Privacy Notice

Inner Source is committed to protecting your privacy and handling your personal data with care, transparency, and respect. This Privacy Notice explains what information we collect, why we collect it, how it is used, and the rights you have under UK data protection law (UK GDPR and the Data Protection Act 2018).

1. Who We Are

Inner Source is operated by Libby Whitfield, based in Bath, England.

Contact: Email: libby@innersource.co Address: Bath, BA1 (full address provided upon booking)

2. What Personal Data We Collect

Depending on how you interact with Inner Source, we may collect:

  • Name

  • Email address

  • Phone number

  • Booking details (events, dates, attendance)

  • Payment information (processed securely by thirdparty providers; we do not store card details)

  • Accessibility or health information you choose to share

  • Enquiry form information (e.g., details about the “Bride’s Energy”)

  • Website usage data (cookies, analytics, browsing behaviour)

We only collect the information necessary to provide the service you have requested.

3. How We Use Your Personal Data

Your data may be used to:

  • Process bookings and enquiries

  • Send confirmation emails and practical information

  • Deliver services you have requested

  • Respond to questions or support requests

  • Maintain records for legal and administrative purposes

  • Improve our offerings and website experience

  • Send optional updates or newsletters (only if you opt in)

We do not use your data for automated decisionmaking or profiling.

4. Legal Basis for Processing

We rely on the following lawful bases under UK GDPR:

  • Contract: to provide the service you have booked

  • Consent: when you opt in to receive newsletters or provide optional information

  • Legitimate interests: to manage enquiries and improve services

  • Legal obligation: for tax and recordkeeping requirements

You may withdraw consent at any time.

5. How Your Data Is Stored

Your data is stored securely using reputable thirdparty platforms such as:

  • Website hosting provider

  • Booking and payment systems (e.g., Squarespace, Stripe, PayPal)

  • Email service providers

We take appropriate technical and organisational measures to protect your information.

6. How Long We Keep Your Data

  • Booking and service records: up to 7 years (legal requirement)

  • Mailing list data: until you unsubscribe

  • Enquiry form submissions: up to 12 months unless you become a client

  • Accessibility or health information: deleted after the event unless you ask us to retain it

You may request deletion at any time.

7. Sharing Your Data

We do not sell or share your data with third parties for marketing.

We may share your data with:

  • Payment processors

  • Website/booking platforms

  • Email service providers

  • Professional advisers (e.g., accountant)

  • Legal authorities if required by law

All thirdparty providers are GDPRcompliant.

8. International Transfers

Some service providers may store data outside the UK. Where this occurs, we ensure appropriate safeguards are in place.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate information

  • Request deletion

  • Restrict or object to processing

  • Withdraw consent

  • Request data portability

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any of these rights, contact: [insert email]

10. Cookies & Website Tracking

If cookies or analytics are enabled on your site:

We use cookies to improve your browsing experience and understand how visitors use the site. You can manage or disable cookies through your browser settings.

11. Updates to This Notice

This Privacy Notice may be updated occasionally. The latest version will always be available on this website.