaining financial records
Communicating with you regarding your appointments
Ensuring your safety and wellbeing during sessions
Business Operations
Maintaining client records and booking systems
Analysing service usage to improve our offerings
Managing our website and ensuring its security
Responding to enquiries and customer service requests
Marketing and Communications
Sending promotional materials and updates about our services (where you have consented)
Providing information about new offerings, special promotions, or events
Sending newsletters and wellness tips (where you have subscribed)
Legal and Regulatory Compliance
Complying with legal obligations and regulatory requirements
Protecting our legal rights and interests
Preventing fraud and ensuring security
We will never use your personal information for purposes incompatible with those for which it was collected without obtaining your explicit consent.
7. Sharing Your Personal Information
We do not sell, rent, or trade your personal information to third parties. However, we may share your information with the following categories of recipients for legitimate business purposes:
Service Providers
We may share your information with trusted third-party service providers who assist us in operating our business, such as payment processors, IT support providers, website hosting services, and email marketing platforms. These providers are contractually obligated to protect your information and use it only for the purposes we specify.
Professional Advisers
We may share your information with legal advisers, accountants, auditors, and other professional advisers who assist us in running our business, subject to confidentiality obligations.
Legal and Regulatory Authorities
We may disclose your information where required by law, court order, or governmental authority, or where necessary to protect our legal rights, prevent fraud, or ensure the safety of our clients and staff.
All third parties with whom we share your personal information are required to respect its security and handle it in accordance with applicable data protection laws. We do not permit third parties to use your personal information for their own purposes.
8. International Transfers
Your personal information is stored and processed within the United Kingdom and the European Economic Area (EEA). We do not routinely transfer personal data outside the UK or EEA. In the event that such a transfer becomes necessary, we will ensure that appropriate safeguards are in place to protect your information in accordance with GDPR requirements, such as the use of Standard Contractual Clauses or ensuring the recipient country has adequate data protection laws.
9. Data Security
We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, accidental loss, destruction, or damage. These measures include:
Secure server infrastructure with encryption
Password-protected systems with restricted access
Regular security assessments and updates
Staff training on data protection and confidentiality
Secure payment processing through PCI-DSS compliant providers
Whilst we take all reasonable precautions to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but will notify you promptly of any data breaches that pose a risk to your rights and freedoms, as required by law.
10. Data Retention
We will retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, accounting, or reporting requirements.
Client Records
Booking and contact information is retained for the duration of our business relationship and for up to six years afterwards to comply with financial record-keeping obligations and to handle any queries or disputes.
Health Information
Health-related information provided voluntarily is retained for as long as you continue using our services and for up to two years afterwards, or as long as required by relevant legislation, whichever is longer.
Marketing Consent
If you have consented to receive marketing communications, we will retain your contact details until you withdraw consent or we determine that the information is no longer relevant.
Website Analytics
Technical data collected through cookies is typically retained for periods ranging from session-only to up to two years, depending on the specific cookie type.
To determine appropriate retention periods, we consider the amount, nature, and sensitivity of the personal information, the purposes for which we process it, and applicable legal requirements.
11. Your Rights as a Data Subject
Under data protection law, you have the following rights regarding your personal information:
Right of Access
You have the right to request a copy of the personal information we hold about you, along with information about how we use it.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal information we hold about you.
Right to Erasure
You have the right to request deletion of your personal information in certain circumstances, such as where it is no longer necessary for the purposes for which it was collected or where you withdraw consent.
Right to Restriction
You have the right to request that we restrict processing of your personal information in certain circumstances, such as where you contest its accuracy or object to processing.
Right to Data Portability
You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another data controller where technically feasible.
Right to Object
You have the right to object to processing of your personal information where we are relying on legitimate interests as our legal basis, or where we are processing your information for direct marketing purposes.
Right to Withdraw Consent
Where we are processing your personal information based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing conducted prior to withdrawal.
Right to Complain
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal information in accordance with data protection law. Contact details for the ICO can be found at www.ico.org.uk.
To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month, although this may be extended in complex cases.
12. Cookies and Website Tracking
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and understand user preferences. Cookies are small text files placed on your device that allow us to recognise you and remember your preferences.
Types of Cookies We Use
Essential Cookies
These cookies are necessary for the website to function properly and cannot be disabled. They include cookies that enable you to navigate the website and use its features.
Performance Cookies
These cookies collect information about how visitors use our website, such as which pages are visited most often. This information helps us improve website performance.
Functionality Cookies
These cookies remember your preferences and choices, such as language settings, to provide a more personalised experience.
Marketing Cookies
These cookies track your browsing activity to display relevant advertisements and measure the effectiveness of marketing campaigns. These are only used with your consent.
You can control cookie settings through your browser preferences. However, blocking certain cookies may affect website functionality and your user experience. For detailed information about the cookies we use, please refer to our separate Cookie Policy.
13. Third-Party Links
Our website may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.
14. Children's Privacy
Our services are intended for adults aged 18 and over. We do not knowingly collect personal information from children under 16 without parental consent. If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete that information promptly.
15. Marketing Communications
Where you have consented to receive marketing communications, we may send you information about our services, special offers, wellness tips, and other relevant content by email, post, or other means.
You can opt out of receiving marketing communications at any time by:
Clicking the unsubscribe link in any marketing email
Contacting us directly using the details below
Updating your communication preferences through your account settings (where applicable)
Please note that even if you opt out of marketing communications, we may still need to send you essential service-related messages regarding your bookings or account.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. Any changes will be posted on this page with an updated revision date. Where changes are significant, we will endeavour to notify you by email or through a prominent notice on our website.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Continued use of our services following changes to this policy constitutes acceptance of those changes.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:
The Energy Room
Swansea, Wales
Website: www.theenergyroom.wales
Information Commissioner's Office
If you wish to make a complaint about how we handle your personal data, you may contact the ICO:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
This Privacy and Data Protection Policy was last updated on 21 December 2025.