Privacy Policy
Effective: April 2025
Introduction
Welcome to Reset Tour (Pvt) Ltd. We value your privacy and are committed to protecting your personal data. This policy outlines how we collect, use, and safeguard your information when you visit our website, purchase our books (physical or digital), or engage our counselling and training services.
What Personal Data We Collect
2.1 Identity & Contact Data
- Full name
- Email address
- Telephone number
- Billing and/or shipping address
2.2 Financial & Payment Data
We use Stripe, Mercury and Wise as our authorised payment processors. Payment card data is processed directly by Stripe (PCI DSS Level 1 certified) and Wise under their own terms.
- We do not store, access, or process full payment card numbers on our systems
- We retain only transaction identifiers and amounts necessary for order management and legal compliance
2.3 Service & Counselling Data
For counselling services, we collect intake form data (name, contact, presenting concerns).
- Clinical notes, session records, and therapy data are treated as special category data under Article 9 UK/EU GDPR
- These records are held separately and subject to enhanced security controls and professional ethical obligations
2.4 Digital Product Data
- Download access logs and timestamps
- IP address at time of download (for fraud prevention)
2.5 Technical & Usage Data
- Browser type, device type, operating system
- Pages visited, time spent, referral source
- Cookie identifiers (see our Cookie Policy)
2.6 Communications Data
- Emails and messages you send us
- Marketing preferences and consent records
Legal Basis for Processing
We only process your personal data where we have a valid legal basis under Article 6 UK/EU GDPR.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Order fulfilment (books & digital products) | Identity, contact, payment, digital product data | Contract (Art. 6(1)(b)) |
| Processing payments via Stripe | Payment transaction data | Contract (Art. 6(1)(b)) |
| Delivering counselling sessions | Identity, contact, counselling intake data | Contract + Explicit Consent (Art. 6(1)(b) & 9(2)(a)) |
| Customer support | Identity, contact, communications data | Legitimate Interests (Art. 6(1)(f)) |
| Fraud prevention & security | Technical, payment, IP data | Legitimate Interests (Art. 6(1)(f)) |
| Marketing communications (newsletters) | Identity, contact, marketing preferences | Consent (Art. 6(1)(a)) – opt-in only |
| Legal compliance & record-keeping | All relevant data | Legal Obligation (Art. 6(1)(c)) |
How We Share Your Personal Data
We do not sell, rent, or trade your personal data. We only share data with the following trusted third-party service providers under appropriate contractual safeguards:
| Stripe, Inc. | Payment processing — stripe.com/privacy |
| Wise Payments Ltd. | International payment processing — wise.com/privacy-policy |
| Mercury Payments Ltd. | International payment processing — mercury.com/legal/privacy |
| Shipping Carriers | Delivery of physical books (name and address only) |
| Email Service Providers | Transactional and marketing email delivery |
| Cloud Storage / Hosting | Secure hosting of our website and customer data |
| Legal / Professional Advisors | Where required for legal compliance or dispute resolution |
All processors are required to process your data only on our documented instructions and are bound by data processing agreements meeting UK/EU GDPR standards.
International Transfers
Some of our service providers may process your data outside the UK and the European Economic Area (EEA). Where such transfers occur, we ensure adequate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the UK ICO or the European Commission
- Adequacy decisions where applicable
- Binding Corporate Rules or equivalent mechanisms
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by applicable law.
| Customer order records | 7 years (UK tax/accounting obligations) |
| Payment transaction records | 7 years (financial regulation) |
| Counselling intake & clinical records | As required by professional ethical guidelines (minimum 7 years post-therapy) |
| Marketing consent records | Duration of consent + 3 years |
| Technical / usage logs | Up to 12 months |
| Website cookie data | See Cookie Policy |
Your Rights Under UK/EU GDPR
You have the following rights in relation to your personal data:
To exercise any of these rights, please contact us at info@resettour.com. We will respond within one calendar month.
You also have the right to lodge a complaint with your supervisory authority:
- UK: Information Commissioner’s Office (ICO) — ico.org.uk
- EU: Your national Data Protection Authority
Data Security
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:
- TLS/SSL encryption for all data transmissions
- Access controls and authentication requirements
- Regular security reviews and staff training
- PCI DSS-compliant payment handling via Stripe and Wise
Children’s Privacy
Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16.
If you believe we have inadvertently collected data from a minor, please contact us immediately at info@resettour.com.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated Policy on our website
- Updating the ‘Last Reviewed’ date at the top of this page
Where required by law, we will seek your explicit consent before making significant changes that affect how we process your data.
Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Controller: