GDPR Policy

The British Reflexology Association (BRA) affirms its ongoing commitment to upholding the principles of the General Data Protection Regulation (GDPR). We strive to implement best practices in data handling, transparency, and member privacy, ensuring compliance to the fullest extent of our operational capacity. We regularly review our policies to align with evolving legal standards and ethical responsibilities.

What Is Personal Data?
Personal data refers to any information that can identify an individual, either directly or indirectly. This includes names, contact details, identification numbers, location data, and other markers linked to a person’s physical, mental, cultural, or social identity.

What Information Do We Collect?

We collect personal information when you:

Contact us for a potential membership
Purchase products or services
Submit qualifications with feedback, queries, or complaints.

This may include:

Your name, address, email, and phone number
Records of your interactions with us
Copies of certificates and professional credentials
Survey responses and website usage data (via cookies)

How Do We Use Your Information?
Your data is used to:

Administer your membership request
Deliver services and respond to enquiries
Keep you informed about relevant updates and opportunities

We do not sell your data or share it with third parties unless:
• You’ve given explicit consent
• It’s necessary to fulfil a service
• We are legally required to do so

You can opt out of non-essential communications at any time. Essential updates related to your membership will be sent only when necessary.

Who Do We Work With?
We work with trusted service providers who meet GDPR standards. These partners only access the data required to perform their services.

Current providers include:

Mailchimp – for email communications (first name and email only)
Stripe – for secure payment processing
Facebook & Instagram – for community engagement
Wix – for our members zone
Legal authorities – when required by law

Payment Security:

All payments are processed through secure third-party gateways or by direct transfers to our

business bank account. The BRA does not store credit card or PayPal details. We retain transaction receipts for administrative, accounting purposes and dispute resolution purposes, but these do not contain sensitive payment data.

We recommend reviewing the privacy policies of payment providers for further details.

Data Storage and Security:
We take data protection seriously. Our hosting and IT systems are designed with security in mind, including:

Regular software updates and patches
SSL encryption
ll and DDOS protection Firewall

Our hosting partner uses renewable energy and meets international environmental and security standards.

Legal Basis for Processing:
We process personal data under the lawful basis of legitimate interest—to provide effective membership services and maintain accurate records.

Data Retention:
We retain personal data:

To support future membership applications or service queries
For up to 10 years following the resolution of any complaint
As required by law or in connection with legal investigations

Your Rights:

Under UK data protection law, you have the right to:
• Access your personal data
• Request corrections or updates
• Ask for data to be erased (in certain cases)
• Restrict or object to processing
• Request data portability
• Withdraw consent (where applicable)

We aim to respond to all requests within one calendar month. Please contact us using the details above to exercise your rights.

Policy Updates:
We review this policy regularly and publish updates on our website. We reserve the right to amend this policy to reflect changes in law or practice.

Concerns or Complaints:
If you have any concerns about how your data is handled, please contact us directly. You also have the right to raise a complaint with the Information Commissioner’s Office (ICO):

• Website: https://ico.org.uk/concerns/
• Helpline: 0303 123 1113