Who We Are

INCENTRE London is a healing and initiatory practice based in London, United Kingdom. We are practitioners certified by the Modern Mystery School International, offering sessions, classes, and training rooted in the Hermetic Mystery School lineage.

Our registered correspondence address is:

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, INCENTRE London is the data controller of your personal information.

Information We Collect

We collect personal information in the following ways:

Information you provide directly

• Name and contact details (email address, phone number)
• Booking and appointment information when you schedule a session or class
• Payment information processed via our booking or shop platform (we do not store full card details)
• Health and wellbeing information you voluntarily share relevant to your healing sessions
• Messages, enquiries, and correspondence sent via our contact form or email
• Newsletter subscriptions and consent preferences

Information collected automatically

• IP address and approximate location data
• Browser type and device information
• Pages visited, time spent on pages, and navigation behaviour on our website
• Referral sources (e.g. how you arrived at our website)
• Cookie and tracking data (see Section 6)

Special category data

Some of the services we offer — particularly healing sessions — may involve you voluntarily sharing information relating to your physical or mental health. This is considered "special category" data under UK GDPR. We handle such information with the utmost discretion, and it is used solely to provide you with appropriate care. We will always seek your explicit consent before processing this type of information.

How We Use Your Information

We use personal data for the following purposes:

• To process bookings, appointments, and payments for sessions and classes
• To communicate with you about your booking, including confirmations, reminders, and follow-up consultations
• To personalise and deliver healing sessions appropriately
• To send newsletters or updates about classes, events, and offerings — where you have consented
• To respond to your enquiries and provide customer support
• To improve our website and services through analytics
• To fulfil our legal and regulatory obligations
• To prevent fraud and maintain the security of our systems

We do not use your personal data for automated decision-making or profiling that produces significant legal effects.

Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

• Contract: Processing is necessary to fulfil your bookings and deliver our services
• Consent: Where you have given us explicit permission, such as subscribing to our newsletter or sharing health information
• Legitimate interests: To operate and improve our business, respond to enquiries, and maintain security, where these interests are not overridden by your rights
• Legal obligation: Where we are required to process your data to comply with applicable law

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Sharing Your Information

We respect the confidential nature of the work undertaken at INCENTRE and do not sell, rent, or trade your personal data. We may share your information only in the following limited circumstances:

• Service providers: Third-party platforms that help us operate our business, such as our booking system, payment processor, website host (Squarespace), email marketing tools, and calendar services. These providers are bound by data processing agreements and may not use your data for their own purposes.
• Modern Mystery School International: Where relevant to your practitioner certification or initiatory path, limited data may be shared with our authorising body.
• Legal requirements: Where disclosure is required by law, court order, or to protect the rights, property, or safety of INCENTRE, our staff, or others.
• Business transfer: In the unlikely event that INCENTRE is transferred to a new owner, your data may form part of the transferred assets. You will be notified in such a circumstance.

We will never share your health-related or session-specific information with third parties without your explicit consent, except where legally required.

Cookies & Tracking

Our website uses cookies and similar tracking technologies. A cookie is a small file placed on your device that helps us understand how you use our site.

Types of cookies we use

• Strictly necessary: Essential for the website to function (e.g. session management, security)
• Analytics: Help us understand how visitors interact with our site (e.g. pages visited, bounce rate). We use this to improve user experience.
• Marketing/tracking: Our website includes a Facebook Pixel (Meta) that may track your activity to support advertising and measure campaign effectiveness. This operates only with your consent.

You may manage or withdraw cookie consent at any time through your browser settings or by contacting us. Disabling certain cookies may affect website functionality.

Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention periods are:

• Client records and session notes: Retained for 7 years following your last appointment, in line with general UK business record-keeping guidance
• Financial and payment records: Retained for 7 years for tax and accounting purposes
• Marketing preferences and newsletter data: Retained until you unsubscribe or withdraw consent
• Website analytics data: Retained in aggregated or anonymised form after 26 months
• Enquiry correspondence: Retained for 2 years from the date of last contact, unless a client relationship develops

When data is no longer required, it is securely deleted or anonymised.

Your Rights

Under UK data protection law, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you (subject access request)
• Right to rectification: Ask us to correct inaccurate or incomplete data
• Right to erasure: Request that we delete your data where there is no longer a legitimate reason to hold it
• Right to restriction: Ask us to temporarily suspend processing of your data in certain circumstances
• Right to data portability: Receive your data in a structured, machine-readable format where processing is based on consent or contract
• Right to object: Object to processing based on legitimate interests, including direct marketing
• Right to withdraw consent: At any time, for any processing based on consent, without detriment

To exercise any of these rights, please contact us at [email protected]. We will respond within one month. If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include:

• Secure, encrypted connections (HTTPS) across our website
• Use of trusted, GDPR-compliant third-party platforms
• Restricted access to personal data on a need-to-know basis within our practice
• Regular review of our security practices

Please note that no method of transmission over the internet is entirely secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights, we will notify you and the ICO as required by law.

Third-Party Links

Our website may contain links to third-party websites, including the Modern Mystery School International website, booking platforms, and social media. This Privacy Policy applies only to INCENTRE London. We encourage you to review the privacy policies of any third-party sites you visit, as we have no control over their data practices and accept no responsibility for them.

Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately at [email protected] and we will take steps to delete it promptly.

Some services, such as Baby Blessings, are offered for the benefit of infants and young children; in such cases, all personal data is collected from and managed by the parent or legal guardian.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we do, we will revise the "Effective" date at the top of this page. For significant changes, we may also notify you directly by email.

We encourage you to review this policy periodically. Your continued use of our website or services following any changes constitutes your acknowledgment of the updated policy.

Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal data, please do not hesitate to reach out.