Privacy Notice
Navigate the Inner Compass
Last updated: 05/01/26
Navigate the Inner Compass (“Navigate”, “we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Notice explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Navigate the Inner Compass is operated as a private limited company registered in England and Wales.
Data Controller:
Navigate is the data controller for the purposes of UK GDPR.
Company Name: Navigate the Inner Compass
Company Registration: 16538543
Website: https://www.navigatetheinnercompass.co.uk
Email: Steph.Navigate@outlook.com
Navigate is responsible for deciding how your personal data is processed.
For data protection queries, please contact our us using the above email address.
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
a) Identity and Contact Information
Name
Email address
Phone number
Date of birth (where required for eligibility or safeguarding)
b) Participation and Session Information
Booking and attendance records
Session notes and reflective records
Consent and waiver confirmations
c) Sensitive Personal Data (Special Category Data)
Where relevant and only with your explicit consent, we may process:
Information relating to physical, emotional, or mental wellbeing
Information disclosed during sessions for the purpose of safe facilitation
This information is collected only where necessary, handled with strict confidentiality, and never used for diagnosis or medical treatment.
d) Technical Data
Website usage data (via cookies or analytics, if applicable)
IP address and browser type (where collected)
e) Website & Cookie Consent
Navigate’s website may use cookies and similar technologies to improve user experience and for analytics purposes. Cookies may collect non-identifiable information such as pages visited, browser type, and IP address.
Consent: Non-essential cookies (analytics, marketing) will only be used if you provide explicit consent via the website banner. Essential cookies required for website functionality (e.g., bookings, payments) may operate without consent but are disclosed here.
You may manage or disable cookies in your browser settings. Please note this may affect the functionality of the website.
3. Lawful Basis for Processing
Under UK GDPR, we rely on the following lawful bases:
Consent – where you have given explicit permission, including explicit consent for the processing of special category wellbeing information (e.g. wellbeing information, media use).
Contract – to deliver services you have booked
Legal obligation – where safeguarding, insurance, or legal duties apply
Legitimate interests – for business administration, record-keeping, and service improvement
You may withdraw consent at any time where consent is the lawful basis.
4. How We Use Your Data
We use your personal data to:
Deliver and manage sessions, workshops, or courses
Maintain appropriate records for professional, ethical, and safeguarding purposes (non-clinical, non-diagnostic)
Communicate with you regarding bookings, changes, or relevant information
Comply with legal, insurance, and regulatory obligations
Respond to complaints or safeguarding concerns
We do not sell or trade your data.
Participation in Navigate services is conditional on acceptance of Navigate’s Terms & Conditions and Participant Waiver, which include ethical standards, consent protocols, and safeguarding policies.
5. Confidentiality and Trauma-Informed Practice
All personal and session-related information is treated as confidential. However, confidentiality may be lawfully breached where:
There is a risk of serious harm to you or others
Safeguarding concerns arise involving vulnerable individuals
Disclosure is required by law or a regulatory authority
Any such disclosure will be limited to what is strictly necessary. Where third-party processors are used, appropriate data processing agreements are in place.
6. Data Storage and Security
We take reasonable technical and organisational measures to protect your data, including:
Password-protected digital systems
Secure storage of written records
Limited access to personal data
Personal data is retained only for as long as necessary for the purposes for which it was collected, or as required by law, insurance, or professional guidance. In general:
Where data is processed outside the UK, appropriate safeguards are in place in accordance with UK GDPR (such as adequacy regulations or standard contractual clauses).
All data is reviewed periodically and securely deleted when no longer required.
7. Sharing Your Data
Your data may be shared only where necessary with:
Professional advisors (e.g. insurers, legal advisors)
Regulatory or safeguarding bodies, where required
Technology providers (e.g. booking or email platforms), acting as data processors
All third parties are required to handle data in accordance with UK GDPR.
8. Media, Photography, and Recordings
Photographs, audio, or video recordings will only be taken with your prior consent as outlined in Navigate’s Terms & Conditions and Participant Waiver. You may withdraw consent for future use at any time. Withdrawal does not affect lawful use already made where consent was previously granted.
9. Your Rights Under UK GDPR
You have the right to:
Access your personal data
Request correction of inaccurate data
Request erasure of your data (where applicable)
Restrict or object to processing
Withdraw consent at any time
Request data portability
Lodge a complaint with the Information Commissioner’s Office (ICO)
ICO website: https://www.ico.org.uk
10. Complaints
If you have concerns about how your data is handled, please contact us first so we can seek to resolve the issue.
If unresolved, you have the right to raise a complaint with the ICO.
11. Changes to This Privacy Notice
This Privacy Notice may be updated from time to time. The most recent version will always be available via our website or upon request.
