The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR). By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
As the controller, Wendy Griffith has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. We will do our best to protect your personal information but we cannot guarantee the security of your information which is transmitted to our website, applications or services or to other website, applications and services via an internet or similar connection.
Wendy Griffith may change this policy from time to time by updating this document. You should check this document from time to time to ensure that you are happy with any changes. This policy is effective from May 2018.
Wendy Griffith is the data controller and is responsible for your personal data. Contact Details : Wendy Griffith, firstname.lastname@example.org
Wendy Griffiths is fully registered with the ICO, reference ICO:00010113825 and compliant with all requirements under Data Protection Law.
It is very important that the information we hold about you is accurate and up to date. Should any of your personal information change, please let us know by emailing email@example.com.
2) WHAT DATA DO WE COLLECT ABOUT YOU, AND HOW IS THIS USED?
Personal data means any information capable of identifying an individual. It does not include anonymised data. We may process the following categories of personal data about you:
Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through email, text, What’s App, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you and for record keeping purposes.
Customer Data that includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions.
User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back-ups of our website and/or databases and to enable publication and administration of our website, other online services and business.
Technical Data that includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant content and advertisements to you and to understand the effectiveness of our advertising.
Marketing Data that includes data about your preferences in receiving marketing from us and our third parties and your communication preferences. We process this data to enable you to partake in our promotions such as competitions, prize draws and free giveaways, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising.
We use two lawful basis for processing of personal data as detailed below;
Contract basis for lawful processing is used for personal information which directly relates to purchases (i.e. contract of sale) and to the provision of treatments and therapies for our clients and our former clients.
Whilst you are a client we need to store and process certain personal data, such as your name, address, email address, telephone number and your payment details. We are required by law to hold accounting information for approx. 7 years (6 years from the end of the last financial year), but any other information that is not required to be kept by law can be erased from our systems.
When you become a client of Wendy Griffith it is necessary for us to share your personal data with some 3rd-party data processors (other companies).
Consent basis is used when you choose to opt in to receive our direct marketing such as, but not limited to, email newsletters, promotions and events. This use of personal data applies to both clients and non-clients and is usually restricted to just your name, address, email address and telephone number.
You may opt out of receiving our newsletters and marketing at any time, whether a current customer or not. If you wish to opt out from direct marketing you will be able to do so via an unsubscribe link included in each marketing email or you can contact firstname.lastname@example.org
We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you.
Wendy Griffith will collect and process your data with the possibility of making recommendations to 3rd Parties, (such as Amazon books, Ted Talks) based on your interests.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
3) PERSONAL DATA COLLECTION
We may collect data about you by you providing the data directly to us (for example by filling in forms on our site or by sending us emails). We may automatically collect certain data from you as you use our website by using cookies and similar technologies. We may receive data from third parties such as analytics providers such as Google based outside the EU, advertising networks such as Facebook based outside the EU, such as search information providers such as Google based outside the EU, providers of technical, payment and delivery services, such as data brokers or aggregators.
We may also receive data from publicly availably sources such as Companies House and LinkedIn.
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However you can still opt out of receiving marketing emails from us at any time.
Before we share your personal data with any third party for their own marketing purposes we will get your express consent.
You can ask us or third parties to stop sending you marketing messages at any by emailing us at email@example.com and including UNSUBSCRIBE in the subject line. If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.
5) DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below:
- Service providers who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers
- Government bodies that require us to report processing activities.
- Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
6) DATA SECURITY
We will take all reasonable technical and organisational security measures to safeguard your personal information whilst it is in our possession or control so that it is not, for example, lost, stolen or tampered with.
Any employee processing your personal data will be acting on our instructions, and all data will remain confidential.
All information provided to us is stored on ‘cloud based servers’ such as Google Drive and Dropbox. We trust these companies to have robust security measures in place and to be GDPR compliant.
Third Party Privacy Policies:
Google Drive / Analytics
Where necessary encrypted communications may be used for additional security, and password protections will be applied.
Anyone under the age of 16 must have the written consent of a parent or legal guardian for their information to be obtained and stored.
7) DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
8) YOUR LEGAL RIGHTS
You have a number of rights with regards to the personal information that we hold about you. Right of Access, Right to Rectification, Right to Erasure, Right to Data Portability and Right to Restricting processing.
Further information about these rights can be found at:
If you would like to exercise these rights, please email us at firstname.lastname@example.org outlining your specific request.
9) THIRD-PARTY LINKS
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Your Internet Browser has the in-built facility for storing small text files – “cookies”, which hold information which allows a website to recognise your account.
Our website using cookies to enhance your experience by helping us to provide you with a personalised service, and to help make our websites, applications and services better for you.
Cookies help provide you with a better website by enabling us to monitor the pages you find useful and which you do not.
If you choose you may be able to configure your browser or our website, application or service to restrict cookies or block all cookies, however if you disable cookies you may find this affects your ability to use certain parts of the website.