I understand that your privacy is important to you and that you care about how your personal data is used. I respect and value the privacy of everyone who visits my website, (www.mindfuleating.org.uk) contacts me via email, telephone or social media, or who attends my workshops or one-to-one sessions.
I am committed to protecting your privacy and this policy outlines how I do this, including what I do with your data and your rights as an individual under the General Data Protection Regulation (GDPR).
‘Personal Data’: any and all data that relates to a person who can be directly or indirectly identified from that data.
1. What This Policy Covers
I may collect information about you whenever you interact with me, for example when you:-
- Contact me with queries about my services by email or phone
- Contact me via social media, for example, by Facebook Messenger or my Facebook business page (Emma Randall: Mindful Eating)
- Visit me or contact me via my website: my website may contain links to other websites. Please note that I have no control over how your data is collected, stored or used by other websites and I advise you to check the privacy policies of any such websites before providing any data to them.
- Attend my events (talks and workshops)
- Attend one-to-one sessions with me at either your premises or mine.
2. Your Rights
As a data subject, you have the following rights under the GDPR, which this policy and my use of personal data have been designed to uphold:-
- The right to be informed about my collection and use of personal data
- The right of access to the personal data I hold about you
- The right of rectification if any personal data I hold about you is inaccurate or incomplete
- The right to be forgotten, ie the right to ask me to delete any personal data I hold about you
- The right to restrict (ie prevent) the processing of your personal data
- The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation)
- The right to object to me using your personal data for particular purposes
- Rights with respect to automated decision making and profiling (I do not use any system which makes automated decision making or profiling in respect of your data).
For further information about your rights, please contact the ICO or your local Citizens Advice Bureau.
3. What Data I Collect And How I Collect It
- Email address
- Home address (note: only applies if I need your address in order to attend your home or premises to carry out a one-to-one session, give a talk or run a workshop)
- Telephone number (landline and/or mobile number)
- Marital status
- Any other personal information limited to that which is required in order to help me conduct my services such as health information (may include physical and/or psychological status)
- Form: clients fill in and sign a form at the initial session only giving their name, date, email address and telephone number
- Client notes: I gather handwritten personal information including health information
Talks and workshops:-
- At the end of the event clients are invited to fill out a form giving their name and email address if they wish to be added to my monthly Events email list
- An enquirer can contact me via my Contact Form where they are required to enter their name, email address and a message
- IP address
- Web browser type and version
- Operating system
- A list of URLs starting with a referring site, your activity on my site, and the site you exit to.
4. How I Use Your Data
You have the right to be informed about my use of your personal data. My use of your personal data will always have a lawful basis, either because it is necessary for the performance of a service to you, or because you have consented to your personal data being used (for example, to subscribe to my emails).
Only with your consent will I use your personal data for marketing purposes which may include contacting you by email with information, news and offers about my services. I will only use your personal data if you have opted-in to receive my emails. If you later change your mind, I make it easy for you to opt-out, either by unsubscribing to my email list or contacting me.
I will not send you any unsolicited marketing emails and will take all reasonable steps to ensure that I fully protect your rights and comply with my obligations under the GDPR.
Specifically, I may use your data for the following purposes:-
- Providing a one-to-one service:-
- Prospective clients: emailing, texting or phoning you for the purposes of providing you with information about my services if you contact me requesting information
- Current clients: emailing, texting or phoning you with regard to arranging appointments with you and any other necessary processes involved in that service such as text support between sessions
- Current clients: gathering information about you during consultations in the form of client notes
- Running talks or workshops:-
- Sending you information via email about upcoming events if you have consented to it by providing your name and email address following first attendance at an event, or you have consented on my website to being added to my email list.
- Analysing your use of my website (and gathering feedback) to enable me to continually improve my website and your user experience
5. How And Where I Store Your Data And Data Security
To protect your personal data I take suitable measures to process and securely store all personal data collected. I comply with my obligations and safeguard your rights under the GDPR at all times.
I take steps to collect, secure and protect your data for example:-
- One-to-one sessions:-
- Consent form completed by client at initial consultation kept in a securely locked cabinet with client’s notes at my premises
- Handwritten carbon copy (and copy to the client) OR a typed copy (Word document) of an action plan created following a session stored securely in a locked cabinet with the client’s notes, with a copy emailed to the client (sent as a password protected document)
- Current or prospective clients: handwritten records of any notes I make during any phone or consultation relating to past or future sessions stored in a securely locked cabinet (if applicable, with client’s existing notes)
- Talks and workshops attendees:-
- Single page consent form (paper record) with workshop attendee’s name and email address kept in a securely locked cabinet
- Website: secured with Firewall and an SSL encryption. Website back ups are also securely stored in a GDPR compliant way
- Desktop computer (sole user and access prohibited by password known only to me) used for business purposes: any sensitive personal data emailed to a client is sent in an attached Word document that is password protected
- Password protected and encrypted mobile phone used for business purposes
- Paper records I hold containing personal data disposed of after a specified period are shredded.
Data Breaches: In the event of a security breach (an incident where there is likely to be significant impact on the personal data of the person (s) affected, ie more than a lapse in security having minimal impact, I will inform those people immediately and notify the ICO within 24 hours. I will review my security measures following the incident.
6. How Long I Keep Your Data For
I do not keep your personal data for any longer than is necessary. Data is retained for the following periods (or its retention will be determined on the following bases):-
- If I obtain your name and contact details through a general enquiry (via website contact form, email, social media messaging, telephone communication or public event) but you do not use any of my services, I will only keep your name and contact details for one year (unless you specifically request that I delete your details sooner- if so, please contact me using the details in section 13)
- If I obtain your name and contact details for the purposes of subscribing to my Mailchimp monthly Events email, having given me explicit consent to add you to my email list, I will keep your contact details (name and email address) for as long as you continue to subscribe to my monthly Events email and following that time for one year (unless you specifically request that I delete your details sooner- if so, please contact me using the details in section 13)
- If you attend one-to-one sessions with me, in accordance with Balens Limited, where I hold Professional Liability Insurance, I am required to keep a client’s records for at least 7 years following the last occasion on which the treatment was given, after which your personal data will be safely destroyed. If you would like me to delete it sooner, please contact me using the details in section 13.
7. Sharing Your Data
In certain circumstances I may be legally required to share certain data held by myself, which may include your personal data, for example, where I am involved in legal proceedings where I am complying with legal obligations, a court order, or a government authority
I may compile statistics about the use of my website including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying data.
8. How You Can Control Your Data
- You have the right to withdraw your consent to me using your personal data for any purpose including sending you marketing communications at any time. I make it easy for individuals to withdraw their consent. I also provide an unsubscribe option with marketing emails. You have the right to request that I delete your personal data.
- When you submit personal data via my website, you may be given options to restrict my use of your data. In particular, I aim to give you controls on my use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from me which you may do by unsubscribing using the links provided in my emails).
- It is important that the personal information I hold about you is accurate and current. You may request that I correct or update any information about yourself that is incorrect or out of date. Please keep me informed if your personal information changes.
- You have the right to obtain a copy of your personal data to re-use with another service or organisation (data portability).
- If you have any cause for complaint about my use of your personal data, please contact me using the details provided in section 13 and I will do my best to solve the problem with you. If I am unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office (ICO) www.ico.org.uk.
9. Your Right To Withhold Information
You are under no obligation to provide me with any particular type of personal data.
10.How You Can Access Your Data
You have the right to request from me at any time a copy of your personal data that I hold. Please contact me in writing or via email using the contact details in section 13. I will need to verify your identity so I may ask you to please provide me with identification.
My Site may place and access certain cookies on your computer or device.
Cookies are used by nearly all websites and do not harm your system.
Cookie Control Settings
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB
- Microsoft Internet Explorer: https://support.microsoft.com/en-us/kb/278835
- Microsoft Edge: https://support.microsoft.com/en-gb/products/microsoft-edge (Please note that there are no specific instructions at this time, but Microsoft support will be able to assist)
- Safari (macOS): https://support.apple.com/kb/PH21411?viewlocale=en_GB&locale=en_GB
- Safari (iOS): https://support.apple.com/en-gb/HT201265
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-Cookies-website-preferences
- Android: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DAndroid&hl=en (Please refer to your device’s documentation for manufacturers’ own browsers)
13. Contacting Me
Emma Randall (Data Controller; registered with the ICO)
Mindful Eating (Trading name)
By telephone: 07961 423120
By email: firstname.lastname@example.org
By post: 32 Northfield, Lightwater, Surrey GU18 5YR