Who we are

​

Ty Enfys Shamanic Activations Ltd is a UK-based organisation delivering soundbath events. This Privacy Notice explains how we collect, use, store, and share personal data when you book or attend a soundbath.

This notice applies specifically to soundbath events and should be read alongside our main website privacy policy.

What personal data we collect

​

When you book a soundbath or contact us about an event, we may collect:

 

• Your name

• Your contact details, such as an email address

​

We only collect personal data that is necessary to manage bookings, communicate with you, and safely deliver the event.

​

We do not collect special category data unless you choose to share information for accessibility or support purposes.

​

How we use your data

​

We use personal data to:

 

• Manage and confirm your booking

• Contact you with essential event information

• Maintain an attendance list for the session

​

Sharing your data with venue hosts

​

Some soundbath events are delivered in partnership with third-party venues. In these cases, we may share your name only with the venue host.

​

This sharing is required to meet the venue’s safeguarding responsibilities and health and safety at work obligations, including:

 

• Knowing who is on the premises

• Managing safe numbers in the space

• Responding appropriately in the event of an incident or emergency

• Meeting insurance and risk assessment requirements

​

No contact details, payment information, or other personal data are shared with venues. Names are used only for attendance and safety purposes on the day and not for marketing or any other activity.

​

Lawful basis for processing

​

We process personal data under the following lawful bases:

 

• Contract, to deliver the soundbath you have booked

• Legitimate interests, to manage attendance safely and responsibly in line with safeguarding and health and safety requirements

​

Our data processors and international transfers

​

We use a small number of trusted third-party providers to support bookings, payments, and communications. Each acts as a data processor on our behalf and is required to comply with UK GDPR.

​

• Wix: Used for website hosting and event bookings. Wix processes booking data securely and operates internationally.

• Stripe: Used for payment processing. We do not store card details. Payment data is handled directly by Stripe in line with financial and data protection regulations​

• Microsoft Forms: Used for contact and event-related forms. Data is processed within Microsoft’s secure cloud infrastructure

• Google Workspace (Business Email): Used for business email communications, which may include personal data where you contact us or we respond to enquiries.

​

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or other legally recognised UK transfer mechanisms.

​

We remain the data controller and are responsible for ensuring that all processing meets UK GDPR requirements.

​

Data storage, security, and retention

​

We apply appropriate technical and organisational measures to protect personal data from loss, misuse, unauthorised access, or disclosure.

​

Financial records: Transaction and accounting records are retained for seven years, in line with UK tax and accounting obligations.

 

Other personal data: Names and contact details used for soundbath bookings and attendance are retained only for as long as necessary to manage the event and meet legal or administrative requirements. Data is then securely deleted or anonymised.

 

Your rights

​

Under UK data protection law, you have the right to:

 

• Access the personal data we hold about you

• Request correction of inaccurate or incomplete data

• Object to or restrict processing in certain circumstances

• Request erasure where we do not have a lawful reason to retain data

​

How to contact us and submit a data rights request

​

If you have any questions, concerns, or wish to exercise your data protection rights, you can contact us:

​

• Online: via our website contact form

• By post: Ty Enfys Shamanic Activations Ltd,  53 Kilvey Terrace, St Thomas, Swansea, SA1 8BA

​

We may need to verify your identity before responding. We aim to respond within one month, in line with UK GDPR.

​

Raising a concern with the ICO

​

If you are unhappy with how we have handled your personal data, we encourage you to contact us first so we can try to resolve the issue.

​

You also have the right to raise a concern with the Information Commissioner’s Office (ICO), the UK data protection regulator. Details are available at www.ico.org.uk
.