SHELL COX WELLNESS GDPR POLICY.

1. Purpose of This Policy

Shell Cox Wellness is committed to protecting the personal data of its clients, partners, employees, and stakeholders. This GDPR Policy outlines how we collect, use, store, and manage personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

2. Scope

This policy applies to all personal data processed by Shell Cox Wellness in the course of delivering meditation sound and relaxation experiences, including but not limited to client bookings, email marketing, website use, and in-person events.

3. Data We Collect

We may collect the following personal data:
- Full name
- Contact details (email address, phone number, mailing address)
- Health information (only if voluntarily provided for session tailoring)
- Payment information (processed securely via third-party platforms)
- Preferences and feedback from sessions
- IP addresses and analytics data from our website

4. Legal Basis for Processing

We process personal data based on:
- Consent: For email marketing and session customisation
- Contractual necessity: To fulfil bookings and provide services
- Legitimate interests: To improve our services and ensure security
- Legal obligations: For tax, accounting, or legal requirements

5. Use of Personal Data

We use personal data to:
- Manage bookings and deliver services
- Tailor meditation and relaxation sessions
- Send updates, newsletters, and promotional offers (with consent)
- Improve website performance and customer experience
- Comply with legal and regulatory obligations

6. Data Sharing

We do not sell or rent personal data. Data may be shared with:
- Third-party service providers (e.g., email platforms, payment processors)
- Legal or regulatory authorities if required by law
All third parties are GDPR-compliant and contractually bound to protect personal data.

7. Data Retention

Personal data will be retained only for as long as necessary for the purposes stated above. When data is no longer required, it will be securely deleted or anonymised.

8. Data Security

We implement appropriate technical and organisational measures to safeguard personal data, including:
- Secure servers and encrypted databases
- Password-protected access to internal systems
- Staff training on data protection and confidentiality

9. Rights of Data Subjects

Under the GDPR, individuals have the right to:
- Access their personal data
- Request rectification or erasure
- Restrict or object to processing
- Withdraw consent at any time
- Data portability
- Lodge a complaint with the ICO (Information Commissioner’s Office)

To exercise these rights, please contact: [Insert your DPO contact or company email]

10. Cookies and Website Tracking

Our website may use cookies for performance and analytics. Users are notified upon visiting and given the option to manage cookie preferences.

11. Policy Review

This policy is reviewed annually or in response to significant changes in business operations or data protection law.

12. Contact Information

For any questions or requests regarding this policy, please contact:

Shell Cox Wellness
Email: shellcoxwellness@gmail.com