Privacy Policy

Definitions and Interpretation

In this Privacy Policy:

• "Personal data" has the meaning given in UK GDPR and refers to any information relating to an identified or identifiable natural person.
• "Processing" has the meaning given in UK GDPR and includes any operation performed on personal data, such as collection, recording, storage, retrieval, use, disclosure, or deletion.
• "Special category data" includes health data, biometric data, and data revealing racial or ethnic origin, religious beliefs, or other sensitive categories as defined in Article 9 UK GDPR.
• "Website" means www.padmadimension.com and any associated web pages, subdomains, or microsites.
• "Services" means the Website, any PADMA Dimension mobile applications, and all related digital services and platforms.
• "You" means the individual whose personal data is processed by us.
• "Data controller" means the entity that determines the purposes and means of processing personal data.

Who We Are (Data Controller)

PADMA Dimension Limited is the data controller for the purposes of UK data protection law. We are responsible for deciding how and why your personal data is processed.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been infringed.

Scope of This Policy

This Privacy Policy applies when you:

• Visit, browse, or interact with the Website
• Contact us via forms, email, social media, or other communications
• Join a waitlist, register interest, or request updates
• Create an account or user profile
• Use PADMA Dimension digital services, including mobile applications where available
• Participate in community features, events, or practitioner programmes
• Apply as a practitioner, partner, or investor

Separate or supplemental privacy notices may apply to specific features, mobile applications, or advanced services. Where such notices apply, they will be provided at the point of data collection.

Personal Data We Collect

We collect only personal data that is necessary and proportionate to the purposes described in this policy.

• Full name
• Email address
• Telephone number (where voluntarily provided)
• Messages, enquiries, and feedback
• Practitioner application details (practice type, professional background)
• Community membership preferences
• Waitlist registration data (age group, country, healing intention)
• Account credentials (where applicable)

• IP address and approximate geolocation
• Browser type, version, and language
• Device type, operating system, and screen resolution
• Pages visited, time spent, and navigation paths
• Referring website or source
• Session identifiers and interaction timestamps

Technical data is collected via cookies and similar technologies. Please refer to our Cookie Policy for full details.

We may receive limited, aggregated, or anonymised data from:

• Analytics providers (e.g. Google Analytics)
• Website hosting and infrastructure providers
• Payment processors (where applicable, for transaction data only)
• Social media platforms (where you interact with us via those platforms)

When PADMA Dimension mobile applications become available, additional data categories may include:

• Journey history and session preferences
• Reflection and journaling entries (stored locally or with explicit consent)
• Biometric data (only with explicit, informed consent and limited to delivering the specific requested experience)
• Sound and environment preferences

Supplemental privacy notices will be provided before any such data is collected.

Purposes of Processing

We process personal data for the following purposes:

• To respond to your enquiries, messages, and support requests
• To operate, maintain, and improve the Website and Services
• To process waitlist registrations and community applications
• To manage practitioner and partner relationships
• To personalise your experience where you have provided preferences
• To send updates, newsletters, and communications where consent has been provided
• To analyse usage patterns and improve platform performance
• To ensure the security of our Services and prevent misuse, fraud, or abuse
• To comply with legal and regulatory obligations
• To establish, exercise, or defend legal claims

Lawful Bases for Processing

We process personal data on the following lawful bases under UK GDPR:

• Consent (Article 6(1)(a)): where you have given clear, informed consent for a specific purpose. You may withdraw consent at any time by contacting us.
• Contractual necessity (Article 6(1)(b)): where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
• Legal obligation (Article 6(1)(c)): where processing is necessary to comply with a legal obligation to which we are subject.
• Legitimate interests (Article 6(1)(f)): where processing is necessary for our legitimate interests or those of a third party, provided your rights do not override those interests. Our legitimate interests include improving our Services, ensuring security, and communicating with you about our platform.

Where we rely on legitimate interests, we conduct a balancing assessment to ensure your rights and freedoms are not disproportionately affected.

Automated Tools and Personalisation

Where available, we may use limited automated tools to recommend or adapt content, journey types, or sound environments based on preferences you provide or interactions you have with the Services.

Such processing:

• Does not produce legal or similarly significant effects on you
• Does not constitute solely automated decision-making as defined under Article 22 UK GDPR
• Is designed to enhance your experience and is always subject to your control

You may object to personalisation or request human review of any automated recommendation by contacting us at privacy@padmadimension.com.

Special Category and Wellness Data

We recognise the sensitivity of data related to health, wellbeing, and emotional states. We do not process special category data (including health or biometric data) unless:

• The specific feature or service explicitly requires it
• You have provided explicit, informed consent (Article 9(2)(a) UK GDPR)
• The processing is strictly limited to delivering the requested experience
• Appropriate safeguards are in place to protect the data

You may withdraw consent for special category data processing or request deletion at any time. Withdrawal will not affect the lawfulness of processing carried out before withdrawal.

PADMA Dimension is not a medical, therapeutic, or clinical service. Data processed within the platform is not used for diagnostic or treatment purposes.

Children's Data

• The Services are intended for users aged 8 and above
• Users under 18 require verifiable parental or guardian consent before using the Services
• We do not knowingly collect personal data from children under 8 years of age
• Marketing communications are not directed at children under 18
• Where we become aware that data has been collected from a child without appropriate consent, we will delete it promptly

If you believe a child's data has been collected without proper consent, please contact us immediately at privacy@padmadimension.com.

Data Sharing and Disclosure

We may share personal data with the following categories of recipients, and only to the extent necessary:

• Trusted service providers who assist in operating our Services (hosting, email delivery, analytics), bound by data processing agreements
• Professional advisers including lawyers, auditors, and accountants, where necessary for legal, regulatory, or business purposes
• Regulatory authorities and law enforcement where disclosure is required by law, court order, or regulatory obligation
• Business successors in the event of a merger, acquisition, or restructuring, subject to appropriate protections

We do not sell, rent, trade, or otherwise commercially exploit your personal data. We do not share personal data with third parties for their own marketing purposes.

International Transfers

Your personal data is primarily processed and stored within the United Kingdom.

Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, including:

• Transfers to countries with UK adequacy regulations
• Approved contractual protections, including the UK International Data Transfer Agreement (UK IDTA) or the International Data Transfer Addendum to the EU Standard Contractual Clauses
• Additional supplementary measures where required by the circumstances of the transfer

You may request details of the safeguards applied to any international transfer by contacting us.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Secure hosting with reputable, certified infrastructure providers
• Access controls and authentication mechanisms
• Encryption of data in transit (TLS/SSL) and at rest where appropriate
• Regular security assessments and vulnerability monitoring
• Staff training on data protection and security awareness
• Incident response procedures for data breaches

While we take all reasonable precautions, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods include:

• Waitlist and enquiry data: retained until the purpose is fulfilled or you request deletion
• Account data: retained for the duration of your account and for up to 12 months thereafter
• Marketing preferences: retained until you unsubscribe or withdraw consent
• Technical and analytics data: retained for up to 26 months
• Legal and compliance data: retained for up to 7 years as required by applicable law

When data is no longer required, it is securely deleted, anonymised, or destroyed in accordance with our data retention procedures.

Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access (Article 15): to obtain confirmation of whether your data is being processed and to receive a copy of your personal data
• Right to rectification (Article 16): to have inaccurate or incomplete personal data corrected
• Right to erasure (Article 17): to request deletion of your personal data in certain circumstances
• Right to restriction (Article 18): to request that processing of your data is restricted in certain circumstances
• Right to object (Article 21): to object to processing based on legitimate interests or for direct marketing purposes
• Right to data portability (Article 20): to receive your personal data in a structured, commonly used, and machine-readable format
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
• Right not to be subject to automated decision-making (Article 22): to not be subject to decisions based solely on automated processing that produce legal or similarly significant effects

To exercise any of these rights, please contact us at privacy@padmadimension.com. We will respond within one calendar month of receiving your request, subject to identity verification. This period may be extended by two further months where requests are complex or numerous, in which case we will inform you of the extension and the reasons.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyse traffic, and understand how our Services are used. For full details on the types of cookies we use, how to manage your preferences, and how to opt out, please refer to our Cookie Policy.

Third-Party Links

Our Website and Services may contain links to third-party websites, platforms, or services that are not operated by us. We are not responsible for the privacy practices, content, or security of those third parties. We encourage you to review the privacy policies of any third-party service before providing personal data to them.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services we offer. When we make changes:

• The updated policy will be posted on the Website with a revised "Last Updated" date
• Material changes will be communicated via email or prominent notice on the Website
• Where changes affect your rights or require renewed consent, we will seek that consent before the changes take effect

We encourage you to review this policy periodically.

Contact Us

You may also contact the Information Commissioner's Office (ICO):

• Website: https://ico.org.uk
• Helpline: 0303 123 1113