Aurum Mindfulness: Privacy Policy

Last Updated: January 2026

Data Controller: Dr. Jamie trading as Aurum Mindfulness

Contact: hello@aurummindfulness.com

Registered Office (Correspondence Only): 167-169 Great Portland Street, 5th Floor, London, W1W 5PF

1. Introduction & Professional Scope

I am committed to protecting your privacy and being transparent about how I handle your data.

Educational Framework: This policy applies to the wellbeing education and mentoring services provided by Aurum Mindfulness. Please note that while I am a registered medical doctor, these services are educational and not clinical. The data I collect is processed for the purpose of providing safe, neuro-affirming mindfulness teaching, not for medical diagnosis or psychiatric treatment.

For security reasons, Aurum Mindfulness operates as a digital-first business. Our registered office is a service address; all correspondence is managed electronically.

2. The Information I Collect

To provide a safe and inclusive learning environment, I collect:

• Identity & Contact Data: Name, email address, and phone number.

• Emergency Contact Data: Name and phone number (required for safety during live sessions).

• Special Category (Health & Neurotype) Data: During the registration process, I invite you to share information regarding your mental wellbeing, physical mobility, and neurotype (e.g., Autism, ADHD). This helps me adapt the course to your specific learning needs.

• Financial Data: Payments are processed via Stripe/Paypal/Bank transfer. I do not store or have access to your full credit card details.

3. Website Analytics & Cookies

I use Google Analytics 4 (GA4) to monitor website performance and improve my resources.

• What is collected: GA4 collects data such as which pages you visit, how long you stay, and general geographic location (at a city level).

• Privacy Protections: I have configured Google Analytics to use IP Anonymization and Data Redaction. This ensures that your full IP address is never stored and no personally identifiable information (PII) is captured via the URL.

• Cookies: My website uses cookies (small text files) to facilitate these analytics. You can choose to refuse cookies via your browser settings, though this may affect how the website functions.

4. Legal Basis for Processing

I process your data under the following UK-GDPR legal bases:

• Explicit Consent: For the collection of health and neurotype data (Special Category Data) provided in your intake form.

• Contractual Necessity: To deliver the course materials and sessions you have purchased.

• Legitimate Interests: To ensure the safety of all participants and to screen for the suitability of the course in a group setting.

• Legal Obligation: To comply with professional indemnity insurance requirements and GMC ethical standards.

5. How I Store and Protect Your Data

I employ a "Zero-Knowledge" and "Digital-Only" approach to data security to protect both your privacy and my personal safety:

• No Physical Files: I do not keep paper records. All data is stored on secure, encrypted cloud-based systems (Google Workspace for Business).

• Access Control: All accounts are protected by Two-Factor Authentication (2FA) and high-entropy passwords.

• Encryption: Data is encrypted both at rest and in transit.

• Third-Party Services: I only use GDPR-compliant service providers (e.g., Stripe, Zoom, Google). I do not sell or share your data with third parties for marketing purposes.

6. Disclosure of Data

Your information is kept strictly confidential. I will only disclose your data if:

1. Safety: There is a compelling reason to believe you or another person is at risk of serious harm.

2. Legal Requirement: I am required to do so by law.

7. Data Retention

I retain participant records (including intake forms and attendance) for 7 years after our professional relationship ends. After this period, your data is securely and permanently deleted.

8. Your Rights

Under the UK-GDPR, you have the right to:

• Access: Request a copy of the data I hold about you.

• Rectification: Ask me to correct inaccurate information.

• Erasure: Ask me to delete your data (subject to my 7-year legal/insurance retention obligations).

• Withdraw Consent: You can withdraw your consent for me to hold your health data at any time, though this may mean you can no longer participate in the course if screening is a safety requirement.

9. Concerns & Complaints

If you have any questions about this policy, please contact me at hello@aurummindfulness.com.

If you remain unsatisfied with how I handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.