Privacy Policy

We only collect and process data that is necessary for the purpose for which it was gathered. Personal data means any information that can identify you directly or indirectly. The scope of data we process may vary depending on the type of service provided.

2.1 Categories of Data We May Collect

• Identity Data - name, title, username, date of birth and gender.

• Contact Data - address, email address and telephone number.

• Financial Data - payment details processed securely via third-party payment providers. Where we issue a sales document, we may also process your name, company name, residential or business address, and tax identification number.

• Transaction Data - details of services purchased or payments made.

• Technical Data - IP address, browser type, device information, and usage data.

• Profile Data - username and password, purchases or orders, preferences, feedback, survey responses, and your areas of interest.

• Usage Data - how you use our website and services.

• Marketing and Communications Data - your preferences regarding marketing communications from us and selected third parties, as well as your general communication preferences.

2.2 Special Category and Sensitive Data

Where necessary for the provision of coaching, healthcare, or wellbeing services, we may process special category data, including health and wellbeing information shared by you in the context of our sessions or services. Such data are:

• collected only when strictly necessary,

• handled with the utmost confidentiality,

• processed on a lawful basis (usually explicit consent or the provision of healthcare or wellbeing services),

• accessible only to authorised professionals.

We do not collect any other categories of sensitive data, including information relating to race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, or biometric data. We also do not collect any information about criminal convictions or offences.

2.3 How We Use Your Data Depending on the Service

The specific data we process depends on how you interact with us:

• Services and Events – if you use our services or participate in events we organise, we process your name, contact details, and payment information.

• Competitions – if you participate in any competitions we run, we process your name, phone number, and email address. In cases where a cash prize is awarded, we may also process your bank account number.

• Newsletter and Marketing – if you have given your consent to receive our newsletter or marketing communications, we process your name and email address.

• Electronic and Direct Communications – if we communicate with you electronically or via automated communication systems, and you have given prior consent, we process your name, phone number, and email address as relevant to the form of communication used.

Providing your personal data is voluntary. However, certain data may be necessary for you to use our services and for us to deliver them properly. In addition, some data is required in order for us to fulfil our legal obligations as set out in this policy.

We collect your personal data through the following means:

• Interactions - when you fill in a form, contact us by email or phone, make a booking, attend a consultation, or participate in an event.

• Automated Technologies - through cookies, server logs, and analytics tools when you visit our website. For more details, please refer to our Cookie Policy.

• Third Parties - from payment providers, booking systems, and analytics services, as well as from publicly available sources where lawful.

We process your personal data in accordance with the General Data Protection Regulation (GDPR) for the following purposes and on the following legal bases:

• responding to your enquiries or requests, based on your consent or our legitimate interests,

• entering into and performing a contract or delivering a service, including handling any complaints or claims arising from your engagement with us,

• processing payments and bookings,

• communicating with you regarding your sessions and services,

• improving our website and services based on usage data,

• sending marketing communications where you have given your consent,

• fulfilling our legal obligations, including retaining financial and business records, verifying and identifying clients where necessary, and sharing data with authorised authorities where required by Irish law,

• pursuing the legitimate interests of AHA (Awareness Healing Appreciation) Coaching, where these do not override your rights and freedoms.

If we decide to process your data for a purpose other than that for which it was originally collected, we will inform you and request your consent where required by law.

We retain your personal data only for as long as is necessary for the purpose for which it was collected. The specific retention periods are as follows:

• Contract-based processing - we retain your data for the duration of the contract and for the period during which any claims arising from that contract may be brought. Under Irish law, the general limitation period for contract claims is six years.

• Consent-based processing - we retain your data until you withdraw your consent, after which it will be deleted promptly.

• Legitimate interests - we retain your data for as long as the legitimate interest exists, for example, for the duration of the applicable limitation period for civil claims or until you object to further processing where you have the right to do so under applicable law.

• Legal obligations - we retain your data for as long as required by Irish law. Key retention periods include six years for financial and accounting records under the Companies Act 2014 and eight years for certain tax records as required by the Revenue Commissioners.

Where data is no longer required for its original purpose, it may be anonymised and retained for statistical or research purposes rather than deleted.

We do not share your personal data with third parties except where necessary to deliver our services, fulfil our legal obligations, and comply with applicable law. In all cases we remain the data controller and retain full responsibility for the security of your data.

We share your data only with the following three groups:

• Authorised Personnel - our employees, contractors, and collaborators who require access to your data in order to carry out their duties properly.

• Data Processors - external service providers engaged by us to carry out specific tasks on our behalf, including IT and technical support, booking and payment systems, accounting and payroll services, legal advice, marketing support, and document management. All such processors are bound by a Data Processing Agreement and are required to process your data only in accordance with our instructions and in full compliance with GDPR.

• Other Recipients - regulatory authorities, law enforcement bodies, or other organisations to which we are legally required to share your data, based on a valid and effective legal basis under applicable law.

All third parties are required to respect the security and confidentiality of your data at all times.

Our primary partners are based in Ireland and within the European Economic Area (EEA). However, some of our service providers are located outside the EEA. Where data is transferred outside the EEA, for example via cloud services or IT providers, we ensure that appropriate safeguards are in place in accordance with GDPR.

These safeguards may include Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries recognised by the European Commission as providing an adequate level of data protection. Where SCCs are used, we verify that there is no significant risk of a data protection breach by the recipient, including assessing their data security processes and whether the transferred data could potentially be of interest to third-country authorities.

We minimise the scope of data transferred outside the EEA to what is strictly necessary.

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

• access controls and confidentiality obligations,

• secure storage and encrypted systems,

• regular backups and security updates,

• breach detection and response procedures.

While we take every reasonable precaution to protect your data, please be aware that no method of transmission over the internet or electronic storage is completely secure. We will notify you and the Data Protection Commission promptly in the event of a data breach that is likely to affect your rights and freedoms.

We do not make any decisions based solely on automated processing, including profiling, that would produce legal effects or similarly significantly affect you.

We may use automated tools such as analytics to better understand how our website is used and to improve our services. However, these processes do not affect your rights or produce any legal or significant consequences for you.

You have full control over your personal data and can manage your privacy preferences at any time in the following ways:

• by contacting us at info@aharecallhealing.eu to request access to, correction of, or deletion of your data,

• by withdrawing your consent to marketing communications at any time by clicking the unsubscribe link in any email we send you,

• by managing your cookie preferences through your browser settings,

• by requesting that we restrict or stop processing your data in certain circumstances.

We will respond to all valid requests within one month.

Under GDPR, in connection with the processing of your personal data, you have the following rights:

• Right to Information (Art. 12 and 13 GDPR): You have the right to be informed about how your personal data are being processed.

• Right of Access (Art. 15 GDPR): You have the right to access your personal data held by us.

• Right to Rectification (Art. 16 GDPR): You have the right to correct inaccurate data and request completion of incomplete data.

• Right to Restriction of Processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your personal data in certain circumstances.

• Right to Data Portability (Art. 20 GDPR): You have the right to request your personal data be transferred to another data controller.

• Right to Object (Art. 21(1) GDPR): You have the right to object to processing on grounds relating to your particular situation. Note that this right is not absolute. We may continue processing if we can demonstrate compelling legitimate grounds that override your rights or if processing is necessary for the establishment, exercise, or defence of legal claims.

• Right to Object to Direct Marketing: You may object at any time to processing of your data for direct marketing purposes. This objection is unconditional and requires no justification. Once received, we will no longer process your data for direct marketing purposes. Please note that withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

• Right to Erasure (Art. 17 GDPR): You have the right to request deletion of your personal data, known as the “right to be forgotten", for example, when we are processing your data unlawfully, you have objected to marketing processing, or deletion is required to fulfil a legal obligation.

  To exercise any of the above rights, please contact us at info@aharecallhealing.eu. We will respond to all valid requests within one month. Please note that requests relating to client records may need to be handled directly by your practitioner due to professional confidentiality obligations.

• Right to Lodge a Complaint

  You have the right to lodge a complaint with the Data Protection Commission (DPC):

  Website: www.dataprotection.ie Phone: +353 (0)1 765 0100

If you wish to contact us in connection with the processing of your personal data, you can do so by email at: info@aharecallhealing.eu

14.1 What Are Cookies?

Cookies are small text files stored on your device by your web browser. They help our website remember your preferences and how you interact with it, making your experience smoother and more personalised each time you visit. In limited circumstances, we may also collect personal data automatically through cookies on our website.

By using our website, you agree to the use of cookies in line with this policy. Where required by law, we will ask for your explicit consent before placing any non-essential cookies on your device.

14.2 Why Do We Use Cookies?

We use cookies to ensure our website functions properly, remember your preferences, and better understand how visitors interact with our site so we can continuously improve it. EU law requires full transparency around cookie use, and this policy sets out exactly how and why we use them.

14. 3 Types of Cookies We Use:

• Strictly Necessary Cookies: These cookies are essential for the website to operate. They enable core functionality such as page navigation and access to secure areas. This includes session cookies storing data entered by the user, authentication cookies for services requiring login, security cookies used to detect authentication abuse, and multimedia player session cookies. The website cannot function correctly without them.

• Functionality Cookies: These cookies remember choices you make, such as your preferred language or region, and may persist slightly beyond your session to maintain a personalised interface. All information collected is anonymised and does not track your activity on other websites.

• Performance Cookies: These cookies help us understand how visitors use our website, for example, which pages are visited most frequently or where errors occur. This includes Google Analytics cookies, used by Google to analyse how visitors interact with our site and to generate statistical reports. Google does not use this data to identify individual users or combine it in a way that enables identification. All data collected is aggregated and anonymous and is used solely to improve website performance.

14.4 Managing Your Cookie Preferences

You can control or disable cookies through your browser settings at any time. Please be aware that disabling certain cookies may limit some features of the website and, in some cases, may prevent certain services from functioning correctly.

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies before providing any personal data.

We do not sell your personal data to third parties under any circumstances.

If you have any concerns about how we handle your personal data, please contact us in the first instance at info@aharecallhealing.eu We will do our best to resolve any issue promptly and fairly.

We may update this Privacy Policy from time to time. If we make any significant changes, we will notify you by email. To the extent permitted by applicable law, your continued use of our services following such notification constitutes your acceptance of the updated policy.

We encourage you to review this policy periodically to stay informed about our privacy practices. Previous versions of our Privacy Policy are also available for your reference on our website.

This Privacy Policy is governed by and construed in accordance with the laws of Ireland and the General Data Protection Regulation (GDPR).

This policy is reviewed on an ongoing basis to ensure it remains accurate and up to date. The current version was adopted and has been in effect since 30 May 2026.