Privacy Policy — The Vivi Frequency

1. Who We Are

This privacy policy applies to The Vivi Frequency, an animal communication service operated by Viviana Victoria, a sole trader based in Scotland.

Business name: The Vivi Frequency
Operator: Viviana Victoria
Address: Unit 1 – 11 East Avenue, Blantyre, South Lanarkshire, Scotland
Email: our contact form
Instagram: @the_vivi_frequency

We are the data controller for personal data collected through this website and our services. For the purposes of this policy, "we", "us", and "our" refer to Viviana Victoria trading as The Vivi Frequency.

We are a small, independent business. We only collect what we genuinely need to deliver our services — nothing more.

2. What Data We Collect

Contact & Enquiry Forms

When you submit a contact or booking enquiry form on this website, we collect:

Your name
Your email address
The name and species of your animal(s)
Any details you voluntarily share about your animal or the purpose of your session

Session Bookings & Payments

When you book and pay for a session, we collect:

Your name and email address
Booking details (date, session type, animal information)
Payment information — processed securely by Stripe; we do not store card details ourselves

Website Usage

We do not operate analytics tracking by default. If basic analytics are enabled in future, this policy will be updated. We use essential cookies only (see Section 7).

3. How We Use Your Data

We use the information we collect for the following purposes:

To deliver your session — communicating with you to schedule, prepare for, and follow up on your animal communication session
To send requested content — delivering the free guide or other resources you have signed up for
To process payments — completing your booking transaction securely via Stripe
To send service-related communications — appointment confirmations, reminders, and session notes
To send marketing emails — if you have consented (e.g. by signing up for the guide or ticking an opt-in box). You can withdraw consent at any time
To respond to enquiries — answering questions sent via our contact form or email
To comply with legal obligations — including financial record-keeping requirements

Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal bases:

Contract (Article 6(1)(b)) — processing necessary to fulfil a booking or service you have requested
Consent (Article 6(1)(a)) — for marketing emails, where you have actively opted in
Legitimate interests (Article 6(1)(f)) — to respond to direct enquiries and maintain basic business records
Legal obligation (Article 6(1)(c)) — for financial records required by UK law

4. Third-Party Services

We use a small number of trusted third-party services to operate our business. Each processes your data in accordance with their own privacy policies and UK/EU GDPR requirements.

MailerLite Email marketing platform. Stores your name and email address if you subscribe to our mailing list. You can unsubscribe at any time. MailerLite Privacy Policy
Stripe Payment processing. Handles all card and payment transactions securely. We never see or store your full card details. Stripe Privacy Policy
Vercel Website hosting provider. Serves this website and may log standard server access data (IP address, browser type) for security purposes. Vercel Privacy Policy
Google Fonts Loads the fonts used on this website. Google may collect basic request data. Google Fonts Privacy
Google Analytics 4 Anonymised website usage statistics — which pages people visit, where they came from. IP addresses are anonymised; no personal data is collected. Google Privacy Policy

We do not sell, rent, or share your personal data with any third party for their own marketing purposes.

5. Cookies

This website uses a minimal number of cookies and similar technologies. We do not use advertising cookies, cross-site tracking cookies, or behavioural-profiling tools.

Essential Cookies

These are required for the website to function and cannot be disabled. They include:

vivi_cookie_consent — Stores your cookie consent preference so you are not shown the banner repeatedly. This is a localStorage item, not a traditional cookie; it contains no personal data.

Analytics

We use Google Analytics 4 with IP anonymisation to understand which pages people visit and how they find us. We do not collect anything that personally identifies you. You can opt out at any time using the Google Analytics opt-out browser add-on.

Third-Party Cookies

If you interact with embedded third-party content (e.g. an Instagram feed or a payment form), those services may set their own cookies. Please refer to the relevant third-party privacy policies listed in Section 4.

We do not use Facebook Pixel, advertising trackers, or behavioural-profiling tools. If this changes, we will update this policy.

6. Data Retention

We keep your personal data for as long as it is needed to provide our services and meet our legal obligations:

Booking & payment records — retained for 7 years to comply with HMRC financial record-keeping requirements
Session correspondence — retained for up to 2 years to allow for follow-up and reference
Email subscribers — retained until you unsubscribe or request deletion
Enquiry emails — retained for up to 12 months unless a booking follows, in which case booking retention applies

When data is no longer needed, it is securely deleted or anonymised.

7. Your Rights Under UK GDPR

As a resident in the UK (or EEA), you have the following rights in relation to your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Ask us to correct inaccurate or incomplete information.

Right to Erasure

Request deletion of your personal data ("the right to be forgotten"), subject to legal retention requirements.

Right to Restriction

Ask us to pause processing of your data in certain circumstances.

Right to Portability

Receive your data in a structured, commonly used format so you can transfer it.

Right to Object

Object to processing based on legitimate interests, including direct marketing.

Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us at our contact form. We will respond within one calendar month.

8. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include:

Using reputable, security-certified third-party processors (Stripe, MailerLite, Vercel)
HTTPS encryption on all pages of this website
Access controls on accounts and services that hold your data

No method of transmission over the internet is 100% secure. If you have any concern about the security of your data, please contact us immediately.

9. International Data Transfers

Some of our third-party providers are based outside of the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place, such as:

UK adequacy decisions for relevant countries
Standard Contractual Clauses (SCCs) where required
Processing under frameworks that comply with the UK GDPR

Stripe and MailerLite both operate under appropriate international transfer mechanisms.

10. Changes to This Policy

We may update this privacy policy from time to time, for example if our services change or to reflect updates in UK data protection law. When we make significant changes, we will update the "Last updated" date at the top of this page.

We recommend checking this page periodically if you use our services regularly.

11. How to Complain

If you are unhappy with how we have handled your personal data, please contact us first so we can try to resolve your concern:

Data requests & privacy concerns

our contact form

If you are not satisfied with our response, you have the right to lodge a complaint with the UK's data protection regulator:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Online complaint form: ico.org.uk/make-a-complaint