This privacy notice provides you with details of how I collect and process your personal information through your use of my website www.holistichc.co.uk and any services I provide to you in person or via remote conferencing.
Please be aware that I aim to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please ask for your parent/guardian's permission beforehand whenever you provide me with personal information.
If you are not happy with any aspect of how I collect and use your data, in the first instance, please contact me directly so that I can try to resolve any problem or query. You also have the right to contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, if you have any questions about data protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.
1. What personal information do I collect about you?
The personal information I collect when you use my website may include your name, email address, telephone number, details about payments between us and other details of purchases made by you, IP address (i.e. Internet Protocol address which is a numerical label assigned to your device which is connected to a computer network), how you use my website and your preferences in receiving marketing communications from me.
If you purchase a service or product from me, the personal data I may collect about you may include details about payments between us and other details of purchases made by you.
If I provide holistic therapy services (treatments) to you in person or via remote conferencing, I will ask you to complete and sign my consultation form on which I may collect your name, email address, telephone number, the town/village where you live and details of medical conditions which I need to be aware of before carrying out any treatments. On this form I will record notes relevant to the treatment(s) you have.
If you choose to get in touch with me via my website’s contact form (or directly via email), I will collect your name, email address and telephone number. Any personal (including sensitive) information you provide is at your own discretion and I will treat this with respect and confidentially. I receive contact forms directly to my inbox via my website host and then undertake to delete your form from my website host within a week. If this communication then leads to you attending an appointment with me, whether in person or via remote conferencing, I will ask for your consent to retain the personal information you have sent me and ask you to read my privacy notice and complete and sign my consultation form.
Where I am required to collect personal data as detailed above to enable me to provide the service or product I have offered or you have requested, and you do not agree for me retaining this information about you, then I may not be able to provide you with those products or services.
I will only use your personal data for the purpose for which it was collected or a reasonably compatible purpose if necessary.
2. How do I collect information from you?
I collect information about you in a number of ways including when you:
get in touch with me via the contact form on my website, through email correspondence or by telephone
attend holistic therapy appointments in person or via a remote conferencing facility (i.e. Zoom)
purchase a product or products from me
sign up for my newsletter
provide feedback or a testimonial
enter a competition, prize draw, promotion or survey
Third parties or publicly available sources:
I may receive personal data about you from various third parties and public sources such as:
technical data from my website host, Wix (based outside the EEA)
analytical data from Google, Facebook and Instagram (all based outside the EEA)
contact and transaction data from my payment service provider, PayPal (based outside the EEA) - please be assured that your card information is not held by me and that my payment service provider specialises in the secure online capture and processing of credit/debit card transactions on my behalf.
The third parties mentioned above abide by their own privacy policies which I encourage you to refer to if you are in any doubt about the data they may share with me. Also, please refer to paragraph 5 below for more information about those third parties which are not based within the EEA (European Economic Area).
3. How do I use your personal information?
I may use your information to:
carry out my obligations of providing a service or product
purchase products that you have asked me to order for you
seek your views or comments on the services I provide
notify you of changes to my services
fulfil my own legal obligations for financial and tax purposes
improve my services, website, marketing, customer relationships and experiences
Using the marketing automation system, MailChimp, I email regular newsletters to those who have signed up to my mailing list. These newsletters include updates about my services, guidance and what’s happening at the Holistic Health Centre. If you no longer wish to receive newsletters from me you have the right to unsubscribe at any time and can do so by clicking the 'unsubscribe' link at the bottom of any of my emails or emailing me at firstname.lastname@example.org.
4. Do I share your personal information with any third party?
I do not sell, rent, or lease your personal data to third parties. However, I may have to share your personal data with the parties set out below for the purposes set out in paragraph 3 above:
service providers who provide IT and system administration services
professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services
HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances
third parties to whom I sell, transfer, or merge parts of my business or my assets
I require all third parties to whom I transfer your data to respect the security of your personal data and to treat it in accordance with the law. I only allow such third parties to process your personal data for specified purposes and in accordance with my instructions.
5. What measures do I put in place if your data is transferred outside of the EEA?
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Some of my third party service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever I transfer your personal data outside of the EEA, I do my best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
I will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
where I use providers which are based in the United States, I may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the European Union and the US; or
where I use certain service providers, I may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe
If none of the above safeguards is available, I may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
6. Have I put data security measures in place?
Yes, I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (e.g. password/passcode protection, anti-virus and backup software on my computer and telephone, paper documentation kept in a locked filing cabinet, etc.). In addition, I limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on my instructions and they are subject to a duty of confidentiality.
I have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where I am legally required to do so.
7. How long do I retain your data?
I will only retain your personal data for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, I consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which I process your personal data and whether I can achieve those purposes through other means, and the applicable legal requirements.
For my insurance and tax purposes, I have to keep basic information about my clients/customers for at least six years after they cease being clients/customers.
In some circumstances, you can ask for your data to be deleted (please see paragraph 8 below for further information).
In some circumstances, I may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case I may use this information indefinitely without further notice to you.
8. What are your legal rights?
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
request access to your personal data
request correction of your personal data
request erasure of your personal data
object to processing of your personal data
request restriction of processing your personal data
request transfer of your personal data
right to withdraw consent
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, I may refuse to comply with your request in these circumstances.
I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request to speed up my response.
I try to respond to all legitimate requests within one month. Occasionally it may take me longer than a month if your request is particularly complex or you have made a number of requests. In this case, I will notify you and keep you updated.
9. Does my website include any third party links?
This website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. I do not control these third party websites and am not responsible for their privacy statements. When you leave my website, please take a moment to read the privacy notice of every website you visit.
11. How often do I review this policy?
I keep this policy notice under regular review and it is accessible at the foot of any newsletter you receive from me or in person if you attend an appointment with me.
This policy notice was last updated on 7th February 2019.