As a business, there are occasions when we collect and use your data. As such, we are subject to the General Data Protection Regulation and Data Protection Act 2018, and are responsible as ‘controller’ of that personal information for the purposes of those laws.
Our privacy notice will inform you how and why we process, store, and use your personal data, and explains your privacy rights and how the law protects you.
It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.
We currently collect and process the following information:
• Personal identifiers (first and last name)
• Contact details (telephone number, email address, billing address)
• Sensitive information (health conditions)
• Profile data (if you create a profile this will record any purchases you have made)
We use a range of methods to collect data from you. This can be through our website, at an event, at a one to one session, through social media.
The majority of the personal information we process is provided to us directly by you for one of the following reasons:
• To purchase a product or service
• To provide you with updates and newsletters on our products and services
• To create an account on our website
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting firstname.lastname@example.org
(b) We have a contractual obligation
(c) You have a legitimate interest.
We use the information that you have given us in order to:
• Provide a service to you
• To contact you from time to time with updates or information about our products or services.
• For marketing purposes
• To process any payments or recover any debt
• To notify you about any changes to our policies
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to your personal data is limited to the director of Living Beyond Mind. Your information is securely stored within our digital database. Any information which is provided in hard copy format will be stored with appropriate security requirements.
We only retain your personal data for as long as necessary to fulfil the purposes we collect it for.
When determining the appropriate retention period for personal data, we assess the nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We keep all contact details for 3 years and will then dispose your information if it is no longer required. We will dispose of your data by deleting it from our database.
We respect your privacy and are committed to protecting your personal data. Subject to the exception below, we will not knowingly share your data with third parties.
There may, however, be exceptional occasions where we need to disclose your data to others-where there is a requirement by law or where there is a threat to life.
Under data protection law, you have rights including:
• Your right of access – You have the right to ask us for copies of your personal information.
• Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
• Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
• Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
• You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
• Please contact us at email@example.com if you wish to make a request.
We may make changes to this privacy notice and if we make any changes we will inform you through our website.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office