PRIVACY NOTICE – 5Elements services Ltd.
Welcome to 5Elements Services Ltd (“5Elements”, “we”, “our”, “us”).
Your privacy is important to us. We are committed to protecting your personal information and ensuring that it is processed fairly, lawfully, transparently and securely.
This Privacy Notice explains how we collect, use, store, disclose and protect your personal information whenever you visit our website, purchase products from our online shop, book appointments or use any of our services.
We process personal data in accordance with the:
- UK General Data Protection Regulation (“UK GDPR”);
- Data Protection Act 2018;
- Data (Use and Access) Act 2025;
- Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”), where applicable; and
- where services are provided to individuals located within the European Economic Area (EEA), the EU General Data Protection Regulation (“EU GDPR”), where applicable.
By using our website or purchasing our products or services, you acknowledge that you have read this Privacy Notice.
Definitions
Personal Data
Any information relating to an identified or identifiable living individual. An identifiable individual is someone who can be identified, directly or indirectly, by reference to information such as their name, identification number, location data, online identifier or one or more factors specific to their identity.
Special Category Personal Data
Personal data that is afforded additional protection under Article 9 of the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU General Data Protection Regulation (EU GDPR). This includes information relating to an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where used for identification purposes), health, sex life or sexual orientation.
Processing
Any operation or set of operations performed on personal data, whether by automated means or otherwise. This includes collecting, recording, organising, structuring, storing, adapting, retrieving, consulting, using, disclosing, sharing, restricting, erasing or destroying personal data.
Data Controller (Controller)
The person or organisation that determines the purposes for which, and the manner in which, personal data is processed. For the purposes of this Privacy Notice, the Data Controller is 5Elements Services Ltd.
Data Processor (Processor)
A natural or legal person, public authority, agency or other organisation that processes personal data on behalf of the Data Controller.
Data Subject
The individual to whom the personal data relates.
Consent
Any freely given, specific, informed and unambiguous indication of an individual’s wishes by which they signify agreement to the processing of their personal data through a clear affirmative action. Where Special Category Personal Data is processed, explicit consent may be required unless another lawful condition under Article 9 UK GDPR (or, where applicable, the EU GDPR) applies.
Legitimate Interests
A lawful basis for processing personal data where such processing is necessary for the legitimate interests pursued by the Data Controller or a third party, provided those interests are not overridden by the individual’s rights and freedoms.
Recipient
Any natural or legal person, public authority, agency or other organisation to whom personal data is disclosed, whether or not they are a third party.
Third Party
Any person or organisation other than the Data Subject, the Data Controller, the Data Processor, or persons authorised to process personal data under the direct authority of the Data Controller or Processor.
International Transfer
The transfer of personal data to a country or territory outside the United Kingdom or, where applicable, outside the European Economic Area (EEA), where such transfer is governed by the provisions of Chapter V of the UK GDPR or Chapter V of the EU GDPR.
Applicable Data Protection Legislation
Collectively refers to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Data (Use and Access) Act 2025, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), and, where applicable, the EU General Data Protection Regulation (EU GDPR), together with any amendments, replacements or successor legislation.
Who We Are
5Elements Services Ltd provides professional spiritual wellbeing services and operates an online retail shop.
Our services include:
- Psychic Readings
- Belief Coding® sessions
- Distance Reiki Healing
- Spiritual guidance
- Online retail sales of jewellery, semi-precious gemstone bracelets, mala beads and related spiritual products.
Our services are available to clients throughout the United Kingdom and internationally.
All appointments and services are intended for persons aged 18 years or over.
Data Controller
For the purposes of UK GDPR and the Data Protection Act 2018, the Data Controller is:
5Elements Services Ltd
Data Protection Contact
Nadia Maria Ochoa
Telephone:
0330 333 8429
Email:
info@5elementsuk.com
If you have any questions regarding this Privacy Notice or the way we process your personal information, please contact us using the details above.
Purpose of this Privacy Notice
This Privacy Notice explains:
- who is responsible for processing your personal data;
- what personal information we collect;
- how we collect it;
- why we process it;
- the lawful bases relied upon for processing;
- who we may share your information with;
- how long we retain your information;
- how we protect your information;
- your legal rights;
- how to exercise those rights; and
- how to make a complaint if you are unhappy with how we process your personal data.
Personal Information We Collect
Depending on the services you use, we may collect and process the following categories of personal information..
Identity Information
- Full name
- Date of birth (where voluntarily provided for psychic readings, Reiki sessions or other services)
Contact Information
- Postal address
- Email address
- Telephone number
Transaction Information
- Details of services booked
- Details of products purchased
- Order history
- Payment and transaction information necessary to process your booking or purchase.
Payments are securely processed through trusted third-party payment providers including Square, Stripe and PayPal.
We do not store or have access to your full debit or credit card details.
Technical Information
When you visit our website we may automatically collect technical information including:
- Internet Protocol (IP) address
- Browser type
- Device information
- Operating system
- Website usage information
- Pages visited
- Date and time of access
- Cookies and similar technologies
- Diagnostic information used to improve website performance.
Marketing Preferences
Where you have chosen to receive marketing communications, we may process information regarding:
- your marketing preferences;
- communication preferences;
- subscription choices;
- newsletter preferences.
Correspondence
We may retain copies of:
- emails;
- contact forms;
- customer enquiries;
- customer support requests;
- messages sent via social media;
- reviews;
- testimonials;
- other correspondence you voluntarily provide.
Voice Recordings
Where you specifically request that your consultation be recorded, we may retain a recording of that consultation for the purpose requested.
Voice recordings will normally be retained for up to six years unless you request their earlier deletion and we are not required to retain them for legal reasons.
Video, Audio Recordings & AI Transcripts
Certain Belief Coding® sessions delivered online via Zoom may be recorded where this forms part of the service or where you have agreed to the recording.
Where recordings are made, an AI-powered transcription service (Otter.ai) may also be used to generate an accurate written transcript of the session.
Transcripts are used solely for the purposes of supporting the delivery of the session, maintaining accurate records and assisting with client follow-up where appropriate.
Recordings and transcripts are processed securely and retained only for as long as reasonably necessary in accordance with this Privacy Notice.
You will always be informed if a session is being recorded.
Additional Information
Where necessary to provide bespoke services or custom jewellery orders, we may collect additional information voluntarily supplied by you.
We will only collect information that is necessary for the purpose for which it is being processed.
Special Category Personal Data
During Reiki sessions, Belief Coding® sessions, psychic readings or other spiritual wellbeing services, you may voluntarily disclose information relating to your physical health, mental health, emotional wellbeing, religious or philosophical beliefs, past experiences, or other information that may constitute Special Category Personal Data under Article 9 of the UK General Data Protection Regulation (UK GDPR) and, where applicable, Article 9 of the EU General Data Protection Regulation (EU GDPR).
In particular, information you provide on our consultation or intake forms regarding the issues you wish to work on during a Belief Coding® or Reiki session may include Special Category Personal Data.
We do not actively seek more information than is necessary to provide our services. Where you voluntarily provide this information, we will only process it where a lawful basis exists under Article 6 UK GDPR and an additional condition under Article 9 UK GDPR (or the equivalent provisions of the EU GDPR where applicable). This may include your explicit consent, or where another lawful condition applies.
We treat all Special Category Personal Data with the highest level of confidentiality and implement appropriate technical and organisational measures to safeguard this information.
If You Do Not Provide Your Personal Information
Where we require certain personal information to fulfil our contractual obligations or comply with legal requirements, and you choose not to provide that information, we may be unable to:
- provide our services;
- process your booking;
- fulfil your order;
- comply with our legal obligations.
Where this applies, we will explain the reasons to you before cancelling or refusing the service wherever reasonably possible.
How We Collect Your Personal Information
We collect personal information in a number of ways, including:
- directly from you when you complete forms, book appointments or purchase products;
- when you contact us by telephone, email or social media;
- when you subscribe to our mailing list;
- when you purchase products through our online shop;
- through cookies and similar technologies used on our website;
- from payment providers solely for the purpose of confirming successful transactions;
- from publicly available sources where permitted by law; and
- from third parties where you have authorised them to share information with us or where we are legally entitled to receive that information.
Where personal information is obtained from a third party, we will inform you of the source where required by law.
Why We Process Your Personal Information
Under UK GDPR and, where applicable, the EU GDPR, we must have a lawful basis before processing your personal information.
Depending on the circumstances, we rely upon one or more of the following lawful bases:
- Performance of a contract.
- Compliance with a legal obligation.
- Our legitimate interests.
- Your consent.
- Protection of vital interests (where applicable).
- Performance of a task carried out in the public interest (where applicable).
We will only process your personal information where we have identified an appropriate lawful basis under the applicable data protection legislation.
How We Use Your Personal Information
We use your personal information for the following purposes:
| Purpose | Lawful Basis |
|---|---|
| To process bookings for Reiki, Belief Coding®, psychic readings and other services | Performance of a contract |
| To supply products purchased through our online shop | Performance of a contract |
| To process payments | Performance of a contract |
| To arrange appointments and communicate with you | Performance of a contract and Legitimate Interests |
| To respond to enquiries | Legitimate Interests |
| To provide customer support | Legitimate Interests |
| To maintain business records | Legal Obligation |
| To comply with tax and accounting legislation | Legal Obligation |
| To prevent fraud and protect our business | Legitimate Interests |
| To improve our website and services | Legitimate Interests |
| To send marketing communications where you have opted in | Consent |
| To comply with legal requests from regulators or law enforcement | Legal Obligation |
| To establish, exercise or defend legal claims | Legitimate Interests and Legal Obligation where applicable |
Where we rely upon your consent, you may withdraw that consent at any time.
Legitimate Interests
Where we process personal information under our legitimate interests, we will always balance those interests against your rights and freedoms.
Examples include:
- responding to customer enquiries;
- improving our services;
- maintaining accurate business records;
- preventing fraud;
- protecting our website and IT systems;
- ensuring the security of our business.
We will only rely upon legitimate interests where we believe that our processing is fair, proportionate and does not override your rights.
Sharing Your Personal information
We do not sell, rent or trade your personal information to third parties for marketing purposes.
Where necessary to provide our services, operate our website or comply with our legal obligations, we may share your personal information with carefully selected third-party service providers, including:
- Acuity Scheduling – to manage appointments, bookings, client questionnaires and scheduling.
- WooCommerce – to process online orders and manage our online shop.
- Hostinger – to host and maintain our website and associated services.
- Stripe – to securely process card payments.
- PayPal – to securely process online payments.
- Squarespace – where applicable, to operate and maintain our associated website(s).
- Professional advisers, including accountants, solicitors, insurers and auditors.
- Information technology and cybersecurity providers who assist us in maintaining our systems.
- Regulatory authorities, courts, law enforcement agencies or other public authorities where disclosure is required or permitted by law.
All third-party organisations processing personal information on our behalf are required to comply with applicable data protection legislation and may only process your personal information in accordance with our documented instructions or their own legal obligations.
Where a third-party provider acts as an independent Data Controller (for example, certain payment providers), their processing of your personal information will also be governed by their own Privacy Notice.
International Transfers
5Elements Services Ltd provides services to clients located within the United Kingdom and internationally.
As a result, your personal information may occasionally be transferred to, stored or processed outside the United Kingdom.
Where this occurs, we will ensure that appropriate safeguards are in place in accordance with Chapter V of the UK GDPR and, where applicable, Chapter V of the EU GDPR.
These safeguards may include:
- transfers to countries that have been recognised by the UK Government as providing an adequate level of protection for personal information;
- the use of the UK International Data Transfer Agreement (IDTA);
- the UK Addendum to the European Commission’s Standard Contractual Clauses (SCCs);
- other lawful transfer mechanisms recognised under applicable data protection legislation.
Some of our trusted third-party providers, including Hostinger, Stripe, PayPal, Squarespace and Acuity Scheduling, may process personal information on servers located outside the United Kingdom. Where this occurs, those providers are responsible for implementing appropriate safeguards in accordance with applicable data protection legislation.
Further information regarding international transfers is available upon request.
International Clients
Where we provide services directly to individuals who are located within the European Economic Area (EEA) at the time services are provided, certain processing activities may also be subject to the EU General Data Protection Regulation (EU GDPR).
This Privacy Notice is intended to comply with both UK GDPR and, where applicable, the EU GDPR.
Data Security
Protecting your personal information is extremely important to us.
We have implemented appropriate technical and organisational security measures designed to protect your personal information against accidental loss, unauthorised access, disclosure, alteration or destruction.
These measures include, where appropriate:
- secure password management;
- restricted access to personal information;
- encrypted communications where appropriate;
- secure payment processing through trusted third-party providers;
- device security measures;
- regular software updates;
- secure backups where required;
- staff and contractor confidentiality obligations.
Although we take reasonable steps to protect your information, no method of transmitting or storing information electronically can ever be guaranteed to be completely secure.
Accordingly, while we strive to protect your personal information using commercially reasonable security measures, we cannot guarantee its absolute security.
Personal Data Breaches
We maintain procedures for identifying, investigating and responding to suspected personal data breaches.
Where required under UK GDPR or other applicable legislation, we will notify the Information Commissioner’s Office (ICO) and affected individuals without undue delay.
If you believe that your personal information has been compromised, please contact us immediately at:
Email: info@5elementsuk.com
Automated Decision-Making and Profiling
5Elements Services Ltd does not make decisions about individuals solely by automated means, including profiling, that produce legal effects or similarly significant effects.
Should this position change in the future, we will update this Privacy Notice accordingly and inform affected individuals where required by law.
Retention of Personal Information
We will only retain your personal information for as long as is reasonably necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, tax, accounting or reporting requirements.
Retention periods may vary depending upon the type of information held and the reason for processing.
As a general guide:
| Record Type | Typical Retention Period |
|---|---|
| Customer enquiries | Up to 2 years |
| Appointment records | Up to 6 years after the last appointment |
| Belief Coding® consultation records | Up to 6 years after the last appointment |
| Reiki consultation records | Up to 6 years after the last appointment |
| Online shop orders | Up to 6 years for accounting and taxation purposes |
| Financial records | Minimum 6 years in accordance with HM Revenue & Customs (HMRC) requirements |
| Marketing preferences | Until consent is withdrawn or no longer required |
| Voice recordings (where requested) | Until no longer required for the purpose for which they were created or upon request where appropriate |
Where there is an ongoing legal claim, regulatory investigation or other lawful reason requiring longer retention, we may retain information for an appropriate additional period.
When personal information is no longer required, it will be securely deleted or permanently anonymised.
Your Rights
Under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and, where applicable, the EU General Data Protection Regulation (EU GDPR), you have a number of important rights regarding your personal information.
These include the right to:
- be informed about how your personal information is used;
- request access to your personal information;
- request correction of inaccurate or incomplete information;
- request the erasure of your personal information in certain circumstances;
- request restriction of processing;
- object to certain types of processing;
- request the transfer of your personal information to another organisation where applicable (data portability);
- withdraw consent at any time where processing is based upon consent;
- object to direct marketing;
- object to automated decision-making and profiling where applicable;
- lodge a complaint with the Information Commissioner’s Office (ICO).
These rights are not absolute and may be subject to exemptions or limitations under applicable legislation.
Subject Access Requests (SAR)
You have the right to request confirmation as to whether we process your personal information and, where applicable, to obtain a copy of that information.
You may submit a Subject Access Request (SAR) by contacting us in writing, including by email.
Although we provide a Subject Access Request form to assist applicants, you are not required to use our form.
Your request should clearly state that you are requesting access to your personal information.
Before releasing any personal information, we may request sufficient evidence to verify your identity in order to protect your information from unauthorised disclosure.
We will normally respond within one calendar month of receiving your request and verifying your identity.
Where permitted by law, this period may be extended by up to a further two months where requests are particularly complex or numerous. If an extension is necessary, we will notify you within the initial one-month period.
Subject Access Requests are normally provided free of charge.
However, where requests are manifestly unfounded, excessive or repetitive, we reserve the right to charge a reasonable administrative fee or refuse the request where permitted by law.
To submit a Subject Access Request, please contact:
Data Protection Contact
Nadia Maria Ochoa
Email: info@5elementsuk.com
Rectification
You have the right to request that inaccurate or incomplete personal information held about you is corrected without undue delay.
If you believe any information we hold is inaccurate, please contact us using the details provided within this Privacy Notice.
Erasure (“Right to be Forgotten”)
You may request that we erase your personal information in certain circumstances, including where:
- the information is no longer required;
- you withdraw consent;
- you successfully object to processing;
- the information has been processed unlawfully.
This right is subject to certain legal exemptions, including where we are required to retain information to comply with legal obligations or establish, exercise or defend legal claims.
Restriction of Processing
You may request that we temporarily restrict the processing of your personal information in certain circumstances, including where:
- you contest the accuracy of the information;
- processing is unlawful;
- we no longer require the information but you require it for legal claims;
- you have objected to processing and verification is pending.
Data Portability
Where processing is based upon your consent or the performance of a contract and carried out by automated means, you may request a copy of your personal information in a structured, commonly used and machine-readable format.
Where technically feasible, you may also request that we transfer your information directly to another organisation.
Consent
Where we rely upon your consent to process your personal information, you have the right to withdraw that consent at any time.
Withdrawal of consent will not affect the lawfulness of any processing carried out before consent was withdrawn.
You may withdraw your consent simply by contacting us by email.
You are not required to complete a specific withdrawal form.
Marketing Communications
We will only send you marketing communications where:
- you have provided your consent;
- we are otherwise permitted to do so under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR); or
- another lawful basis applies.
Marketing communications may include information regarding:
- new services;
- special offers;
- workshops;
- events;
- newsletters;
- products.
You may withdraw your consent to receive marketing communications at any time by:
- clicking the “unsubscribe” link included in our emails; or
- contacting us directly at: info@5elementsuk.com
Once you withdraw your consent, we will stop sending marketing communications as soon as reasonably practicable.
Please note that withdrawing consent for marketing does not affect service-related communications regarding existing bookings or purchases.
Right to Object
You have the right to object to certain processing activities, including processing carried out for:
- direct marketing;
- legitimate interests;
- public interest tasks;
- scientific or historical research (where applicable).
Where you object to direct marketing, we will stop processing your personal information for that purpose immediately.
In some circumstances, exercising your right to object may affect our ability to provide services where processing is necessary to fulfil our contractual obligations.
Cookies
Our website uses cookies and similar technologies to ensure that it functions correctly, improves your browsing experience and helps us understand how visitors use our website.
Cookies are small text files that are placed on your computer, tablet or mobile device when you visit a website.
Some cookies are essential for the operation of our website, while others help us improve functionality and analyse website performance.
We currently use cookies provided by ourselves and trusted third-party providers, including:
- WooCommerce – to enable shopping basket functionality, customer accounts and online purchases.
- Hostinger – to support website hosting, security and performance.
- Acuity Scheduling – to enable online appointment bookings and scheduling.
- Stripe – to facilitate secure online card payments and fraud prevention.
- PayPal – to facilitate secure online payments.
- Squarespace – where applicable, for the operation and maintenance of our associated website(s).
Where analytics services are used, additional cookies may be placed to help us understand website traffic and improve user experience.
Where required by the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), we will request your consent before placing non-essential cookies on your device.
You may change your cookie preferences at any time through your browser settings or via our cookie banner where available.
Please note that disabling certain cookies may affect the functionality of our website and prevent some features from operating correctly.
Links to Third-Party Websites
Our website may contain links to third-party websites, marketplaces, platforms or social media pages, including our official Etsy shop.
This Privacy Notice applies solely to 5Elements Services Ltd and its relevant trading names.
If you choose to visit a third-party website or marketplace, including Etsy, your personal information will be processed in accordance with that third party’s own Privacy Notice, Cookie Policy and Terms of Use.
We are not responsible for the privacy practices, security or content of external websites and encourage you to read their privacy policies before providing any personal information.
Where you purchase products through our official Etsy shop, Etsy acts as an independent Data Controller in relation to the personal information it collects and processes through its platform.
Changes to this Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in legislation, regulatory guidance, technology, our business practices or the services we provide.
Any changes will be published on this page together with the revised “Last Updated” date.
Where changes are significant, we may also notify you by email or by placing a prominent notice on our website where appropriate.
Data Protection Complaints Procedure
5Elements Services Ltd is committed to protecting your personal information and respecting your privacy.
If you have any concerns regarding the way we collect, use, store or otherwise process your personal information, we encourage you to contact us so that we have the opportunity to investigate and resolve your concerns.
How to Make a Complaint
If you believe that we have not processed your personal information in accordance with applicable data protection legislation, please contact us using the details below.
Email:
Postal Address:
5Elements Services Ltd
2nd Floor Katherine House
11 Wyllyotts Place
Darkes Lane
Potters Bar
EN6 2JD
To assist us in investigating your complaint, please include:
- your full name;
- your contact details;
- a description of your concern;
- any relevant dates or correspondence; and
- the outcome you are seeking.
Providing this information will assist us in investigating your complaint efficiently.
Our Complaints Process
Upon receipt of your complaint we will:
- acknowledge receipt of your complaint within 30 days;
- investigate your concerns fairly, independently and without undue delay;
- contact you if additional information is required;
- keep you informed of our progress where appropriate; and
- provide you with a written outcome explaining our findings and any action taken.
Where appropriate, we will take reasonable steps to correct any issues identified and improve our internal procedures.
If You Remain Dissatisfied
If you remain dissatisfied with our response, or believe that we have processed your personal information unlawfully, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
You can find further information about making a complaint by visiting:
https://ico.org.uk/make-a-complaint/
Nothing within this procedure affects your legal right to complain directly to the Information Commissioner’s Office at any time.
Contact Us
If you have any questions regarding this Privacy Notice or how we process your personal information, please contact:
Data Protection Contact
Nadia Maria Ochoa
5Elements Services Ltd
Telephone:
Email:
Governing Law
This Privacy Notice shall be governed by and interpreted in accordance with the laws of England and Wales.
Nothing within this Privacy Notice limits or excludes any rights afforded to individuals under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Data (Use and Access) Act 2025 or, where applicable, the EU General Data Protection Regulation (EU GDPR).
This Privacy Notice is reviewed regularly and updated whenever required to reflect changes in legislation, regulatory guidance or our business practices.
Version 2.0
Last Updated: June 2026