Rochilez & Conner Privacy & Data Protection Policy

Effective 1 November 2025

1. Who We Are

Rochilez & Conner (R&C) is a sole-trader practice operated by Richard Conner, Brechfa House, Brechfa, Carmarthen, Wales SA32 7RA, UK. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Rochilez & Conner (“we”, “our”, “us”) is the Data Controller for all client, participant, and healing-practice information.

Transformerpreneur.com Ltd (Company No. 06870457 | VAT GB 970 8199 81) provides digital and administrative infrastructure (for example Notion, Dropbox, Squarespace, and Make) and acts as a Data Processor supporting R&C under a secure internal data-processing agreement. It also operates separately as Data Controller for Flowcastic™ digital-education activities.

Data-protection contact: richardconner@me.com

2. Information We Collect

We only collect information needed to deliver and administer our services, including:

  • Contact details (name, email, phone, address if provided)

  • Booking and payment information

  • Session notes, summaries, recordings or transcripts (where consented)

  • Email-marketing preferences and responses

  • Website usage or cookie analytics data (see Section 8)

3. Why We Process Your Data (Lawful Bases)

Processing is based on one or more lawful grounds under UK GDPR:

  • Contract – to deliver sessions, programmes, or services you have booked.

  • Consent – for recordings, testimonials, and marketing communications.

  • Legal obligation – for accounting and tax compliance.

  • Legitimate interest – to maintain records, ensure quality, and protect our business.

You may withdraw consent or object to processing at any time by contacting us.

4. Where and How We Store Data

Personal information is held securely in digital form only. We use a range of cloud-based platforms to support service delivery, communication, and administration.

These may include, but are not limited to:

  • Notion – client and session database

  • Dropbox – encrypted storage for recordings, documents, and consent forms

  • Apple iCloud & Apple Contacts – device backup and communication management

  • Zoho Mail / iCloud Mail – direct email correspondence

  • GetResponse / Mailchimp – newsletters and automated email campaigns

  • Acuity Scheduling – booking and intake forms

  • Make (Integromat) – secure automation between systems

  • HubSpot – customer relationship management and marketing analytics

  • Squarespace – website hosting, contact forms, and analytics

  • Google Workspace (Drive, Docs, Sheets) – administration and reporting

  • Zoho Books – accounting and invoicing (where applicable)

  • WhatsApp / Facebook Messenger – direct client communication

  • Stripe / PayPal – payment processing (independent controllers)

  • OpenAI and similar AI tools – used for administrative or creative support

  • Advertising & social platforms – Facebook, Instagram, WhatsApp, TikTok, Nextdoor, and comparable networks for awareness and lead generation

This list is illustrative rather than exhaustive. Equivalent or successor services may be introduced from time to time to perform the same functions. All providers are selected for their security credentials and maintain GDPR-compliant processing terms or recognised international transfer safeguards (such as UK Standard Contractual Clauses).

5. International Transfers

Some processors (e.g. Dropbox, Google, OpenAI, Mailchimp, HubSpot, Stripe, Square, PayPal) may store data outside the UK. Such transfers occur only under lawful mechanisms that ensure adequate protection for data subjects.

6. Data Retention

Data are retained only for as long as necessary to fulfil the purposes for which they were collected or to meet legal requirements (such as six years for accounting records).

Anonymised or aggregated materials may be kept for reflective, educational, or research use. You may request erasure at any time.

7. Your Rights

You have the right to:

  • Access and receive a copy of your data

  • Request correction or deletion

  • Restrict or object to processing

  • Withdraw consent at any time

  • Request data portability

  • Complain to the Information Commissioner’s Office (ICO) at ico.org.uk

Contact richardconner@me.com to exercise these rights.

8. Cookies and Analytics

Our Squarespace-hosted websites use essential and performance cookies to enhance functionality and measure engagement. You can manage cookies via your browser or our cookie banner. Aggregate analytics from Google or Meta may be used to understand visitor behaviour; no personally identifiable information is shared.

9. Security Measures

All systems are password-protected, encrypted, and secured with multi-factor authentication where available. Client data are accessible only to Richard Conner.

Regular reviews ensure ongoing compliance and system integrity.

10. Children and Vulnerable Persons

Services are not directed to children under 13. Any information relating to minors or vulnerable adults is handled with enhanced confidentiality and explicit consent.

11. Policy Updates

This policy is reviewed annually and whenever systems or regulations change. The latest version will always be available on request or at www.rochilez.com/privacy-policy.

Contact

Richard Conner
richardconner@me.com
Brechfa House, Brechfa, Carmarthen SA32 7RA UK

© 2025 Rochilez & Conner • Sole Trader, Richard Conner

Data-Processor support by Transformerpreneur.com Ltd

Last updated Nov 2025