PRIVACY POLICY

As a professional complementary therapist, the trust and confidence of my clients and visitors to my website is of paramount importance. The following privacy policy is designed to make it clear, how and why your personal data is collected, handled and stored in order to meet current data protection standards and comply with the law.

YOUR PEACE OF MIND

As a Complementary Therapist, I am required to note personal information about clients.  This information is kept secure, and no personal data is shared with 3rd party organisations. The only exception to data sharing is where there is a safeguarding concern relating to a child or vulnerable adult perceived to be at the risk of harm, in which case data may be shared with the necessary safeguarding agencies.  I do not sell, rent or trade any personal information (including your email) with any other another person or business for marketing purposes. However, as is the case with all businesses, it’s important for me to be able to communicate with my clients. The following policy aims to provide a brief outline of how, when and why I may collect and store personal information, what it’s used for, and the limited conditions under which I may disclose this information to other parties.

OVERVIEW

Blissful Moments Holistic Therapies needs to gather and use certain information about individuals. These can include clients, suppliers, business contacts, employees and any other people that Blissful Moments Holistic Therapies has a relationship with, or may need to contact. My data protection policy is designed to:

  • Comply with current data protection law and follow good practice
  • Be completely open about how I store and processes an individual’s data
  • Put in place measures to protect against the risk of data breach
  • Protect the rights of any staff, clients, or partners

CURRENT DATA PROTECTION LAW

This Privacy Policy adheres to the EU/UK General Data Protection Regulation (GDPR). Blissful Moments Holistic Therapies is registered with The Information Commissioner’s Office. More information can be found on the ICO website. The regulations apply to all personal information stored both electronically and on paper. The rights and principles of GDPR are outlined below.

The Individuals Rights:

  • The right to be informed
  • The right of access
  • The right of rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • The right not to be subject to automated decision making, including profiling. 

The Organisations Principles:

  • Data is collected, used, and stored:
  • In a fair and transparent manner
  • Is collected for specific reasons, and only used for those specified reasons
  • Is adequate, relevant, and limited to what is necessary
  • Is accurate, and kept up-to-date
  • Kept in an identifiable form for no longer than necessary
  • Held securely to prevent inappropriate access, loss, or disclosure

POLICY SCOPE

This policy applies to Blissful Moments Holistic Therapies, clients, contractors, suppliers, and other people Blissful Moments Holistic Therapies has a relationship with. It applies to all data that the business holds relating to identifiable individuals, even if that information technically falls outside of the GDPR. This can include:

  • Names of individuals
  • Postal addresses
  • Email addresses
  • Telephone numbers
  • Plus any other information relating to individuals

RESPONSIBILITIES

Lynda Bliss of Blissful Moments Holistic Therapies is ultimately responsible for ensuring that Blissful Moments Holistic Therapies meets its legal obligations.

LYNDA IS REPONSIBLE FOR

  • Reviewing all data protection procedures and related policies, in line with the GDPR.
  • Handling data protection questions from clients and anyone else covered by this policy.
  • Dealing with requests from individuals to see the data that Blissful Moments Holistic Therapies holds about them.
  • Ensuring all systems services and equipment used for storing data meet acceptable security standards.
  • Performing regular checks or scans to ensure security hardware and software is functioning properly.
  • Evaluating any third-party services the company uses/plans to use to store data.

WHAT DATA DO I COLLECT?

WEBSITE COOKIES

Like most websites, Blissful Moments Holistic Therapies uses cookies to collect information. Cookies are small data files which are placed on your computer or other devices (such as smart phones or tablets) as you browse this website. They are used to ‘remember’ when your computer or device accesses Blissful Moments Holistic Therapies’ website. They are also used to tailor the products and services offered and advertised to you, both on my website and elsewhere.

Some cookies collect information about browsing and purchasing behaviour when you access this website via the same computer or device. This includes information about pages viewed, products purchased and your journey around a website. I do not use cookies to collect or record information on your name, address or other contact details. I may collect information about your computer, including where available, your IP address, operating system and browser type, this is for system administration and to report aggregate information to my advertisers. This is statistical data about Blissful Moments Holistic Therapies’ users browsing actions and patterns, and does not identify any individual. Cookies help me to improve my site and to deliver a better and more personalised service.

They enable me to:

Estimate my audience size and usage pattern.

Store information about your preferences, thereby allowing me to customise my site according to your individual interests.

Speed up your searches.

Recognise you when you return to my site.

You can refuse to accept cookies by activating the setting on your browser. However, selecting this setting may mean that you are unable to access certain parts of my site. Unless you’ve adjusted your browser setting so that it refuses cookies, my system will issue cookies when you log on to Blissful Moments Holistic Therapies’ website.

GOOGLE ANALYTICS

When someone visits Blissful Moments Holistic Therapies’ website, a third-party service, Google Analytics (GA), collects standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of my site. Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to me. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google does not share this information with me. I do not make any attempt to find out the identities of any individual visiting my website.

You can read more about Google Analytics’ privacy policy and processes here:

CONTACT FORMS, BOOKING SYSTEM AND SHOP

The information you provide on the contact form, booking system and shop goes directly to my email account. Absolutely none of this information is shared…EVER.

I use a third-party provider, G Suite, as my email software.

For more information regarding G Suite’s privacy policy click here:

THIS WEBSITE’S SERVER

This website is hosted by WordPress.

CLIENT CONSULTATION FORMS AND RECORDS

As a Complementary Therapist, I take an holistic approach to my treatments.  To this end, I complete with the client on their first appointment a consultation form.  This form and subsequent records will contain details such as medical prescriptions and personal information about your health (both physical and mental) which falls into the “special category data” section of current GDPR law.

Special category data is any data that includes information about race, ethnic origin, politics, religion, genetics, biometrics, health, sex life or sexual orientation. These records are private and seen only by myself and the patient for the purposes of treatment. In some circumstances (such as in the case of persons who have notifiable communicable diseases or a condition that must be recorded or shared in the interests of public health laws) these records must be shared with a third party who in most instances will be the client’s GP or specialist health care practitioner. If that is the case then the client will be expressly informed. I am duty bound by law to keep such records which must remain on file for a minimum period of 10 years.

At the time of making an initial appointment you will be asked to provide your consent for my keeping these records. Unfortunately, for insurance purposes and in order to fulfil my duty as a registered practitioner, I am unable to provide treatments to anyone who does not wish to give their consent to the keeping of such records.

Records can be viewed by the client at any time and are stored in the form of a hard copy (paper file) which is kept under lock and key. If you are a current client who wishes to view or amend your records, you may do so by email to lynda@blissfulmomentsholistics.co.uk or in writing. I shall endeavour to provide you with access to your files within a time frame of 21 days.

Further information about the right to erasure can be found here: 

ACCESSING, AMENDING, OR DELETING YOUR PERSONAL INFORMATION

You are entitled to view, amend, or delete any personal information that Blissful Moments Holistic Therapies holds about you. To request this, please send an email to lynda@blissfulmomentsholistics.co.uk.  Evidence of your identity will be required.

I may withhold such personal information to the extent permitted by law. You may instruct me not to process your personal information for marketing purposes by sending an email to me. In practice, you will usually either expressly agree in advance to my use of your personal information for marketing purposes, or I will provide you with an opportunity to opt-out of these marketing communications.

MY PRINCIPLES

Security of your personal information

Blissful Moments Holistic Therapies will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. I will store all the personal information you provide on secure (password- and firewall- protected) servers. All electronic transactions you make to, or receive from me, will be encrypted using SSL technology.

Any data stored about you is currently stored in an identifiable fashion; a limitation of the content management system that this website is built on (WordPress). In the near future, I aim to change the storage of this data to a pseudonymous fashion meaning that the data would require additional processing using a separately stored ‘key’ before it could be used to identify an individual.

Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. I am committed to keeping it as a high priority and will implement it on this website as soon as I am able to.

Of course, data transmission over the internet is inherently insecure, and I cannot guarantee the security of data sent over the internet.

DISCLOSURE

I may disclose information about you to any employee, relevant medical health care professional, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy policy.

In addition, I may disclose your personal information:

To the extent that I am required to do so by law

In connection with any legal proceedings or prospective legal proceedings

In order to establish, exercise or defend my legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)

To the purchaser (or prospective purchaser) of any business or asset that I am (or may in the future) contemplate selling

To any person who I reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in my reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information

Except as provided in this privacy policy, I will not provide your information to any other third parties.

DATA BREACHES

I will report any unlawful data breach of this website’s database or the database(s) of any of my third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

MY PROMISE TO YOU

Blissful Moments Holistic Therapies stands by the principles outlined in the GDPR, and as such, ensures that any information held by the organisation is collected, used, and stored securely, and for specific reasons. No information I hold about you is shared, sold, or rented and is accessible by you upon request. If you would like access to your information, please contact me via email at lynda@blissfulmomentsholistics.co.uk.

POLICY DOCUMENTATION UPDATES

This document was updated on the 18th May 2018. I’ve done my very best to explain clearly and in plain English what I do, what information I collect and why, so that you can feel completely comfortable that any information held or stored is being used exactly in the way you would expect in order to maintain your privacy. If there’s anything here that isn’t clear, or you discover any errors in this document, please reach out to me and I’ll fix it immediately.

This policy will next be reviewed on 18th May 2020 unless circumstances (or the law) changes in the interim time period. Please note that you will not be explicitly informed of any changes, but they will be made freely available on my website, so please check the page from time to time so you can be confident you’re completely happy and satisfied with my processes.