Your privacy matters to us. This notice explains what personal information the UK Reiki Federation collects, why we collect it, how we use and protect it, and the rights you have over it.

1. Who we are

The UK Reiki Federation (“UKRF”, “we”, “us”) is the data controller for the personal information described in this notice. We are a company limited by guarantee [company number: to confirm], governed by the Companies Act 2006.

  • Address: Argentum 510 Bristol Business Park, Coldharbour Lane, Bristol, United Kingdom, BS16 1EJ
  • Telephone: 0203 745 9746
  • Data protection contact: datacontroller@reikifed.co.uk

We are registered with the Information Commissioner’s Office (ICO) under registration number Z8553977.

2. The law we follow

We process personal data in line with UK data protection law: the UK GDPR, the Data Protection Act 2018 (as amended by the Data (Use and Access) Act 2025), and the Privacy and Electronic Communications Regulations 2003 (PECR).

3. The information we collect

Depending on how you interact with us, we may collect:

  • Name, date of birth and gender
  • Address, email address and telephone number
  • Business name and your Reiki qualifications, training and work history
  • Continuing Professional Development (CPD) records, including copies of CPD certificates
  • Payment information. Card details are not stored on our systems. If you pay by direct debit we retain your mandate for the duration of your membership
  • A record of our contact with you
  • Website usage information collected through cookies (see section 11)

We collect this when you apply for or renew membership, buy a product or service, complete a survey or form, give feedback, enter a competition, or use our website.

4. Special category data

Some of the information we hold is “special category” data, which the law gives extra protection. For UKRF this can include health information and details of past injuries or claims, and it may touch on philosophical beliefs through your involvement in Reiki.

We only process special category data where you have given us your explicit consent, or where the law allows a not for profit body such as ours to process the data of its members and people who have regular contact with it in connection with our purposes (the condition for not for profit bodies under the UK GDPR and Schedule 1 to the Data Protection Act 2018). We do not share this data with third parties except as set out in section 9, and we hold it no longer than necessary.

5. Why we use your information, and our lawful basis

We rely on the following lawful bases under Article 6 of the UK GDPR:

  • Contract: to provide and administer your membership, process orders, and deliver the services you have asked for, including sending welcome and renewal information by post.
  • Legitimate interests: to run the Federation effectively, keep proper records, respond to enquiries, and protect the integrity of our membership and accreditation. You can object to processing based on legitimate interests at any time.
  • Consent: for optional marketing communications and for non-essential cookies. You can withdraw consent at any time.
  • Legal obligation: where we are required to keep or disclose information by law.

6. Marketing

With your consent, we will send you news and information about UKRF products, services and events. Where you are already a member or customer, we may also contact you about similar UKRF services on the basis of our legitimate interest, and you can object at any time.

Every marketing message includes an easy way to unsubscribe. You can also opt out at any time by emailing datacontroller@reikifed.co.uk or calling 0203 745 9746. We will not sell or share your information with third parties for their own marketing.

7. Cookies and email tracking

This is covered in detail in section 11. Our marketing emails are sent through a third party email service provider and may use tracking to tell us whether a message was opened or a link clicked, so we can understand what is useful. You can opt out of marketing at any time.

8. Who we share your information with

We share your information only where needed to run the Federation, and we never sell it. Recipients may include:

  • Our UKRF National and Area Coordinators, where required to support you
  • A mailing house that delivers our quarterly journal, which may use your name and address for that purpose only
  • Trusted service providers who process data on our behalf (for example our email marketing provider and IT systems), under contracts that require them to protect it
  • The Complementary and Natural Healthcare Council (CNHC) or other bodies where you have asked us to support a verification or registration, or where we are required to by law

Most of your information is held in the UK or the European Economic Area. Our newsletter is sent using MailChimp, whose servers are in the United States. Where your information is transferred outside the UK, we make sure it is protected by appropriate safeguards. In MailChimp’s case this is the standard contractual clauses and the UK Addendum approved for international data transfers. We do not otherwise transfer your personal data outside the UK or the EEA.

9. How long we keep your information

We keep your personal data for the duration of your membership and for four years after it ends. Where you have made a complaint, we keep the related data for the duration of your membership. Where we are told of an active investigation or potential prosecution, we keep the data for as long as the law requires.

10. How we keep it safe

We use appropriate technical, physical and organisational measures to protect your information against unauthorised access, loss or disclosure, and we keep these under review.

11. Cookies

Cookies are small text files placed on your device. Some are strictly necessary for the website to work; others help us understand how the site is used or support marketing. We ask for your consent before setting any non-essential cookies, and you can change your choice at any time through the cookie settings on our website.

Strictly necessary (no consent required): session and security cookies such as PHPSESSID, the WooCommerce basket cookies, Cloudflare and the WordPress test cookie. These keep the site and shop working.

Analytics (consent required): Google Analytics cookies (for example _ga, _gid, _gat and collect), which help us see how visitors use the site so we can improve it.

Marketing (consent required): cookies set by services such as Facebook, used to measure and support our online activity.

You can also control cookies through your browser settings, although some features may not work if you block strictly necessary cookies. For more detail see Google’s cookie information.

12. Automated decision making

We do not make decisions that have a legal or similarly significant effect on you using solely automated means. If this ever changes, we will tell you and explain your rights to a meaningful explanation, to human review, and to contest the decision, in line with the UK GDPR as amended by the DUAA.

13. Your rights

Under UK data protection law you have the right to:

  • Be informed about how your data is used (this notice)
  • Access the personal data we hold about you
  • Have inaccurate or incomplete data corrected
  • Have your data erased in certain circumstances
  • Restrict how we use your data in certain circumstances
  • Data portability, where it applies
  • Object to processing based on our legitimate interests, and to direct marketing at any time
  • Rights relating to automated decision making and profiling

To exercise any of these rights, email datacontroller@reikifed.co.uk or write to us at the address in section 1. We will not charge a fee unless a request is manifestly unfounded or excessive. When we receive a request we will carry out a reasonable and proportionate search for your data, and we may ask you for information to confirm your identity or to clarify a request, which can pause our response time until we have what we need.

14. How to complain

If you are unhappy with how we have handled your personal data, please tell us first so we can put it right. Contact our data protection complaints route at datacontroller@reikifed.co.uk, or use the data protection section of our complaints page. We will acknowledge your complaint within 30 days and aim to resolve it without undue delay.

You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk/concerns, or by calling 0303 123 1113. We would, though, welcome the chance to address your concerns ourselves first.

15. Changes to this policy

We review this policy regularly and will post any updates on this page. This policy was last updated on 18 June 2026, replacing the previous version dated 14 May 2018.

16. Contact us

For any question about this policy or the information we hold about you, email datacontroller@reikifed.co.uk or call 0203 745 9746.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!