Last updated: 07/05/2026

​

Zen Sanctuary is operated by Katharina Troncoso, trading as the Zen Sanctuary, as a sole trader in the United Kingdom.

This policy is written for publication on the Zen Sanctuary website and should be reviewed if your systems, services, locations or marketing practices change.

1. Who I am

The Zen Sanctuary respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how I collect, use, store and protect your personal information when you visit my website, contact me, book a treatment, attend an appointment, purchase a gift voucher, join my mailing list, or otherwise interact with Zen Sanctuary.

​

For the purposes of UK data protection law, I am the data controller of the personal data described in this policy.

​

Contact details

Zen Sanctuary
28 Ulster Crescent

Edinburgh EH8 7LD

United Kingdom
Email: kathi@zensanctuary.space
Website: www.zensanctuary.space

If you are located in the European Union and have questions about how your personal data is handled, you can contact me using the details above.

​

2. Personal data I collect

Depending on how you interact with the Zen Sanctuary, I may collect and process the following information.

​

Contact and identity details

This may include your name, email address, phone number, address, emergency contact details, and information you provide when making an enquiry or booking.

​

Booking and treatment information

This may include appointment dates and times, treatment type, venue, booking source, booking notes, attendance history, cancellations, preferences, and information relevant to providing your treatment.

​

Health and wellbeing information

For safe and appropriate treatment, I may ask you about your health, medical history, injuries, pregnancy, medication, allergies, pain, stress, mobility, lifestyle factors, contraindications, and treatment goals. This may include special category data, particularly health data, which receives additional protection under data protection law.

​

Payment and transaction information

This may include payment status, payment method, amount paid, refunds, gift voucher purchases and accounting records. I do not normally store full card details myself; card payments are processed by third-party payment providers.

​

Marketing preferences

This may include whether you have opted in to receive newsletters, special offers, updates, wellbeing tips, gift voucher promotions or other marketing communications, and whether you have unsubscribed or withdrawn consent.

​

Website and technical information

When you visit my website, some technical information may be collected automatically, such as IP address, browser type, device information, pages visited, time spent on the site, referral links, cookies and similar technologies.

​

3. How I collect your data

I may collect personal data directly from you when you:

• contact me by email, phone, website form, social media or messaging service;

• book an appointment through my website, Acuity Scheduling, Treatwell or another booking route;

• complete a consultation, intake or consent form;

• attend a treatment;

• purchase or redeem a gift voucher;

• subscribe to my mailing list or respond to a marketing campaign;

• respond to a survey or feedback request;

• interact with Zen Sanctuary on Facebook, Instagram or another social media platform;

• visit www.zensanctuary.space.

I may also receive limited personal data from third-party platforms you use to book, pay for, or interact with Zen Sanctuary services, such as Acuity Scheduling, Treatwell, payment providers, Mailchimp, Facebook, Instagram and website platform providers.

​

4. Why I use your personal data and lawful bases

I only use your personal data where I have a lawful basis to do so. The table below summarises the main purposes for which I use personal data.

​

​

​​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

 

​

Where I rely on consent, you can withdraw your consent at any time. This will not affect the lawfulness of processing carried out before your consent was withdrawn.

5. Health information and treatment notes

Because Zen Sanctuary provides bodywork, massage and Shiatsu treatments, I may need to process health-related information to assess whether treatment is appropriate and to adapt the treatment safely.

This may include information about physical conditions, pain, injuries, stress, anxiety, pregnancy, medication, previous treatments, lifestyle factors, and your response to treatment. I will only collect health information that is relevant to providing your treatment.

I will treat health information confidentially and will not share it unless:

• you ask me to do so;

• you give explicit consent;

• it is necessary to protect your vital interests;

• I am legally required to do so;

• it is necessary in connection with a legal claim, insurance matter or safeguarding concern.

 

6. Bookings through Acuity Scheduling and Treatwell

Appointments may be booked directly through my website or through third-party booking platforms, including Acuity Scheduling and Treatwell.

When you make a booking, the relevant platform may collect and process information such as your name, contact details, appointment details, booking notes, payment status and other information needed to manage the booking. These platforms may also process your personal data under their own privacy policies.

Zen Sanctuary uses the booking information received from these platforms to manage appointments, provide treatments, contact you about your booking, handle cancellations or changes, and maintain business records.

​

7. Marketing communications

I may use your contact details to send Zen Sanctuary marketing communications by email where you have opted in, or where the law allows me to contact existing customers about similar services and you have been given a clear opportunity to opt out.

Marketing communications may include newsletters, wellbeing tips, treatment updates, special offers, gift voucher promotions, seasonal campaigns and Zen Sanctuary news.

I currently use Mailchimp to manage email marketing. Mailchimp may process your name, email address, subscription status, email engagement information and related marketing data on behalf of Zen Sanctuary.

You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in my emails or by contacting me directly at kathi@zensanctuary.space. I will not sell your personal data to third parties.

​

8. Facebook, Instagram and social media

The Zen Sanctuary may use Facebook, Instagram and other social media platforms to share information, promote services, respond to enquiries, run promotions, and communicate with people who interact with the Zen Sanctuary online.

If you follow, like, comment on, message, tag, share or otherwise interact with the Zen Sanctuary through social media, the relevant platform may process your personal data in accordance with its own privacy policy and terms.

I may see information made available through your social media profile or interaction, such as your name, username, profile image, comments, messages, engagement with posts and other information you choose to make public or send to me.

I may use social media insights, audience engagement information or advertising tools to understand how people interact with the Zen Sanctuary content and to improve future communications. Where cookies, pixels or similar tracking technologies are used on my website, these should only be activated where legally permitted and, where required, after you have given cookie consent.

​

9. Cookies and website analytics

My website may use cookies and similar technologies to make the website work, improve your browsing experience, understand website traffic, support bookings, remember preferences, and support analytics or marketing.

Cookies may be set by my Wix website platform, analytics providers, booking tools, embedded content, payment tools or social media integrations.

Where required by law, non-essential cookies will only be used with your consent. You can change your browser settings to block or delete cookies. You may also be able to manage cookie choices through the cookie banner or settings on the Zen Sanctuary website.

For more detailed cookie information, Zen Sanctuary may publish a separate Cookie Policy or include cookie details in the website cookie banner.

​

10. Sharing your personal data

I may share personal data with trusted third-party service providers where necessary to operate the Zen Sanctuary. These may include:

• Acuity Scheduling, where you book an appointment directly through my booking system;

• Treatwell, where you book Zen Sanctuary and City Zen Sanctuary services through the Treatwell platform;

• Mailchimp, where you have opted in to receive newsletters, offers, updates or other marketing emails;

• Meta platforms, including Facebook and Instagram, where you interact with Zen Sanctuary social media pages, adverts, messages, posts or promotions;

• Ionos website hosting and Wix website platform provider;

• payment processors, such as Stripe, PayPal or other payment services;

• accounting or bookkeeping software;

• IT support providers;

• professional advisers, such as accountants, insurers or legal advisers;

• regulators, tax authorities, courts or public bodies where legally required.

 

These providers may process your personal data as independent controllers, processors, or joint controllers depending on the service and the way you interact with them. For example, if you book through Treatwell or interact with Zen Sanctuary through Facebook or Instagram, those platforms may also process your data in accordance with their own privacy policies.

I will only share personal data where necessary and appropriate for the purposes described in this Privacy Policy. I do not sell your personal data.

​

11. International transfers

Some third-party providers may store or process personal data outside the UK or European Economic Area. This may include providers such as Mailchimp, Meta, booking platforms, payment processors, website providers or other cloud-based systems.

Where personal data is transferred internationally, I will take reasonable steps to ensure appropriate safeguards are in place, such as adequacy decisions, UK International Data Transfer Agreements, EU Standard Contractual Clauses, or equivalent safeguards.

​

12. How long I keep your data

I only keep personal data for as long as necessary for the purposes described in this policy. As a general guide:

​​

​

​

​

​

​

​

​

​

​These periods may be adjusted where necessary to comply with legal, insurance, professional or regulatory requirements, or to establish, exercise or defend legal claims.

​

13. How I protect your data

I take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration or disclosure.

These measures may include password protection, secure storage, limited access, secure booking and payment systems, device security, secure email and careful handling of paper records.

No method of data transmission or storage is completely secure, but I take data protection seriously and aim to use reputable systems and appropriate safeguards.

​

14. Your data protection rights

Depending on the circumstances, you have rights under data protection law, including the right to:

• access the personal data I hold about you;

• ask for inaccurate data to be corrected;

• ask for your data to be deleted;

• ask for processing to be restricted;

• object to certain types of processing;

• request transfer of your data to another provider;

• withdraw consent where processing is based on consent;

• complain to a data protection authority.

To exercise your rights, contact me at kathi@zensanctuary.space. I may need to verify your identity before responding to your request.

​

15. Complaints

If you are unhappy with how I handle your personal data, please contact me first so I can try to resolve the issue.

You also have the right to complain to the UK Information Commissioner’s Office:

Information Commissioner’s Office
Website: www.ico.org.uk
Telephone: 0303 123 1113

If you are located in the European Union, you may also have the right to complain to your local data protection authority.

​

16. Children’s privacy

Zen Sanctuary services are intended mainly for adults. If I provide treatment to anyone under 18, I will require written consent from a parent or guardian and may process relevant personal data for safeguarding, consent and treatment purposes.

​

17. Links to other websites

My website may contain links to third-party websites, booking platforms, payment providers, social media pages or other external services.

I am not responsible for the privacy practices of those third-party websites. You should read their own privacy policies before providing personal data to them.

 

18. Changes to this Privacy Policy

I may update this Privacy Policy from time to time to reflect changes in my services, website, legal requirements or data processing practices.

The latest version will be published on this page with the date of the most recent update.