Last updated: 9 July 2026
Riverstone & Willow respects your privacy. This Privacy Policy explains how we handle personal data when you visit our website, contact us, request a discovery call, create an account, make a payment, or receive our one-to-one online services.
It is written for website visitors, prospective clients, and clients. Our aim is always the same: to use personal data carefully, only where needed, and in a way that is clear to you.
This website and service are provided under the name Riverstone & Willow. We are the controller responsible for the personal data described in this policy.
For privacy questions, to exercise your rights, or to raise a concern about how personal data is handled, you can contact us at [email protected].
This policy applies to personal data we process about:
Our services are for adults only. We do not knowingly offer services to children.
The personal data we collect depends on how you interact with us.
When you visit the website, we may process technical information such as your IP address, approximate location, browser and device information, pages visited, cookie choices, and security logs.
When you contact us or request a discovery call, we may collect your name, email address, country or region, scheduling preferences, and anything you choose to include in your message.
When you create an account or become a client, we may process account details, booking records, session dates and times, cancellation or rescheduling records, plan information, service messages, and client-document records.
When you make a payment, we may process billing details, payment status, invoice records, refund records, and information required for accounting, tax, or legal purposes. Card details are handled by our payment provider. We do not store your full card number.
Riverstone & Willow provides one-to-one personal-development and reflective guidance. It is not medical treatment, psychotherapy, diagnosis, or crisis support.
Because the service involves personal reflection, you may choose to share information about your personal life, relationships, wellbeing, emotions, work, family, or life circumstances. We use this information only to provide the service, manage the client relationship, protect legal rights, comply with law, or respond to serious safety concerns where legally required or permitted.
You are not required to share any health information to use the service. If you do choose to share details that relate to your health, we treat that as special-category data and process it only on the basis of your explicit consent, which you give by choosing to share it. You can decline to share such details, and you can ask us to delete them.
Please do not send medical records, emergency information, or highly sensitive details through website forms.
We only use personal data where we have a lawful basis. The main ways we use personal data, and the basis for each, are set out below.
Where we rely on your consent, you can withdraw it at any time; this does not affect processing that already took place. Where we rely on legitimate interests, you can object, and we will stop unless we have compelling grounds to continue.
We use essential technologies needed for the website, account access, security, and remembering your privacy choices.
With your consent, we use analytics to understand how people use the website and to improve it. Analytics is optional and can be changed through Cookie Settings.
For more detail, please see our Cookie Policy.
We share personal data only where needed for the purposes described in this policy. We work with a small number of trusted providers who process personal data on our behalf. The main categories, and where they are located, are:
We may also share personal data with professional advisers, such as accountants, tax advisers, or lawyers, where needed, and with authorities or other parties where required by law, regulation, court order, or another lawful request.
We do not sell personal data.
Some of our providers are based in the United States, so personal data may be processed there. Where that happens, we rely on the EU-US Data Privacy Framework, where the provider is certified under it, or on Standard Contractual Clauses. You can ask us for a copy of the safeguards that apply by contacting us at [email protected].
Our analytics and error-monitoring data is primarily processed within the European Union. Because these providers may have a parent company in the United States, any residual access from there is covered by Standard Contractual Clauses.
We keep personal data only for as long as needed for the purpose it was collected, unless a longer period is required by law.
When personal data is no longer needed, we delete, anonymise, or minimise it where we can.
You have the right to:
These rights are not absolute. For example, we may need to keep certain records for tax, accounting, legal, or dispute-resolution reasons.
To make a request, contact [email protected].
You also have the right to lodge a complaint with a data-protection supervisory authority.
We do not carry out automated decision-making that produces legal effects concerning you or similarly significantly affects you.
We only send marketing emails where we have a valid basis to do so. You can unsubscribe or object to marketing at any time.
Service emails, such as booking confirmations, account messages, payment information, legal notices, or important service updates, are not marketing.
We use appropriate technical and organisational measures to protect personal data against accidental loss, misuse, unauthorised access, disclosure, alteration, and destruction.
No online service can be guaranteed completely secure, but we limit access to personal data and work to keep it protected.
Our website may link to third-party websites or services. We are not responsible for their privacy practices. Please read their privacy policies before providing personal data to them.
If you have a concern about how we handle personal data, please contact us first at [email protected].
You also have the right to lodge a complaint with a data-protection supervisory authority.
We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page.
If we make material changes to how we use personal data, we will take reasonable steps to bring those changes to your attention where required.