Privacy Policy

​

Sensei Chelle Self Defence
Effective Date: 23rd October 2025
Last Updated: 23rd October 2025

 

1. Introduction

​

Sensei Chelle Self Defence is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you book our courses, use our website, or interact with us.

​

We are committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. By using our services or providing us with your personal data, you agree to the practices described in this policy.

​

2. Who We Are (Data Controller)

​

Business Name: Sensei Chelle Self Defence
Website: www.senseichelleselfdefence.com
Email: info.senseichelle@gmail.com
Data Protection Contact: Anthony Rubery, Director & Brand Manager

​

We are the "data controller" of your personal data, which means we determine how and why your data is processed.

​

3. What Personal Data We Collect

​

We collect and process the following types of personal data:

​

3.1 Identity & Contact Information​

​

• Full name

• Date of birth

• Age

• Email address

• Phone number

• Billing address

• Emergency contact details

​

3.2 Health Information (Special Category Data)

​

• Medical conditions, disabilities, or injuries

• Current medications

• GP contact details

• Fitness to participate declarations

• Injury and incident reports

• Consent for emergency medical treatment

​

3.3 Parental/Guardian Information (for participants under 18)

​

• Parent or guardian name

• Parent or guardian contact details

• Parental consent records

​

3.4 Payment & Financial Information

​

• Payment method used (card, PayPal, bank transfer, Clearpay, Klarna, SumUp)

• Transaction details and receipts

• Billing address

​

Note: We do not store full card details. Payment processing is handled securely by third-party payment processors (Wix Payments, PayPal, Clearpay, Klarna, SumUp).

​

3.5 Booking & Attendance Information

​

• Course or session bookings

• Attendance records

• Session preferences

• Cancellation and refund requests

​

3.6 Marketing & Communication Preferences

​

• Email marketing consent

• Communication preferences

• Responses to surveys or feedback requests

​

3.7 Photos, Videos & Images

​

• Photos or videos taken during sessions (with consent)

• Images used for marketing purposes (with consent)

​

3.8 Website & Technical Data

​

• IP address

• Browser type and version

• Device information

• Pages visited on our website

• Cookies and tracking data (see Section 12)

​

4. How We Collect Your Data

​

We collect personal data through:

​

• Booking forms: When you book a course, workshop, or session online or via email

• Health questionnaires: Completed before your first session

• Our website: When you visit, browse, or use contact forms

• Email and phone: When you contact us with enquiries

• In person: At sessions, workshops, or events

• Incident reports: If you are involved in or witness an incident or near miss

• Third parties: Schools, businesses, or venues booking on behalf of participants

• Cookies and tracking: Via our website (see Section 12)

​

5. Why We Collect Your Data (Legal Basis)

​

We only collect and use your personal data when we have a legal basis to do so. The legal bases we rely on are:

​

5.1 Contract Performance

​

We need your data to provide the services you have booked (courses, workshops, sessions). This includes:

​

• Processing your booking

• Sending confirmation emails and session details

• Managing attendance and participation

• Processing payments and refunds

​

5.2 Legal Obligation

​

We are legally required to collect and process certain data, including:

​

• Health and safety information (Health and Safety at Work Act 1974)

• Incident and injury reporting (RIDDOR - Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013)

• Safeguarding records (for participants under 18)

• Financial records for tax purposes (HMRC requirements)

​

5.3 Vital Interests

​

We process health data to protect your life or physical safety, including:

​

• Emergency medical treatment

• Contacting emergency services or your emergency contact

​

5.4 Legitimate Interests

​

We process data where it is necessary for our legitimate business interests, including:

​

• Improving our services and training quality

• Preventing fraud and ensuring payment security

• Analyzing attendance and booking patterns

• Responding to complaints and legal claims

• Website analytics and performance monitoring

​

5.5 Consent

​

We rely on your explicit consent for:

​

• Processing sensitive health information (beyond legal/safety requirements)

• Sending marketing emails

• Using your photos or videos for marketing purposes

• Cookies and tracking (where required)

​

You can withdraw consent at any time by contacting us at info.senseichelle@gmail.com. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

​

6. How We Use Your Data

​

We use your personal data for the following purposes:

​

6.1 Service Delivery

​

• Processing and confirming bookings

• Managing course attendance and participation

• Ensuring your safety during training (using health information)

• Contacting you about your booking or session details

• Providing emergency medical care if needed

​

6.2 Payment Processing

​

• Processing payments via Wix, PayPal, bank transfer, Clearpay, Klarna, or SumUp

• Issuing receipts and invoices

• Processing refunds or transfers

• Maintaining financial records for tax and accounting purposes

​

6.3 Health & Safety

​

• Assessing fitness to participate

• Adapting training to individual needs

• Recording and investigating incidents, injuries, and near misses

• Reporting to HSE under RIDDOR (if required)

• Making insurance claims (if required)

​

6.4 Safeguarding (for participants under 18)

​

• Obtaining parental consent

• Communicating with parents/guardians

• Recording and reporting safeguarding concerns (if required)

• Ensuring appropriate supervision and safety measures

​

6.5 Marketing & Communications (with consent)

​

• Sending promotional emails about upcoming courses, workshops, and offers

• Sharing safety tips, training advice, and updates via email

• Using photos/videos in marketing materials (social media, website, print)

​

You can opt out of marketing at any time by clicking "unsubscribe" in any marketing email or contacting us. You will still receive essential booking and safety communications.

​

6.6 Advertising & Analytics

​

• Creating Custom Audiences and Lookalike Audiences on Meta (Facebook/Instagram) and Google

• Retargeting website visitors with relevant ads

• Tracking website performance via Google Analytics

• Measuring ad campaign effectiveness

​

6.7 Legal & Compliance

​

• Responding to legal requests or court orders

• Defending or pursuing legal claims

• Complying with regulatory requirements (ICO, HSE, HMRC)

 

7. Who We Share Your Data With

​

We do not sell your personal data to third parties. We only share your data with trusted partners and service providers as necessary:

​

7.1 Payment Processors

​

• Wix Payments, PayPal, Clearpay, Klarna, SumUp: To process payments securely

​

7.2 Advertising & Analytics Platforms

​

• Meta (Facebook/Instagram): For Custom/Lookalike Audiences and retargeting (data is hashed/encrypted)

• Google (Ads & Analytics): For ad targeting, website analytics, and performance tracking

​

7.2.1 - Algorithm Training & Artificial Intelligence

​

How Advertising Platforms Use Your Data:

​

When we share data with Meta (Facebook/Instagram) and Google for advertising purposes, these platforms may use aggregated, anonymised, or pseudonymised data to:

​

• Train and improve advertising algorithms (e.g., predicting which ads are most relevant to users)

• Develop machine learning models (e.g., improving ad targeting accuracy)

• Enhance platform features (e.g., better audience insights, fraud detection)

​

What This Means:

​

• Your individual data (name, email) is hashed/encrypted before being shared, so Meta and Google cannot see your personal details directly

• Data is typically used in aggregate form (e.g., "people who booked self-defence courses" as a group, not "Jane Smith specifically")

• This helps Meta and Google deliver more relevant ads to you and others across their platforms

​

Your Control:

​

• You can opt out of personalized advertising through your Meta and Google account settings (see Section 12 for links)

• Opting out means you'll still see ads, but they'll be less relevant to your interests

• You can opt out of our marketing emails at any time, which reduces (but doesn't eliminate) data sharing with advertising platforms

​

Third-Party Policies:

​

• Meta's use of data is governed by their Data Policy: https://www.facebook.com/privacy/policy

• Google's use of data is governed by their Privacy Policy: https://policies.google.com/privacy

• We do not control how Meta or Google use data once shared, but we only work with partners who meet UK GDPR standards

​

7.3 Email Marketing Platforms (if applicable)

​

• Mailchimp (or similar): For sending marketing emails (only if you opt in)

​

7.4 Website & Booking Platforms

​

• Wix: Website hosting and booking forms

• Google Forms/Workspace: For health questionnaires and incident reports

​

7.5 Insurance Companies

​

• If we need to make a claim related to an incident or injury

​

7.6 Regulatory & Legal Authorities

​

• HSE (Health and Safety Executive): For RIDDOR-reportable incidents

• Local authorities or police: For safeguarding concerns or legal investigations

• ICO (Information Commissioner's Office): For data breach reporting (if required)

• HMRC: For tax and financial compliance

​

7.7 Accountants & Professional Advisors

​

• For financial record-keeping, tax preparation, and business advice (subject to confidentiality agreements)

​

7.8 Venues & Partners

​

• Schools, businesses, or community venues hosting our workshops (participant names/numbers for access and safeguarding purposes only)

​

All third parties are required to keep your data secure and use it only for the purposes we specify.

 

8. International Data Transfers

​

Some of the third parties we work with (e.g., Meta, Google, PayPal, Wix) may store or process your data outside the United Kingdom, including in the United States. When data is transferred internationally, we ensure it is protected by:

​

• Standard Contractual Clauses (SCCs): Approved by the UK ICO for secure international transfers

• Adequacy decisions: Transfers to countries deemed to have adequate data protection laws

• Processor agreements: Contracts requiring third parties to protect your data to UK GDPR standards

​

For more information about international transfers, contact us at info.senseichelle@gmail.com

 

9. How Long We Keep Your Data

​

We only keep your personal data for as long as necessary for the purposes outlined in this policy. Retention periods are:

​​

​

​

​

​

​

​

​

​

​

​

​

​​

​

​

​

​

​

After the retention period expires, we securely delete or anonymise your data.

​

If you request deletion of your data (see Section 10), we will comply unless we have a legal obligation to retain it (e.g., financial records for HMRC).

 

10. Your Data Protection Rights

​

Under UK GDPR, you have the following rights regarding your personal data:

​

10.1 Right of Access

​

You can request a copy of the personal data we hold about you (known as a "Subject Access Request" or SAR).

​

10.2 Right to Rectification

​

You can ask us to correct inaccurate or incomplete data.

​

10.3 Right to Erasure ("Right to be Forgotten")

​

You can request deletion of your data in certain circumstances, such as:

​

• The data is no longer needed for the purposes it was collected

• You withdraw consent (where consent was the legal basis)

• You object to processing and there are no overriding legitimate grounds

​

Note: We may not be able to delete data if we have a legal obligation to retain it (e.g., financial records for 7 years).

​

10.4 Right to Restriction of Processing

​

You can ask us to limit how we use your data in certain situations, such as:

​

• You contest the accuracy of the data

• Processing is unlawful but you don't want it deleted

• We no longer need the data but you need it for a legal claim

​

10.5 Right to Data Portability

​

You can request a copy of your data in a structured, commonly used, machine-readable format (e.g., CSV file) to transfer to another service provider.

​

10.6 Right to Object

​

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

​

10.7 Right to Withdraw Consent

​

If we process your data based on consent (e.g., marketing emails, photos/videos), you can withdraw consent at any time by:

​

• Clicking "unsubscribe" in marketing emails

• Contacting us at info.senseichelle@gmail.com

​

10.8 Rights Related to Automated Decision-Making

​

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

​

How to Exercise Your Rights

​

To exercise any of these rights, contact us at:

​

• Email: info.senseichelle@gmail.com

• Subject line: "Data Protection Request"

​

We will respond within 1 month of receiving your request. If your request is complex, we may extend this by up to 2 months and will notify you.

​

We do not charge a fee for most requests, unless they are manifestly unfounded, excessive, or repetitive.

 

11. Children's Data (Under 18s)

​

We provide self-defence training to young people aged 11 and over. Under UK GDPR, participants aged 13 and over can legally consent to online services, but we require parental consent for all participants under 18 as a safeguarding measure.

​

Parents/guardians must:

​

• Complete the health questionnaire and participation agreement on behalf of minors

• Provide consent for photos/videos (if applicable)

• Provide consent for marketing communications (if applicable)

• We do not market directly to children. Marketing emails are only sent to adults who opt in.

• We do not allow private messaging between instructors and participants under 18. All communication is via parents/guardians.

​

For full details of how we protect young people, see our Safeguarding Policy.

 

12. Cookies & Tracking Technologies

​

Our website uses cookies and similar tracking technologies to improve your experience and analyse website performance.

​

What Are Cookies?

​

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and track usage.

​

What Cookies We Use

​

• Essential Cookies - these are necessary for the website to function (e.g. remembering items in a booking cart). You cannot opt out of these.

• Analytics Cookies (Google Analytics) - these track website visits, page views, and user behaviour to help us improve the site. (Data collected: IP address [anonymised], pages visited, time on site, device type)

• Advertising Cookies, Meta Pixel (Facebook/Instagram) - these track website visitors for retargeting ads and measuring ad performance

• Advertising Cookies, Google Ads - these track conversions and enables retargeting

​

Managing Cookies

​

You can control cookies through:

​

• Cookie consent banner: Manage preferences when you first visit our website

• Browser settings: Most browsers allow you to block or delete cookies

​

Opt-out tools

​

• Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout

• Facebook ad preferences: https://www.facebook.com/ads/preferences

Note: Blocking cookies may affect website functionality and your user experience.

 

13. How We Protect Your Data

​

We take data security seriously and implement appropriate technical and organisational measures to protect your personal data, including:

​

• Encryption: Sensitive data (e.g., health information) is encrypted in transit and at rest

• Secure storage: Data is stored on password-protected, encrypted devices and secure cloud platforms (Google Workspace, Wix)

• Access controls: Only authorized personnel (directors and lead instructor) can access personal data

• Two-factor authentication (2FA): Used on all accounts holding personal data

• Regular backups: Data is backed up securely to prevent loss

• Staff training: All instructors receive annual data protection and GDPR training

• Secure payment processing: We do not store full card details; payments are processed by PCI-DSS compliant providers

• Data breach response plan: We have procedures to detect, report, and respond to data breaches within 72 hours.

​

No system is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security. If you believe your data has been compromised, contact us immediately at info.senseichelle@gmail.com.

 

14. Data Breaches

​

If we discover a data breach that poses a risk to your rights and freedoms, we will:

​

• Notify the ICO within 72 hours (if required by law)

• Notify affected individuals if the breach poses a high risk

• Take immediate action to contain and mitigate the breach

• Investigate the root cause and implement prevention measures

​​

​

15. Changes to This Privacy Policy

​

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services.

When we make significant changes, we will:

​

• Update the "Last Updated" date at the top of this policy

• Notify you via email (if you have an active booking or marketing subscription)

• Post a notice on our website

​

We recommend reviewing this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

​

16. How to Contact Us

​

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

​

Email: info.senseichelle@gmail.com
Website: www.senseichelleselfdefence.com
Subject line: "Privacy Policy Query" or "Data Protection Request"

​

We aim to respond to all enquiries within 5 working days.

 

17. Right to Complain to the ICO

​

You have the right to lodge a complaint with the UK's data protection authority if you believe we have not handled your data properly:

​

Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

​

We encourage you to contact us first so we can try to resolve your concern directly.

​

Thank you for trusting Sensei Chelle Self Defence with your personal data. Your privacy and safety are our top priorities.

​

Last Updated: 23rd October 2025

Next Review Date: 23rd October 2026