General Data Protection Regulation (GDPR) 2018 & Privacy policy


In May 2018, new Europe-wide guidelines come into place regarding how your Data is acquired, stored, retrieved and accessed. These new guidelines give the Data Owner (you) more control over what information is kept.


This document sets out what and how Peace Within Yoga and Yoga Therapy /Sara-mae handles the Data it collects from all sessions, whether it is a private sessions, group classes workshops and training course participants, and to reassure you of GDPR compliance.


The General Data Protection Regulation (GDPR) is concerned with the personal information that we collect about you and/or your child. This document is our GDPR policy. This policy is about our clients who are children as well as our clients who are adults. Where we say “you” and your child is receiving a service from us, we are referring to your child


What personal information do we store and why?




Information You Have Shared:

  •  Information about your life as part of an initial informal enquiry/registration and or assessment process for therapeutic services.

  • Medical History, confidentiality & consent processes

  • If you have scheduled to have a chat about my services, completed an enquiry form, subscribed to Peace Within Yoga Therapy newsletter or applied to participate in an educational program you will have shared your contact details & in some cases your profession & your areas of interest.




i) General Class Data – Paper/electronic

When you first attend a class, be it a group setting, a private session, a corporate session or a workshop, you will fill in a PARQ/Medical History form which details any important medical details, your contact details and the expectations you have from the classes.

ii) Electronic Data

Your email address and name is collected from the PARQ form for email marketing purposes by Sara-mae. 



Information Peace Within Yoga Therapy may generate:

  • A record of therapeutic sessions with dates, brief information on what was covered, concerns about risk & any tools offered

  • Working audio notes to facilitate my thinking (anonymised)

  • Communications to other health professionals

  • A shared (with you & anyone else you choose) Google Drive folder of any notes/images used during therapeutic sessions

  • Supervision & Peer Reflection Notes (anonymised)

  • Invoices & payment plans


Information generated in a clinical setting:

  • Personal information such as your name, gender, date of birth, relationships, parents, siblings, children, occupation, address, telephone numbers, email addresses, therapeutic history, medical conditions, medication history, employment, education and social life details

  • We also collect sensitive information such as physical and mental health details, sexual life, racial or ethnic origin, religious or other beliefs, convicted offences, and alleged offences.


  • Ongoing contact with you is also recorded. For example, we make a short record of the content of each appointment we have with you; and we also record all email exchanges and telephone calls we have with you. If another professional contacts us we will also record what they tell us.


  • Sometimes for the purpose of assessment, clinical supervision, and for ongoing professional development, video recordings may be taken of sessions.  Your therapist will always discuss this with you first and request your consent to do so.  You will be asked to complete a video consent form prior to recordings being made.  Videos will be stored on a secure server.


Can you use my data for other purposes?


We will only use your personal data for the purposes we have collected it for. If we did need to use your data for another reason, we will get in touch and explain the basis for us doing so and seek your consent. We never use your personal details for marketing purposes.

How may my data be shared?


  • We share the necessary aspects of your data as follows: 

  • During in-house clinical discussions to support the quality of the work your therapist is offering.

  • During clinical supervision between your therapist and their supervisor, which they are obliged to have in accordance with their professional standards.

  • Our Information Technology Support Service (that backs up data in the USA)

  • Outside agencies, such as NHS mental health teams, your child’s school, Children’s Services and your GP. You will be asked for explicit signed consent to share data with outside agencies, unless there are safeguarding concerns which override this. It is important for you to know that all of the above agencies and individuals are also bound by GDPR rules, and we have specifically asked for evidence of their privacy policy.


How is my data kept?

Your data is kept on a secure server, accessible by all Peace Within Yoga Therapy staff. Individual devices (e.g. laptops, computers, ipads) are all password protected. If paper data needs to be stored, it is kept in a locked cabinet within Peace Within Yoga Therapy Clinic, which is in a secured building.


Peace Within Yoga Therapy makes use of Google Suite and iCloud services. These services are password protected & encrypted. You can read about how Google protects data stored on its cloud services here and how iCloud protects its stored data here.


Mobile phone numbers for clients are held locally on Sara-mae’s mobile phone. No other identifying information is held locally on any of her mobile devices or external hard drives.


Although the Peace Within Yoga Therapy website uses SSL protection.  I cannot guarantee that the data will be 100% secure when it is transmitted. As a result I cannot guarantee the security of any information you transmit to me through enquiry forms, registration forms, or email enquiries, and you do so at your own risk. Once I receive your information, I make every effort to ensure its security on my own systems - see the section above. 



How long will you keep my data for?

  • For children (aged 15 and under); we will hold data until they are 26 years old.

  • For individuals (aged 16 and above); we will hold data for seven years after the closure of our service to you.


  • What if I make an enquiry or send a referral, but don’t end up working with your service?

  • If you get in touch with us with an initial enquiry and share personal information; we will record this information and store it for 16 weeks. If we have not heard back from you after 16 weeks, your personal information will be destroyed. If you confirm that you do not want to pursue a service with us within those 16 weeks, we will destroy the information we hold about you immediately.


Your rights

  • To be informed of what information we hold about you (this Privacy Notice).

  • To see the information we hold about you (free of charge for the initial request).

  • To correct any inaccurate information or incomplete personal information (we may ask for verification of this information)

  • To request your personal information is erased/deleted/shredded. This request may be declined if the information is needed for us to practice lawfully and competently, or if there is an adverse reason (such as a complaint, safeguarding concerns or a legal reason).



Who should I contact if I have a question about my data?

Our Data Protection Officer is Sara-mae Martin, who is the owner and founder of Peace Within Yoga Therapy.


Sara-mae is available for questions by contacting her on:





What should I do if I’m not happy with the data protection procedures?

In the first instance, we would encourage you to contact our Data Protection Officer as above. Alternatively, you have a right to make a complaint at any time to the Information Commissioner’s Office (ICO) (




This privacy information was updated in November 2020.