International Sophrology Federation Ltd – Privacy Policy
Last updated: June 2026 (v2 — updated for UK Data (Use and Access) Act 2025)
Updated for DUAA 2025: statutory complaints right added; SRI named; SAR stop-clock provision added; international transfer basis updated to Data Protection Test.
The International Sophrology Federation Ltd (“ISF”, “we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, apply for membership, participate in events, or interact with us in any way.
We are registered in the United Kingdom and subject to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025 (DUAA).
1. Who we are
International Sophrology Federation Ltd
Registered in the United Kingdom
Email: office@sophrologyinternational.org
Website: https://sophrologyinternational.org/
We act as the Data Controller for the personal data we collect.
Senior Responsible Individual (SRI): Sarah Kiersgaard, Governance Director. Under the DUAA 2025, Sarah Kiersgaard is responsible for overseeing ISF’s UK data protection compliance. For data protection queries, rights requests, or complaints: office@sophrologyinternational.org.
2. What personal data we collect
A. Personal identifiers
Name, email address, phone number, postal address, country of practice, professional details (qualifications, training, membership status).
B. Membership and practitioner data
Certification records, training history, membership applications and supporting documents, payment and subscription information, attendance at events, governance or compliance records where relevant.
C. Website and technical data
IP address, basic device/browser information, Google Tag data (non-analytics unless activated — Google Analytics is not currently active), essential and non-essential cookies (see Cookie Notice), contact form submissions.
D. Sensitive (special category) data
We do not routinely collect special category data. Audio/video recordings of meetings or events may incidentally capture personal data and are handled with additional care. We do not collect health, ethnicity, religious, or spiritual belief data.
3. How we collect your data
Website forms (Gravity Forms), membership applications, email enquiries, event registrations, payment processing (Stripe), cookies and website tags, Zoom meeting registrations and recordings, and our membership database. We do not receive data from third-party referrals.
4. How we use your data
4.1 Purposes:
- Managing and administering memberships
- Verifying practitioner qualifications and certification
- Processing payments and subscriptions
- Responding to enquiries
- Running events, meetings, and training
- Maintaining governance, compliance, and professional standards
- Sending member communications and updates (via Mailchimp)
- Improving our website and user experience
- Maintaining accurate organisational records
- Ensuring the integrity and safety of our professional community
We do not use your data for automated decision-making with significant effects. Any automated processing does not involve special category data and appropriate safeguards are in place in accordance with Articles 22A–22D UK GDPR as amended by the DUAA 2025.
4.2 Publicity and Member Promotion
With your explicit consent, ISF may publicly welcome new or renewing members on our LinkedIn page (name, membership category, and country). With your explicit consent, ISF may also share or cross-post content you create on ISF’s LinkedIn page or other official channels. You may withdraw consent at any time by contacting office@sophrologyinternational.org.
5. Legal bases for Processing
- Contract — to process membership applications and provide member services
- Legitimate interests — to run our organisation, maintain governance, and improve services
- Legal obligation — for financial record-keeping
- Consent — for non-essential cookies or optional communications
The DUAA 2025 introduced a seventh lawful basis of “recognised legitimate interests” for specific defined purposes (crime prevention, safeguarding). This does not affect ISF’s current processing.
6. Third-party services and data sharing
- Website hosting: WordPress (via WP Maintain), WP Engine
- Email marketing: Mailchimp
- Form delivery: Brevo
- Payment processing: Stripe
- Cloud storage: Google Drive
- Video conferencing: Zoom
- Virtual Assistant services (where applicable, under confidentiality agreements)
Each provider processes data under strict data protection agreements. We do not sell or trade personal data.
7. International data transfers
Some providers are based outside the UK/EEA (Google, Mailchimp, Stripe, Zoom, WP Engine). Where this occurs, we ensure transfers satisfy the Data Protection Test introduced under DUAA 2025 (UK GDPR Article 44A), including through Standard Contractual Clauses (SCCs) and UK adequacy regulations. Transfer Impact Assessments are reviewed annually — see our Transfer Impact Assessment Log.
8. Data retention
Full retention periods are in our Retention Policy and Schedule. Summary:
- Membership records: 6 years after membership ends
- Certification records: indefinitely
- Governance and disciplinary records: 10 years after case closure
- Email enquiries: 6–12 months
- Financial records: 6 years
- Event registrations: 3 years
- Zoom recordings: 3 years (10 years if governance/disciplinary)
- Complaints records: 6 years after case closure
- Website logs/cookies: as per Cookie Notice
9. Your rights
Under UK GDPR as amended by DUAA 2025, you have the right to:
- Access your personal data
- Rectification of inaccurate data
- Erasure in certain circumstances
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent (where consent is the basis)
New statutory right — in force 19 June 2026 (DUAA 2025 s.103)
Right to complain to ISF directly: You have the statutory right to raise a data protection complaint with ISF. We will acknowledge your complaint within 30 days and respond fully without undue delay. Contact: Sarah Kiersgaard, Governance Director — office@sophrologyinternational.org.
Subject Access Requests
To make a SAR, contact office@sophrologyinternational.org. We will respond within 30 days. Under the DUAA 2025 stop-clock provision, the response period may be paused if we need to verify your identity or clarify your request. For complex or high-volume requests, we may extend to up to three months and will notify you within 30 days if this applies.
10. Complaints to the ICO
You also have the right to complain to the ICO at any time: www.ico.org.uk. We would welcome the opportunity to address concerns directly first — please contact office@sophrologyinternational.org.
11. Changes to This Policy
We may update this policy from time to time. The latest version will be available at https://sophrologyinternational.org/. Members will be notified of material changes.
International Sophrology Federation Ltd — Privacy Policy v2, June 2026