How [Restore Health & Wellbeing] comply with GDPR and Data Protection.

 

This page is mostly related to the General Data Protection Regulation (GDPR) within the EU however, [Restore Health & Wellbeing] Ltd believes it to be good practice to provide a unified experience and service to all users, worldwide. As such, [Restore Health & Wellbeing] Ltd. has carefully put together this document in an effort to make all information regarding data collection and usage as clear as possible.

 

Who are we?

We’re Restore Health & Wellbeing Limited, a company limited by guarantee (no. 6825798). The registered address is 98A High St, Potters Bar EN6 5AT and our main therapy centre is at Yoga Balance, Unit 1, Unit 1, 2 Lambert Way, London N12 9EP

 

We are affected by GDPR in three areas:

 

Area 1 which is highlighted on this page is how we conduct activities with the information with gather from people using our website.

Area 2 is how we manage the data / information we gather on our clients whilst in a working relationship and how that data is managed / stored and deleted accordingly.

Area 3 is how we manage our services as a data processor for therapists who work with us.

 

 

Why do we collect Data on our Website?

All the data we collect is used to help us to understand who is using our website and to help us improve the online experience offered.

We also can use it to help us understand if someone who has contacted us through our contact form visits the site a number of times.

It helps us to gather insights around online behaviours and see where people have come from before visiting our website.

 

Words with specific meanings

In this Policy, there are words and phrases that have a specific meaning or that we are using in a special way.  They are:

“personal data” – any information about an identifiable living human being.

“process”-  as we “process” your personal data when we do anything with it, which might include:  collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or deleting it.

“special category data” –  personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, health, genetic or biometric data.

 

What information do we process, and Why?

  1. Prospect

Most of the information we process comes from you.  We process it so we can reply to you, and when you contact us again we know what you asked before, what you were sent, and what you told us.

Typically, we are collecting name, contact details, how we came across you, and background information from you on why you might be interested in our products or services or a relevant contact for our business.

If you sign up to a newsletter list, you will be sent what you asked for.   We normally operate ‘double opt-in’ lists and you will need to reconfirm your subscription before anything is sent.   You can unsubscribe at any time by clicking the unsubscribe button on any email.

You are not automatically subscribed to any other lists, but may be invited to join an appropriate one.

If we email you individually using our own email system, or respond to an email sent to us at any of our business email addresses, a copy of that email will also be stored.

If you make an enquiry via our website, we will keep details of that enquiry and response for our data retention period.

We keep special category data.  To the extent we hold this, it was supplied or made publicly available by you.

  1. Customer/Client

Once you buy a product or service from us, we will collect information from you at the point of sale.

This will include the information we collect from Prospects (above).  We collect your email address, phone number and postal address so we can provide what we have contracted to, invoice you and keep proper records of our business relationship.

We process your data to support the delivery of the goods and services you have bought.  We keep records of the goods/services provided to you, and information you give us, so we can support you when needed and advise you of any additional services you may need.

Financial and credit card details

We do not receive or store your credit card details. Credit card payments are handled by an external secure processor in accordance with their data security policies (see below).

We receive limited information from our processor for us to tie up your payment with your invoice.

If you pay us by BACS or direct transfer, we know only what the bank tells us, which is usually the name of the person who paid us and how much and the reference number.

We do not routinely keep credit scores nor use credit reference agencies.

  1. Supplier and Associate Therapists

We collect information on potential and actual suppliers and associates.   This is mostly provided by you, but we do add to it the same kind of data we use for Prospects (see above).

If you become a supplier or associate therapist we keep a copy of the contract between us.  We also keep a record of invoices/payments for accounting purposes.

We keep a record of the work you undertook for us/our clients along with any comments, reviews or suggestions about that work including complaints (if any) and their resolution.

This information is all needed to manage our customer relationships and our supply chain.

 

Data sharing – 3rd parties

We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes.

  1. Platforms

We use software platforms we use to run our business.

We use Google Analytics to collect and store information around each users session who visits our website. This information is all anonymous and it is not possible to personally identify people or repeat visitors from Google Analytics. You can read more about their Terms and Conditions here.

https://privacy.google.com/businesses/compliance/

 

We use Cognito Forms to collect and store information around each user who fills in one of our contact forms. This saves the information they actively give us into the Cognito system.  This also allows us to use the information to personalise our services.

You can read more about their Terms and Conditions here.

https://www.cognitoforms.com/privacy

 

We use MailChimp to store information for people who wish to be in our mailing list. If you submit the mailing list form on our website you will be added to a MailChimp list. You will need to confirm that you wish to be added to the list before it is confirmed. You can read more about their privacy policy here.

https://mailchimp.com/legal/

We use Acuity Scheduling to store information for people who wish to make an appointment to use our services.  You can read more about their privacy policy here.

https://acuityscheduling.com/privacy.php

 

With all of the information we collect we do not actively share it with any other parties and it is only used internally to help us improve our service.

 

People

We have an outsourced support team for our own business which may include Virtual Assistants, Web Designers, IT support, Sales and Marketing, Accounting and more.  They have limited access to your data, where the service they provide to us means they need it.

For example, if our Virtual Assistant is producing a newsletter, they may need access to our email lists to ensure it goes to the correct people. For example, if we invoice you, our Accountant needs to process the information in the invoice.

Your information/advice is held in the strictest confidence.

 

Where is your data located?

Like most small businesses, we do not have any tailor-made software – we use mainstream packages for everything from our customer records, to email, to accounting.

This means that some of your data may be held in the EU and some may be held on servers in the USA (with suitable data privacy shields) or elsewhere.

If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

 

Retention periods

Your information will be kept for the length of time set out in our retention period – 7 years for an adult and if a child, up to the age of 21.

We need to keep customer information long enough to satisfy HMRC and our insurers.  We keep information on prospective customers long enough to make our sales enquiry system effective.

If you subscribed to a newsletter or updates list, you will remain on the list(s) you joined until you unsubscribe from that list.

 

Contact Forms

  1. When someone submits information through a contact form a number of things happen.
  2. The information submitted is stored within the WordPress website.
  3. A copy of the message is emailed to danielle@restorewellbeing.co.uk and this is then distributed to Danielle White. These emails are stored in danielle@restorewellbeing.co.uk
  4. Every day our database server is backed up to and a copy of the enquiry will live there for 30 days.
  5. All information shared through our submission form is only used for internal purposes only and is not shared with other companies except those stated above.

 

I would like a copy of my data.

If you would like a copy of the data that [Restore Health & Wellbeing] Ltd have relating to yourself please get in touch with danielle@restorewellbeing.co.uk

Please note that any request may take up to 30 days to process and we will require proof of identification prior to releasing any information.

 

I would like you to delete any data you have that relates to me.

Please get in touch with danielle@restorewellbeing.co.uk

Please note that any request may take up to 30 days to process and we will require proof of identification prior to releasing any information. If you have been a customer, we may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation and our insurer’s requirements.

Complaints

If you have a complaint about the way we are handling your information or how we have responded to a request for information or removal, you can take this up in the first instance by emailing us at the email address set out above.

If we can’t sort it out, the relevant supervisory authority for us is the Information Commissioner for the UK.  You can contact them here.

Cookies

For information about cookies and how we use them, please see our cookie policy

 

Review of this Policy

We keep this Policy under regular review. This Policy was last updated in May 2018.