Book Now
1. Introduction
This Privacy Notice explains how Ibn Sina Sanctuary Ltd ('we', 'us', 'our') collects, uses, stores, shares, and protects your personal data when you engage with our services, or when you visit our website.
The services we provide vary depending on your location. Clients based in the United Kingdom may receive counselling services delivered by practitioners registered with a recognised professional body. Clients outside the United Kingdom engage with us as a psychospiritual coaching and personal development service.
This Privacy Notice applies equally to both service types, and your personal data is handled with the same standard of care regardless of which applies to you.
We are committed to handling your personal data with care, transparency, and in full compliance with our legal obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Please read this notice carefully before engaging with our services. It forms part of your Client Agreement with us and should be read alongside that document.
If you have any questions about how we handle your data, please contact us using the details in section 2 below.
2. Who We Are
Ibn Sina Sanctuary Ltd is the data controller for the personal data collected in connection with our counselling and coaching services. As data controller, we determine the purposes and means by which your personal data is processed.
Registered name: Ibn Sina Sanctuary Ltd
Registered in: England and Wales
Email: info@ibnsinasanctuary.com
Telephone: +44 7762 352 188
ICO Registration Number: ZC096239
We are registered with the Information Commissioner's Office (ICO) in the United Kingdom. All data protection enquiries should be directed to the contact details above.
3. What Personal Data We Collect
We collect only the personal data that is necessary for the purposes set out in this notice. The following explains what we collect and how.
3.1 Data You Provide Directly
When you enquire about, book, or engage with our services, we collect:
3.2 Data Collected During Sessions
During the course of sessions, we may collect and hold:
Regardless of the service type you are receiving, session notes made by your practitioner may contain information about your personal circumstances, emotional wellbeing, and spiritual life. This information is treated as sensitive personal data and handled with the same level of care and protection in all cases.
3.3 Special Category Data
Under UK GDPR, certain categories of personal data are classified as 'special category data' and require additional protection. Depending on what you share during sessions, we may process information relating to:
Where you are receiving counselling services in the United Kingdom, we may process health-related special category data on the basis of explicit consent (Article 9(2)(a)) or, where applicable, for the purposes of providing care and support (Article 9(2)(h)). Where you are engaging with us as a coaching client outside the United Kingdom, we rely on explicit consent as the primary basis for processing any special category data. In all cases, we only process special category data to the extent necessary for the work you have engaged us to carry out.
3.4 Website and Technical Data
When you visit our website, we may collect limited technical data to help us understand how the site is used and to improve user experience. This may include data collected through cookies and analytics tools such as Google Analytics. Please see section 12 for full details.We do not collect device or browser data directly in connection with session delivery. Any data collected by third-party platforms you use to access sessions (such as Zoom or similar) is governed by those platforms' own privacy policies.
3.5 Providing Your Data - Mandatory and Voluntary Information
Providing your name, contact details, and payment information is a contractual requirement for booking and receiving sessions. Without this information we are unable to deliver the service.
Providing information about your personal circumstances during sessions is voluntary. However, withholding relevant information may limit the effectiveness of the coaching work. You will never be required to disclose more than you are comfortable sharing.
4. How We Use Your Personal Data
5. Legal Basis for Processing
We process your personal data on the following legal bases under UK GDPR:
Performance of a contract: where processing is necessary to deliver the services you have booked.
Legal obligation: where we are required to process or retain data by law.
Legitimate interests: where processing is necessary for our legitimate business interests and those interests are not overridden by your rights. The legitimate interests we rely on are maintaining professional standards through supervision, and keeping clients informed of material changes to the service.
Explicit consent: for special category data, including information about your religious beliefs, health, or other sensitive matters disclosed during sessions.
Where we rely on consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. To withdraw consent, please contact us in writing using the details in section 2.
6. Supervision and Professional Oversight
As part of maintaining professional standards, your practitioner participates in regular professional supervision. For UK-based counselling clients, supervision is a requirement of registration with recognised professional bodies including the British Association for Counselling and Psychotherapy (BACP). For coaching clients, supervision forms part of our commitment to ethical and quality practice.
Any information shared during supervision is anonymised wherever possible. Where full anonymisation is not practicable, supervisors are bound by the same confidentiality obligations as your practitioner. Supervisors do not retain written records of your personal data.
We rely on legitimate interests as the legal basis for any incidental processing of personal data in this context, reflecting the recognised professional importance of supervision across both counselling and coaching practice.
7. Sharing Your Personal DataWe do not share your personal data freely. The following sets out the limited circumstances in which your data may be shared with others.
7.1 Third Parties We Use
We share your personal data only with third parties where necessary for the delivery of our services or where required by law. Current third-party processors and recipients include:Online payment processors (such as Stripe, PayPal, or similar): to securely process session fees. These providers are bound by their own data processing agreements and comply with applicable financial data security standards.
Video conferencing platforms (such as Zoom, Google Meet, or similar): used to deliver online sessions. You are advised to review the privacy policies of any platform used.Email and scheduling software: used for booking confirmations, reminders, and communications.
Professional supervisors: as described in section 6 above, on a confidential and anonymised basis.Cloud storage providers: where session records and client files are stored securely, with access limited to authorised personnel.We do not sell, rent, or trade your personal data to any third party for commercial purposes.
7.2 Legal Disclosures
We may be required to disclose your personal data without your consent in the following circumstances:
Where we receive a valid court order, subpoena, or legal demand from a competent authority
Where we are under a statutory obligation to report information, including safeguarding obligations
Where there is a credible and serious risk of harm to yourself or to another person and disclosure is necessary to prevent that harmWhere we are required to make such a disclosure, we will notify you in advance wherever it is safe and lawful to do so.
7.3 International Transfers
As we serve clients internationally, some of your personal data may be transferred to, stored in, or processed in countries outside the United Kingdom. Where such transfers occur, we take appropriate steps to ensure that your data is protected to a standard equivalent to that required under UK GDPR.Appropriate safeguards may include:Transfers to countries with an adequacy decision from the UK GovernmentUse of UK International Data Transfer Agreements (IDTAs) or equivalent standard contractual clausesTransfers to third-party processors certified under an approved frameworkIf you would like further information about the safeguards in place for international transfers of your data, please contact us.
8. How Long We Keep Your Data
We do not keep your data for longer than is necessary. The following retention periods apply to each category of data we hold.
Our standard retention periods are as follows:
Client records, session notes, and correspondence: seven years from the date of your final sessionPayment records: seven years from the date of transaction, in accordance with UK financial and tax record-keeping requirementsEnquiry records where no engagement followed: 12 months from the date of the enquiryConsent records: for as long as the consent is relevant, plus seven yearsAt the end of the applicable retention period, your data will be securely deleted or anonymised. If you request deletion of your data before the end of a retention period, we will consider and respond to your request in accordance with section 10 below. We may be unable to delete certain data where we have a legal obligation to retain it.
9. Data Security
We take the security of your personal data seriously and maintain appropriate technical and organisational measures to protect it against unauthorised access, loss, disclosure, alteration, or destruction.
Our security measures include:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach, as required by UK GDPR. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.
While appropriate security measures are in place, no method of transmission over the internet can be guaranteed to be completely secure.
10. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to conditions or limitations depending on the circumstances.
10.1 Right of Access
You have the right to request a copy of the personal data we hold about you, together with information about how we use it. This is known as a Subject Access Request (SAR). We will respond to your request within one calendar month of receipt.
10.2 Right to Rectification
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. Any inaccuracies will be corrected promptly upon request.
10.3 Right to Erasure
You have the right to request that we delete your personal data where there is no longer a lawful basis for us to hold it. This right does not apply where we are required to retain data by law or where retention is necessary for the establishment, exercise, or defence of legal claims.
10.4 Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, for example where you contest the accuracy of the data or where you have objected to processing.
10.5 Right to Data Portability
Where processing is based on your consent or on the performance of a contract, and processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format. Please note that this right applies to data you have directly provided to us, and may not extend to session notes and practitioner records.
10.6 Right to Object
You have the right to object to processing based on legitimate interests. Where you raise an objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, or unless processing is necessary for the establishment, exercise, or defence of legal claims.
10.7 Rights Relating to Automated Decision-Making
You have the right not to be subject to decisions made solely by automated processing that produce legal or similarly significant effects. We do not carry out automated decision-making or profiling.
10.8 Right to Withdraw Consent
Where we rely on consent as the legal basis for processing, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
To exercise any of the above rights, please contact us in writing using the details in section 2. We will respond within one calendar month and may need to verify your identity before processing your request.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.
11. Additional Rights for International Clients
Depending on your country of residence, you may have additional data protection rights under your local law. We acknowledge the following frameworks and will endeavour to respond to requests made under them.
11.1 European Union and EEA Clients
EU and EEA residents may have rights under the EU General Data Protection Regulation (EU GDPR) in addition to those listed above. As a UK-based controller processing data of EU residents, we rely on adequacy decisions or appropriate safeguards for any transfer of your data to the UK. You may also have the right to lodge a complaint with the supervisory authority in your EU member state.
11.2 United States Clients
Clients based in California may have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale of personal information (we do not sell personal data), and the right to non-discrimination for exercising privacy rights. Clients in other US states with applicable privacy legislation are encouraged to contact us to discuss their rights.
11.3 Gulf Cooperation Council (GCC) Clients
Clients based in the UAE, Saudi Arabia, and other GCC states may have rights under applicable national data protection legislation, including the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and Saudi Arabia's Personal Data Protection Law (PDPL). We will consider and respond to requests made under these frameworks on a case-by-case basis.
11.4 African Clients
Clients based in South Africa have rights under the Protection of Personal Information Act (POPIA), including the right to access, correct, and request deletion of personal information. Clients in other African jurisdictions with applicable data protection legislation are encouraged to contact us to discuss their rights. We will consider requests made under applicable national frameworks on a case-by-case basis.
11.5 Asian Clients
Clients based in Singapore and Malaysia have rights under their respective Personal Data Protection Acts. Clients in other Asian jurisdictions with applicable data protection legislation are encouraged to contact us. We will consider and respond to requests made under applicable national frameworks on a case-by-case basis.
To exercise any rights available to you under your local legislation, please contact us in writing using the details in section 2, stating your country of residence and the right you wish to exercise. We will respond within one calendar month.
12. Cookies and Website Tracking
When you visit our website, we use cookies and analytics tools, including Google Analytics, to help us understand how the site is used and to improve the user experience. Cookies are small text files stored on your device.
The cookies we use include:
Essential cookies: necessary for the website to function and cannot be switched off
Analytics cookies: used to collect anonymous information about how visitors use the site, including pages visited and time spent. This data is aggregated and does not identify you personally
You can manage your cookie preferences through your browser settings or through the cookie banner displayed when you first visit the site. Withdrawing consent for analytics cookies will not affect your ability to use the website.
Third-party platforms used for session delivery, such as video conferencing software, may collect technical data about your device and connection as part of their own operations. Please refer to the privacy policies of those platforms for further information.
13. Children's Data
Our services are available to adults aged 18 and over. This applies to both our counselling services for UK-based clients and our coaching and personal development services for clients outside the United Kingdom. We do not knowingly collect or process personal data relating to anyone under the age of 18 through either service.
For general website enquiries, individuals under the age of 16 must have consent from a parent, guardian, or carer before contacting us. Reasonable steps will be taken to confirm such consent where required.
If we become aware that we have inadvertently collected data from a person under 18, we will delete it promptly.
14. Links to Other Websites
Our website may contain links to external websites. Ibn Sina Sanctuary Ltd is not responsible for the privacy practices or content of those sites. We encourage you to read the privacy notice of any external site you visit.
15. Changes to This Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our practices, our services, or applicable law. Any material changes will be communicated to active clients in writing with a minimum of 14 days' notice before taking effect. The current version of this notice will always be available on this page.
This notice was last updated: March 2026
16. Complaints
If you have concerns about the way we have handled your personal data, please contact us in the first instance using the details in section 2. We take all complaints seriously and will acknowledge your concern within five working days and respond fully within 30 days.
If you are not satisfied with our response, you may escalate your complaint to the relevant supervisory authority for your jurisdiction:
United Kingdom: Information Commissioner's Office (ICO); www.ico.org.uk
European Union: the data protection supervisory authority in your EU member state
United States: the Federal Trade Commission (FTC) or your state attorney general's office
UAE: the UAE Data Office; www.dataoffice.ae
Saudi Arabia: the Saudi Authority for Data and Artificial Intelligence (SDAIA); www.sdaia.gov.sa
South Africa: the Information Regulator; www.inforegulator.org.zaSingapore: the Personal Data Protection Commission (PDPC); www.pdpc.gov.sg
Malaysia: the Department of Personal Data Protection; www.pdp.gov.my
Other jurisdictions: please contact your national data protection authority
Concerns relating to ethical practice may also be addressed through relevant professional bodies, including the British Association for Counselling and Psychotherapy (BACP).
Ibn Sina Sanctuary Ltd | Registered in England and Wales
/update-ibnsina/images/ISS_Logo.png){kind=logo}