PRIVACY & CONSENT NOTICE YOUR PERSONAL INFORMATION
GENERAL DATA PROTECTION REGULATION (GDPR) GDPR brought in new legal protection for personal information from May 2018. This notice tells you what personal information I hold and why and what your rights are.
Therapist’s Name: Lila Davis
Therapist and Data Controller Contact Details:
Lila Davis CRM5 MAR
email address; email@example.com
What information I hold and what I may do with it
My business is to provide Clinical Reflexology and Aroma Reflexology treatments. In order to safely provide complimentary therapies, I need to ask for and retain information including potentially sensitive personal information about your health. I will only use this for the purposes of planning and delivering reflexology treatments and any post treatment advice. The information to be held is:
• Your contact details
• Medical history and other health-related information (which I will take from you during consultation)
• Details of any treatment provided and related notes (which I will take after each consultation)
I will NOT share any of your information with anyone else (unless required for legal process*) except where the information has been anonymised so that you cannot be personally identified or linked to the information (eg. for the purpose of sharing (anonymised) case studies with other reflexology professionals).
Access to your personal information
To obtain a copy of any of your data that is held by my business, please email a request to firstname.lastname@example.org
I will acknowledge your request within 7 working days of receiving your email and will advise you when I expect to provide you with the information. I reserve the right to request a fee to cover the cost of providing you with the requested data and will advise you of any such fee in my acknowledgement.
Deleting your Personal Information
You can make a request for me to delete all the data I hold about you, including your personal information, by contacting email@example.com. Please note that if you do this, I will not be able to continue treating you and I will not be able to refer to any of your information in the future for any reason.
Verification of your information
When I receive any request to access, edit or delete personal identifiable information I shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
My website allows you to post information that may be read, copied, downloaded, or used by other people. eg. posting a ‘Like’ or sharing a link or comment on social media.
If you choose to post this type of information connected to my business or website, you must satisfy yourself that you are happy for it to enter the public domain.
Once your information enters the public domain, I have no control over what any third party may do with it and I cannot accept responsibility for their actions at any time.
I reserve the right to use information you have shared in this way, in marketing my business at any time.
Provided your request is reasonable and there is no legal basis for me to retain it, then at my discretion I may agree to your request to delete personal information that you have posted. You can make a request by contacting firstname.lastname@example.org
*Your Data and Legal Process
I will comply with Legal Process; in other words where I am required to provide information to legal authorities providing they have the proper authorisation such as a search warrant or court order I will comply with their enquiries. This may include your personal information.
Complaints about my website
If you make a complaint about any of the content on my website, I shall investigate your complaint.
If I believe the law requires me to do so or for other reasons I may remove the content while I investigate.
If I feel your complaint is justified, I will respond to you after removing the content.
If I believe your complaint is without any basis, I may choose not to correspond with you about it.
Information about your payments
Card payments will be processed via iZettle. Your card information is not available to me and no payment details are kept on my website or servers. All payment data is fully secure and safe and processed through iZettle. You can find out more here; https://www.izettle.com/gb/card-readers/secure-payments?_ga=2.127797325.1360004600.1532424400-442069663.1531923097
Data from enquiries
If you choose to contact me by telephone, email or via my website I may record the data you have given to me in order to reply to your enquiry.
I may keep personally identifiable information that you provided with your message, such as your name, telephone number or email address and I may use this for future marketing unless you specifically request that I do not retain your data from this contact.
Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.
Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.
to track how you use my website
to record whether you have seen specific messages I display on my website
to keep you signed in my site
to record your answers to surveys and questionnaires on my site while you complete them
Requests by your web browser to my servers for web pages and other content
Via my web host, information such as your geographical location, your Internet service provider and your IP address are recorded together with information about the software you are using to browse my website, such as the type of computer or device and the screen resolution.
This information may be used in aggregate to assess the popularity of the webpages on my website and how I perform in providing content to you.
The data could possibly be used to identify you personally, even if you are not signed in to my website.
Re-marketing is the practice of placing a cookie on your computer when you browse my website in order to be able to advertise my products or services when you visit some other website.
Information obtained from third parties
I do not disclose your personal information to any third party (except as set out in this notice), however I may sometimes receive data that is indirectly made up from your personal information from third parties whose services I use.
No such information is personally identifiable to you.
Third party advertising on my website
Third parties may advertise on my website. Those parties, their agents or other companies working for them may use technology that automatically collects information about you when their advertisement is displayed on my website.
Just so you know, I have no idea what this means, and I do not have control over these technologies or the data that these parties obtain. Accordingly, this privacy notice does not cover the information practices of these third parties.
To assist in combating fraud, I may share information about clients or customers who instruct their credit card issuer to cancel payment for treatment or products I have sold without having first provided an acceptable reason to me and given me the opportunity to refund their money.
Use of site by children
I do not sell products or provide services for purchase by children, nor do I market to children.
If you are under 18, you may use my website only with consent from a parent or guardian
Encryption of data sent between us
My web host uses Secure Sockets Layer (SSL) certificates to verify my identity to your browser and to encrypt any data you give me.
Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.
How you can complain
If a complaint or dispute is not settled between us and you wish to take the matter further you can attempt to resolve it by engaging in good faith in a process of mediation or arbitration.
If you are in any way dissatisfied about how I process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office. This can be done at https://ico.org.uk/concerns/
Retention period for personal data
Except as otherwise mentioned in this privacy notice, I will keep your personal information only for as long as reasonably required:
to provide you with the services you have requested;
to comply with other law, including for the period demanded by our tax authorities;
to support a claim or defence in court.
Compliance with the law
It is your choice as to whether you wish to use our website.
I may, from time to time update this privacy notice. The terms that apply to you are those posted here on the day you use my website. If you have any concerns I advise you to print a copy for your records.