Effective Date: 14 August 2025

Last Updated: 14 August 2025

Enchanted Life Ltd (trading as EnchantedLifeByMaia) (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data controller and contact details

Data Controller: Enchanted Life Ltd (trading as EnchantedLifeByMaia)
Company number: 16407256
Registered office: 18 Bolden Street, London, England, SE8 4JF
Email for privacy queries: [email protected]

2. Personal data we collect

We may collect and process the following categories of personal data:

Identity & Contact Data: name, email address, phone number, postal address.

Booking & Service Data: appointment details, preferences, questionnaire responses.

Session Data: consultation notes and related observations recorded to provide continuity of service (these may include special category data where you share health-related or spiritual/trauma history information).

Transaction Data: purchases, order history, and limited payment metadata (card payments are processed by third-party processors; we do not store full card details).

Technical & Usage Data: IP address, device/browser type, pages visited, time on site, and referral sources (via cookies/analytics).

Communications Data: emails, contact-form messages, and messages exchanged via our CRM and WhatsApp.

3. How we collect your data

Directly from you when you complete booking forms, contact forms, or communicate with us.

Automatically through cookies and analytics when you use our website.

Via our payment and booking providers when you purchase or schedule services.

4. Lawful bases for processing

We process personal data under the following lawful bases:

Contract (Article 6(1)(b)) – to provide and administer consultations, attunements, mentorship, events, and related services you request.

Legitimate Interests (Article 6(1)(f)) – to manage our business, improve services, safeguard our platforms, prevent fraud, and maintain client relationships (balanced against your rights).

Consent (Article 6(1)(a)) – for optional activities such as email marketing; you may withdraw consent at any time.

Legal Obligation (Article 6(1)(c)) – to comply with tax, accounting, or other legal requirements.

Special category data (Article 9): Where session notes include health-related or other special category information you voluntarily share, we process this with your explicit consent to provide a safe, informed service. You may withdraw that consent at any time (this will not affect processing already carried out).

5. How we use your data

We use your data to:

Arrange and deliver services (consultations, energy attunements, mentorship, events).

Maintain session records for continuity of care and safeguarding.

Communicate about bookings, changes, reminders, and service updates.

Process payments and manage invoices/receipts.

Provide customer support and handle enquiries.

Operate and improve our website, including analytics and security.

Send marketing communications where you have opted-in (you can unsubscribe at any time).

6. Sharing your data

We do not sell your personal data. We share limited data with trusted service providers acting as processors, strictly for the purposes described above:

Content Creator Machine CRM (website hosting, booking, email marketing, embedded analytics).

Google Analytics (site analytics).

SamCart (checkout/e-commerce).

Stripe & PayPal (payment processing).

We may also disclose data where required by law or to establish/exercise/defend legal claims.

7. International transfers

Some processors (e.g., Google, Stripe, PayPal, CRM infrastructure providers) may store/process data outside the UK/EEA. Where applicable, we ensure appropriate safeguards are in place, such as:

UK International Data Transfer Agreement (IDTA),

UK Addendum to EU Standard Contractual Clauses, and/or

other lawful transfer mechanisms under UK GDPR.

8. Data retention

We retain personal data only for as long as necessary for the purposes collected, including to meet legal, accounting, or reporting requirements. Indicative periods:

Session notes / consultation records: up to 7 years after your last interaction (professional best-practice and potential legal claims limitation).

Transaction and invoicing records: 6 years from the end of the financial year (statutory requirement).

Marketing data: until you withdraw consent or we determine inactivity.

General enquiries: up to 24 months from last correspondence, unless needed longer for a live request or dispute.

We review retention periodically and securely delete or anonymise data when no longer required.

9. Data security

We implement appropriate technical and organisational measures to protect personal data, including encrypted transport (TLS), access controls, role-based permissions in our CRM, strong authentication, least-privilege access to session notes, and secure third-party processing via reputable providers.

10. Your rights

Under UK GDPR you have the right to:

Access your personal data and obtain a copy.

Rectify inaccurate or incomplete data.

Erase your data (where no overriding lawful basis applies).

Restrict or object to processing in certain circumstances (including for direct marketing).

Data portability for information you provided to us under consent or contract.

Withdraw consent where processing relies on consent.

To exercise your rights, contact [email protected]. We may need to verify your identity. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk if you believe your rights have been infringed.

11. Cookies

Our website uses cookies and similar technologies for essential functionality, performance measurement (e.g., Google Analytics), and to improve user experience. Where required, we request consent via a cookie banner. You can manage cookies in your browser settings. For further details, please see our Cookie Policy.

12. Children’s data

Our services are intended for adults. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last Updated” date. Material changes may be notified by email where appropriate.

14. How to contact us

Questions about this policy or your data rights can be sent to:
Email: [email protected]
Address: Enchanted Life Ltd (t/a EnchantedLifeByMaia), 18 Bolden Street, London, England, SE8 4JF