This Privacy Notice sets out information in relation to the processing of data and how privacy of data is protected. The privacy and security of your personal information is extremely important to Sarah Tommany. I want to make sure you are informed and can be confident about giving me your information.
I, Sarah Tommany, am the ‘controller’ of the information which I collect about you (‘personal data’). Being the controller of your personal data, I am responsible for how your data is processed. The word ‘process’ covers most things that can be done with personal data, including collection, storage, use and destruction of that data.
This notice explains why and how I process your data, and explains the rights you have around your data, including the right to access it, and to object to the way it is processed. Please see the section on ‘Your rights as a data subject’ for more information.
The Data Protection Lead is Sarah Tommany, who you can contact at the above address.
This policy applies if you are a client, a visitor to this website, or if you email, call or write to me. In certain circumstances I may also provide an extra privacy notice, which I will always inform you about.
3. Young People
If you are under the age of 16, and would like to use any of the services I offer, I will need to use your personal data for the purpose carrying out the service. An example of personal data would be your name, or email address. Please see section 6 of this policy for more information.
If you are worried, or don’t understand any part of this policy, please talk to me and we will explain how I will use your information and what rights you have.
4. Responsibility for implementation
I, Sarah Tommany, have overall responsibility for the implementation of this policy.
As this Privacy Notice applies to anyone contacting me with an enquiry it is available on this website.
6. What is meant by personal data?
‘Personal data’ is any information that can be used to identify a living person. This data can include your name, contact details, and other information we gather as part of our relationship with you.
It can also include ‘special categories’ of data, which is information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation. The collection and use of these types of data is subject to strict controls. Similarly, information about criminal convictions and offences is also limited in the way it can be processed. Special data is rarely needed for carrying out the services I provide. In situations where special category data is needed or shared during the service, it is stored in accordance with Article 9, section d of the General Data Protection Regulations, which details the legal requirements of holding this type of information.
I am are committed to protecting your personal data, whether it is ‘special categories’ or not, and I only process data if it is needed for a specific purpose, as explained below.
7. How your personal data is collected
a. Information provided by you
Personal data is mostly collected through my contact with you, and the data is usually provided by you when you: enquire about a service; book a Bach Remedy consultation; book a Reiki treatment or you contact me for another reason.
b. Information provided by other people
In some instances, I may receive data about you from other people, e.g. a parent or carer, if you are unable to provide it yourself or you are under the age of 16.
c. Personal data created by your involvement with a service
Making an enquiry or booking a service will result in personal data being created. This could include details of the enquiry, sessions you’ve attended, and details of the service provided.
8. How your information is used
Any information I hold about you will be stored securely and treated in accordance with the relevant legislation (currently the General Data Protection Regulations (GDPR) and the Data Protection Act 2018)).
In general terms, I process your data in order to manage my relationship with you. I will use the information that you give to me:
- To send you information that you have asked for
- To understand your situation so I can offer you individually tailored services to meet your needs
- To contact you about support services which may help you
- To keep a record of your relationship with me
- To keep a record of the services you have accessed
- To ensure I know how you prefer to be contacted
At times, I may further process data which I have already collected. I will only do this if the new purpose for processing it further is compatible with the original purpose that the data was collected for. I will tell you about any further processing before carrying it out. More detailed information on how I use your personal information, including how long I keep it for can be found below.
9. Who I share your data with
I will not pass your personal contact details to other people or organisations, or discuss details of the services you receive from me, without first obtaining your consent.
However, where there appears to be a clear risk to your or someone else’s safety I have a legal duty to contact relevant authorities to address this. Where appropriate, I will inform you before I do so.
For some processing purposes I use third party software and systems, which means I need to pass on some of your data to external recipients. The type information we may share, and for what purpose, includes but is not limited to:
- Contact information: I use third parties to help deliver my services, this includes but is not limited to: a supplier of Bach Remedies when you request a bespoke tincture delivered to your address; postal service or courier when you ask for remedies delivered to your address. This data is limited to your delivery address, phone number for delivery and the remedies you have selected.
10. How I store your data
Your personal data is held only in electronic formats.
Electronic data, including emails, is stored securely on my Google Workspace for Business account.
Cookies on this website are covered by a separate policy which can be found online by clicking here.
12. Your rights as a data subject
As a data subject, you have the following rights in relation to your personal data processed by me:
- To be informed about how your data is handled;
- To gain access to your personal data;
- To have errors or inaccuracies in your data changed;
- To have your personal data erased, in limited circumstances;
- To object to the processing of your personal data for marketing purposes or when the processing is based on the public interest or other legitimate interests;
- To restrict the processing of your personal data, in limited circumstances;
- To obtain a copy of some of your data in a commonly used electronic form (sometimes known as data portability), in limited circumstances;
- Rights around how you are affected by any profiling or automated decisions.
a. Withdrawing consent
If I am relying on your consent to process your data, you have the right to withdraw your consent at any time.
b. Exercising your rights, queries and complaints
For more information on your rights, if you wish to exercise any right or for any queries you may have or if you wish to make a complaint, please contact the Data Protection Lead: Sarah Tommany at firstname.lastname@example.org.
c. Complaints to the Information Commissioner
You have a right to complain to the Information Commissioner’s Office (ICO) about the way in which I process your personal data. You can make a complaint on the ICO’s website https://ico.org.uk/.