Skip to content
Reset Tour - We Take You Through
Effective: April 2025

Privacy Policy

We value your privacy and are committed to protecting your personal data. This policy explains what we collect, why, and the rights you have over it.

Last reviewed: April 2025

Welcome to Reset Tour. This policy outlines how we collect, use, and safeguard your information when you visit our website, purchase our books (physical or digital), or engage our counselling and training services.

Section 01

Introduction

We value your privacy and are committed to protecting your personal data in accordance with applicable data-protection law, including the UK and EU GDPR. This policy describes the personal data we hold, how and why we process it, and how you can exercise your rights.

Company
Reset Tour
Registered office
USA / Sri Lanka
Website
resettour.com
Data controller
[email protected]
Section 02

What Personal Data We Collect

2.1 Identity & Contact Data

  • Full name
  • Email address
  • Telephone number
  • Billing and/or shipping address

2.2 Financial & Payment Data

We use Stripe, Mercury, and Wise as our authorised payment processors. Payment card data is processed directly by Stripe (PCI DSS Level 1 certified) and Wise under their own terms.

  • We do not store, access, or process full payment card numbers on our systems.
  • We retain only transaction identifiers and amounts necessary for order management and legal compliance.

2.3 Service & Counselling Data

For counselling services, we collect intake form data (name, contact, presenting concerns).

  • Clinical notes, session records, and therapy data are treated as special category data under Article 9 UK/EU GDPR.
  • These records are held separately and subject to enhanced security controls and professional ethical obligations.

2.4 Digital Product Data

  • Download access logs and timestamps
  • IP address at time of download (for fraud prevention)

2.5 Technical & Usage Data

  • Browser type, device type, operating system
  • Pages visited, time spent, referral source
  • Cookie identifiers (see our Cookie Policy)

2.6 Communications Data

  • Emails and messages you send us
  • Marketing preferences and consent records
Section 04

How We Share Your Personal Data

We do not sell, rent, or trade your personal data. We only share data with the following trusted third-party service providers under appropriate contractual safeguards:

Stripe, Inc.Payment processing: stripe.com/privacy
Wise Payments Ltd.International payment processing: wise.com/privacy-policy
Mercury Payments Ltd.International payment processing: mercury.com/legal/privacy
Shipping carriersDelivery of physical books (name and address only)
Email service providersTransactional and marketing email delivery
Cloud storage / hostingSecure hosting of our website and customer data
Legal / professional advisorsWhere required for legal compliance or dispute resolution

All processors are required to process your data only on our documented instructions and are bound by data processing agreements meeting UK/EU GDPR standards.

Section 05

International Transfers

Some of our service providers may process your data outside the UK and the European Economic Area (EEA). Where such transfers occur, we ensure adequate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the UK ICO or the European Commission
  • Adequacy decisions where applicable
  • Binding Corporate Rules or equivalent mechanisms
Stripe, Inc. is based in the USA. Transfers to Stripe are governed by the EU–US Data Privacy Framework and SCCs. Please refer to Stripe's Privacy Policy for full details.
Section 06

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by applicable law.

Customer order records7 years (UK tax/accounting obligations)
Payment transaction records7 years (financial regulation)
Counselling intake & clinical recordsAs required by professional ethical guidelines (minimum 7 years post-therapy)
Marketing consent recordsDuration of consent + 3 years
Technical / usage logsUp to 12 months
Website cookie dataSee Cookie Policy
Section 07

Your Rights Under UK/EU GDPR

You have the following rights in relation to your personal data:

Right of Access

Request a copy of the personal data we hold about you (Subject Access Request).

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your data where there is no legitimate reason to continue processing.

Right to Restrict Processing

Ask us to suspend processing of your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format where processing is based on consent or contract.

Right to Object

Object to processing based on legitimate interests, or to direct marketing at any time.

Right to Withdraw Consent

Where we rely on consent, withdraw it at any time without affecting prior lawful processing.

Automated Decisions

Not to be subject to solely automated decisions that significantly affect you.

To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month.

You also have the right to lodge a complaint with your supervisory authority:

  • UK: Information Commissioner's Office (ICO): ico.org.uk
  • EU: Your national Data Protection Authority
Section 08

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

  • TLS/SSL encryption for all data transmissions
  • Access controls and authentication requirements
  • Regular security reviews and staff training
  • PCI DSS-compliant payment handling via Stripe and Wise
No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
Section 09

Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16.

If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected].

Section 10

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the 'Last reviewed' date at the top of this page

Where required by law, we will seek your explicit consent before making significant changes that affect how we process your data.

Section 11

Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Controller:

Organisation
Reset Tour
Phone
+94 74 125 6432
Website
resettour.com