Stress Free Zone (collectively “Merchant Store Name”, “me” and “I”, “data controller”) respect your privacy. We ensure that your privacy is protected when using our website or when placing online orders with me.
Stress Free Zone provides you with goods and services and is the data controller of the personal data that you provide when you order goods.
The Data Protection Officer for Stress Free Zone can be contacted via email at firstname.lastname@example.org.
Personal data I collect
When you book, make a purchase or attempt to make a purchase through the website, it collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. I refer to this information as Order Information.
When you visit the site, it automatically collects certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the site, it collects information about the individual web pages or products that you view, what and which websites or search terms referred you to the site, and information about how you interact with the site. I refer to this automatically-collected information as Device Information.
I collect Device Information using the following technologies:
- Cookies are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit allaboutcookies.org.
- Log files track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- Web beacons, tags, and pixels are electronic files used to record information about how you browse the Site.
I collect sensitive information during consultation regarding your health, personal struggles, and difficulties which will be used to inform treatments for Stress Management, Aromatherapy, Massage and Reflexology. I refer to this information as Health Information.
You may be contacted by email regarding special offers and updates if you have specified this on the initial consultation form.
As a Complementary and Natural Healthcare Council (CNHC) registrant, I must meet the UK wide government standards for safe and competent practice, hold professional indemnity insurance and agree to comply with the CNHC Code of Conduct, Ethics and Performance. The CNHC is the UK regulator for complementary health practitioners, set up with government support and funding in 2008 and sole purpose is to protect the public, holding a register accredited by the Professional Standards Authority (PSA).
How do I use your personal information?
I use the Order Information that is collected generally to fulfil any orders placed through the site (including processing your payment information, arrangements for shipping, and providing you with invoices and/or order confirmations). Additionally, I use this Order Information to:
- Communicate with you;
- Screen orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to products or services.
I process your information in order to fulfil contracts I might have with you (for example if you book or pay for an appointment through the site), or otherwise to pursue my legitimate business interests listed above.
I use the Device Information that I collect to help screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise the site (for example, by generating analytics about how customers browse and interact with the site, and to assess the success of marketing and advertising campaigns).
I use the Health Information you give me to provide you with the best possible treatment options and advice. The information to be held is:
- Your contact details
- Medical history and other health-related information
- Treatment details and related notes.
Sharing your Information
I will NOT share your Health Information with anyone else (other than within my own practice, or as required for legal process) without explaining why it is necessary, and getting your explicit consent.
Your Order Information and Device Information may be shared with third parties as described above. For example, it use SumUp to power our online store. I also use Google Analytics to help understand how you and other customers use the site — you can read more about how Google uses your Personal Information here: www.google.com. You can also opt-out of Google Analytics here: tools.google.com.
I may share Order Information and Device Information with other service providers under contract who help with parts of this business operations (for example to let the shop know how many appointments I have). These service providers only use your information in connection with the services they perform for me and not for their own or any additional benefit.
Finally, I may also share your Personal Information to comply with applicable laws and regulations including Track & Trace, to respond to a subpoena, search warrant and/or other lawful request for information we receive, or to otherwise protect our rights.
Transferring Information Internationally
I will not transfer your Health Information outwith the UK.
How Long I Retain Your Information for:
I will keep your information for the following periods:
- ‘claims occurring’ insurance: (records to be kept for 7 years after last treatment)
- law regarding children’s records (records to be kept until the child is 25 or if 17 when treated, then 26).
Your data will not be transferred outside the EU without your consent.
Protecting Your Personal Data
I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information I collect from you.
I will contact you using the contact preferences you give me in relation to:
- Appointment times
- Therapy information or information related to your health
- Special offers and promotions (you may unsubscribe from this at any time).
GDPR gives you the following rights:
- The right to be informed: To know how your information will be held and used (this notice).
- The right of access: To see your therapist’s records of your personal information, so you know what is held about you and can verify it.
- The right to rectification: To tell your therapist to make changes to your personal information if it is incorrect or incomplete.
- The right to erasure (also called “the right to be forgotten”): For you to request your therapist to erase any information they hold about you.
- The right to restrict processing of personal data: You have the right to request limits on how your therapist uses your personal information.
- The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
- The right to object: To be able to tell your therapist you don’t want them to use certain parts of your information, or only to use it for certain purposes.
- Rights in relation to automated decision-making and profiling.
- The right to lodge a complaint with the Information Commissioner’s Office: To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.
Full details of your rights can be found at ico.org.uk
To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your information, please contact me via this e-mail address: email@example.com. It is important that the information I hold about you is accurate and current. Please keep me informed if it changes during the period for which I hold it.
Links to other websites
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us via email at firstname.lastname@example.org