Subscribe to get good news

Be the first to hear about upcoming classes, workshops and events

Privacy Policy

Last updated: 20 May 2020

Mamma Bali Ltd (“us”, “our”, “we”, “Mamma”) is the controller of your personal data collected through the Website. Mamma is committed to protecting and respecting your privacy. 

1. Introduction 

This privacy policy (the “Privacy Policy”) sets out the types of personal data we collect when you access and visit (the “Website”) and our products or services (together the henceforth known as the “Mamma Services”), and how we may manage and use that data. This Privacy Policy applies to all users of the Website and the Mamma Services including practitioners, businesses and consumers. 

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notices that we may provide on specific occasions when we are collecting or processing your personal data so that you are fully aware of how and why we are using that data.  

This Privacy Policy supplements other terms or notices on our Website and is not intended to override or replace them. 

By visiting or otherwise using our Website or the Mamma Services, you accept that you have read and understood this Privacy Policy. If, for any reason, you do not agree with the content of this Privacy Policy, please stop using this Website or the Mamma Services.

We reserve the right to revise or amend this Privacy Policy at any time to reflect changes to our business or changes in the law.  Where these changes are significant, we will endeavour to let you know. However, it is your responsibility to check this Privacy Policy before each use of the Website or the Mamma Services.

The Website or the Mamma Service are not intended for children and we do not knowingly collect personal data relating to children. 

2. What information can we collect? 

This Privacy Policy covers the collection and processing of your personal data. Where this Privacy Policy refers to ‘personal data’ it is referring to data about you from which you could be identified – such as your name, your date of birth, your contact details and even your IP address. 

The personal data we collect from you may include:

  • Identity Data: which includes your full name, date of birth.
  • Contact Data: which includes your billing address, delivery address, e-mail address and telephone number. When you message a Practitioner through the website they will receive your message and email address.
  • Financial Data: which includes bank account and payment card details. 
  • Transaction Data which includes details about payments to and from you and other details or services you have purchased from us. 
  • Technical Data: which includes your IP address, operating system, browser type, browser version, time zone setting and location. 
  • Profile Data: which includes your username and password and purchases or orders made by you. Also your website browsing history, demographic information such as age, gender, education level, any information that you have made publicly available on our noticeboards and social media networks. We will also capture your interests, preferences, feedback and survey responses. If you’re a practitioner, we will capture information about your work, photographs, biography, treatments offered and languages spoken by Practitioners, average rating obtained from our evaluation using algorithms of ratings review, feedback survey results and any other information you willingly provide. 
  • Assessment data: information on qualifications and certification of Practitioners, contact logs data, performance and ratings data.
  • Usage Data: which includes information about how you use the Website, search and/or buy our products and services, the number of bookings made and any schedule information.  
  • Marketing and Communications Data: which includes your preferences in receiving marketing from us and our third parties. 
  • Location Data: which includes your current location disclosed by GPS technology. 
  • Operational data: - including interaction with the Services and transcripts from calls, messages from "live chats" with all users of the site including Users and Practitioners.
  • Transaction data: - includes details of the Products and Services you have purchased from the website or app. Usage data-information about how you use the Services. This includes how you interact with the Services, for example, how long you engage with Mamma at a time, how often a booking is made and which parts of the Services you interact with and the features you use.
  • Work related data: - We work with businesses to deliver our Services to their employees. If you are employed by one of those businesses, to use the Services you will need to sign up with us. We will collect information from you directly when you do this p and we will also be able to associate this with information provided by your employer, such as your job title.
  • Service Notes: - we may collect information about our Service delivery for example, instructions on how to access a building, address details and email address details. You provide this information voluntarily. We pass this information on to the Practitioner and/or Client so that they can understand any specific access / similar requirements. 

3. How is your personal information collected? 

Information you give to us

When you use the Website or the Mamma Services to complete a form, contact us by email or by post, report a problem, or offer your information to us in any way, we may collect, store and use the personal data that you disclose to us. 

It is important that the personal data we hold about you is accurate and current. If you want to update the information you have previously given to us, please contact us

Automated technologies or interactions

Each time you use our Website, we will automatically collect your personal data including Technical Data and Usage Data.  We collect this data using technologies such as cookies or other similar tracking technologies.  

We use this data for several different reasons. Firstly, we use it to ensure that the Website works properly and that you are able to receive the full benefit of it. Second, we use the data to monitor online traffic and audience participation across the Website. We undertake both of these activities because we have a legitimate interest in doing so.

Please refer to our Cookie Policy for further details. 

Location Data

We also use GPS technology to determine your current location. Some of our location-enable services require for the feature to work. If you wish to use the particular feature, you will be asked to consent to your personal data being used for this purpose. You can withdraw your consent at any time by disabling location data in your settings. 

Third parties or publicly available sources

We may also receive personal data about you from various third parties, and public sources, such as: analytics providers, advertising networks and search information providers. 

4. How and why do we use/share your personal data?

Lawful basis for processing your information

We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances: 

  • Where you have asked us to do so, or consented to us doing so;
  • Where we need to do so in order to perform a contract, we have entered into with you;
  • Where it is necessary for our legitimate interests (or those of a third party) and your fundamental rights do not override those interests; and
  • Where we need to comply with a legal or regulatory obligation.

Here are some examples about how we may use the information we collect about you and the lawful basis we rely on to do so. 


Examples of the types of personal data we may collect

Lawful basis for processing

To register you as a new user of our Website or the Mamma Service. 

Identity Data and Contact Data 

Performance of contract with you.

To deliver the Website or Mamma Services to you and manage our relationship with you. 

Identity Day, Contact Data, Financial Data, Transactional Data, Technical Data, Profile Data, Usage Data and Location Data

Your consent (location data and any health data contained in surveys provided to you)

Performance of contract with you. 

To process your purchases including managing payments and collecting money owed to us.

Identity Data, Contact Data, Financial Data and Transaction Data.

Performance of a contract with you

Necessary for our legitimate interest (to recover debts due to us).

To administer and protect our business and this Website (including troubleshooting, data analysis and system testing.)

Identity Data, Contact Data and Technical Data.

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise).

Necessary to comply with a legal obligation.


To use data analytics to improve our Website and customer relationships.

Technical Data and Usage Data. 

Necessary for our legitimate interests (to keep our website updated and relevant and to develop our business).

To deliver relevant content and advertisements to you.

Identity Data, Contact Data, Technical Data, Profile Data, Usage Data and Marketing and Communications Data.

Your consent

Necessary for our legitimate interests (to develop our products/services and grow our business)


We may use your personal data to contact you about our latest news, our products or our services (we call this marketing).

You will receive marketing communications from us if you have: 

  • subscribed to receive marketing communications from us; or 
  • purchased our products or services, and you have not opted out of receiving marketing from us when providing us with your e-mail address or contact number.

To unsubscribe from marketing emails at any time, please click on the unsubscribe link at the bottom of any marketing email, or you can contact us.

We will get your express opt-in consent before we share your personal data to any third party for its own marketing purposes.

Sharing your personal data

Depending on how and why you provide us with your personal data we may share it in the following ways:

  • we may share your personal data with any member of our company group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006; 
  • with selected third parties who we sub-contract to provide various services and/or aspects of the Website’s functionality, such as where third-party plugins provide functionality such as message boards or image hosting services (see “Service Providers” below); and 
  • with analytics and search engine providers that assist us in the improvement and optimisation of this Website as described above.

We may also disclose your personal data to third parties in the following events: 

  • if we were to sell or buy any business or assets, in which case we might disclose your personal data to the prospective seller or buyer of such business or assets as part of that sale; 
  • if Mamma or substantially all of its assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; 
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or if we are asked to provide your details to a lawful authority in order to aid in the investigation of crime or disorder; and/or 
  • in order to enforce or apply our terms of use or terms and conditions, or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Service Providers

Our service providers provide us with a variety of administrative, statistical, and technical services. We will only provide service providers with the minimum amount of personal data they need to fulfil the services we request, and we stipulate that they protect this data and do not use it for any other purpose. We take these relationships seriously and oblige all of our data processors to sign contracts with us that clearly set out their commitment to respecting individual rights, and their commitments to assisting us to help you exercise your rights as a data subject.  The following is a list of the type of trusted service providers we use:

  • Booking Platform Providers
  • Website Developers
  • Analytics Providers 
  • Payment Processors
  • Online Marketing Providers
  • Client Relationship Management System Providers


When you make a booking via the Website or the Mamma Services, our practitioners may process your personal data on our behalf as one our Service Providers. However, if you seek our practitioners’ services without our involvement then you understand that they will be processing your personal data as an independent data controller and we shall have no control, nor have any responsibility or liability in respect of their use of your personal data. 

Links to third party sites 

The Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit.


We may review, scan, or analyse your communications on the website between the User and the Service provider and/or Practitioner for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research, analytics, and customer support purposes. These activities are carried out based on legitimate interest in ensuring compliance with applicable laws and our Terms, preventing fraud, promoting safety, and improving and ensuring the adequate performance of our services.

5. For how long do we keep your personal data?

We will hold your personal information on our systems only for as long as required to provide you with the services you have requested, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.  We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. 

In some circumstances you can ask us to delete your data: see ‘Your Rights’ below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

6. Security

Mamma takes the protection of your information very seriously. Where we have given you a password that enables you to access certain parts of our Website or the Mamma Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. 

 7. International Data Transfers

Whenever we do transfer your personal data outside of the United Kingdom and European Economic Area (together “UKEEA”), we ensure that a similar degree of protection is afforded to it by ensuring that in most cases at least one of the following safeguards is implemented: 

  • we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; 
  • we will only transfer data to the US, where the business we are transferring your personal data to is part of the Privacy Shield (which requires them to provide similar protection to personal data shared between Europe and the US); and 
  • where you we use certain service providers, we will use specific contracts approved by the European Commission which gives personal data the same protection it has in Europe. 

By submitting your personal data, you understand the terms on which we may transfer your personal data outside of the UKEEA. If you would like more information about transfers outside of the UKEEA, please contact us.

8. Your Rights

Right of Access

You may, at any time, request access to the personal data we hold about you (you may have heard of this right being described as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Your Right to Rectification 

You may request that we correct personal data that we hold about you which you believe is incorrect or inaccurate, though we may need to verify the accuracy of the new data you provide to us.

Your Right to Erasure

You may ask us to erase personal data if you do not believe that we need to continue retaining it (you may have heard of this right described as the “right to be forgotten”).  If for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to erase we will tell you what that reason is at the time we respond to your request. 

Your Right to Object to Processing

You may object to processing of your personal data where we rely on legitimate interest for processing that personal data. You also have the right to object where we are processing your personal data for direct marketing purposes. We will comply with your request unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal data to establish, exercise or defend a legal claim. 

Your Right to Restrict Processing

This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  • if you want us to establish the data's accuracy;
  • where our use of the data is unlawful, but you do not want us to erase it;
  • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  • you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Your Right to Portability

We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Your Right to object to automated decision making and profiling

You have the right to be informed about the existence of any automated decision making and profiling of your personal data, and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects you. 

Your right to withdraw consent at any time

You may withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Exercising your rights

When you write to us making a request to exercise your rights, we are entitled to ask you to prove that you are who you say you are. We may ask you to provide copies of relevant ID documents to help us to verify your identity.

9. Contact Details

If you have any queries regarding this Privacy Policy, if you wish to exercise any of your rights set out above or if you think that the Privacy Policy has not been followed, please contact the Data Protection Manager by emailing at or by writing to, First Floor, 44 High Street, Newport Pagnell, Bucks, United Kingdom, MK16 8AQ.

You may also lodge a complaint with our lead supervisory authority, the Information Commissioner, or your local supervisory authority about any aspect of our handling or processing of your personal data.  We would, however, appreciate the chance to address your concerns before you approach any supervisory authority, so please contact us in the first instance. 

10. Information you may collect as a User or Practitioner

If you are a Practitioner, you are responsible for ensuring that you comply with applicable data protection law in respect of any personal information that you collect about Users in the course of your provision of the Services. Mamma does not accept any responsibility for this processing of personal data.

If you are a User, you are responsible for any misuse of personal information that you may collect in the course of your receipt of the Services. Mamma does not accept any responsibility for this processing of personal data.

11. Child safety

Protecting the safety of children when they use the internet is very important to us. Our website and Services are not directed towards nor intended for children and we do not knowingly collect personal information from children. If you believe that your child may have provided us with personal information without your consent, you may inform us at