Last updated: November 2022
We are dedicated to safeguarding and preserving your privacy when visiting our Website or communicating electronically with us.
This Privacy Notice (“Notice”) provides an explanation about what happens to any Personal Data (“Data”) that you provide to us, or that we collect from you.
By continuing to use our Website, participating in health and nutrition consultations, 1-2-1 programmes, wellness courses and group programmes, corporate wellness coaching, yoga classes or any other services offered by us (“Services”), and/or by dealing with us in any manner you agree to our terms and conditions (insert link) (“Terms and Conditions”) and this Privacy Notice for the collection and processing of your Personal Data.
This Privacy Notice sets out our use of any and all data collected by us in relation to your use of our website, https://illuminatedhealth.com (“Website”). The Website is operated by Illuminated Health Ltd. represented by Varsha Khatri, a qualified nutritionist (“Illuminated Health”, “we”, “us”, “our(s)”, “ourselves”).
For the purposes of processing your Personal Data, we are the Data Controller (as defined under Article 4 of the EU General Data Protection Regulation 2016/679 (“GDPR”) and the UK GDPR, i.e., Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing the Personal Data. Personal Data (“Data”) shall have the meaning given to it under Article 4 of the GDPR 2016/679 and UK GDPR, and which is more particularly defined in this Privacy Notice below.
This Privacy Notice should be read in conjunction with our disclaimers and Terms and Conditions. We may amend or update this Notice from time to time and will publish revised versions on this Website. We reserve the right to alter and make changes to this Notice at our sole discretion, and we therefore request all users to regularly refer to our Privacy Notice for updates and variations.
This notice covers the following:
- Who is the person responsible for the management of your Personal Data?
- What Personal Data do we need/receive?
- What are the sources of collection of Personal Data?
- Your record
- Request to share your Personal Data with Caregivers or Relatives and Emergency Contact
- How do we use your Personal Data?
- Children’s Privacy
- What are the Lawful Bases for processing your Personal Data?
- Who may use your Personal Data?
- Social Media
- How do we store and transfer your Personal Data?
- For how long do we store your Personal Data?
- Change in Terms of Privacy
- Third party links
- Your rights
- Contact us
Who is the person responsible for the management of your Personal Data?
As a business operating in the United Kingdom, we are registered with the Information Commissioner’s Office (ICO) under registration number ZA356453.
The person responsible for data protection is Varsha Khatri. For any queries relating to the management of your Personal Data, please do not hesitate to send us an email at email@example.com or by calling us on +44 1895 602695.
What Personal Data do we need/receive?
“Personal Data” has been defined under the GDPR (EU and UK) as “any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person”
Any references to “Personal Data” in this Notice therefore means information about living individuals, which, alone or in conjunction with other information held by us, is capable of identifying them. The GDPR 2016/679, the UK GDPR, The Data Protection Act 2018 and any other national implementing legislation relating to data protection in the UK, regulate our use of your Personal Data (collectively “Applicable Data Protection Law”).
In order to provide our Services or for the purposes of conducting our business, we may need the following Data from the individuals we are dealing with (“you”, “yours”, “yourself/yourselves”).
We have tried to cover categories of Data that we generally require while providing Services to our clients or for the purposes of operating our business. However, this is not an exhaustive list.
- Your full name
- Your electronic address
- Your physical address
- Your contact telephone number
- Your date of birth
- If you are a company, the company registration number and registered office address
- Your website
- For the purposes of making payments or any other transactions, your bank details
- For employment purposes, National Insurance Number
- Details of your visits to our Website and the resources that you access, including but not limited to, traffic data, location data, weblogs and other communication data
- Any other information that you provide to us by filling out forms on our Website, such as when you register for newsletters or make a purchase
- Short biography provided during our online courses, group programmes and consultations
- Health information including, but not limited to your underlying health or medical conditions if any, medical history, dietary, lifestyle, supplement and medicine details, test results, clinic notes and health improvement plans
- Any other information provided to us when you communicate with us for any reason
- Your social media account details if you follow us on or communicate with us via social media
- Transactional information such as the Services you are interested in, your purchasing requirements, your financial information including credit card or other payment information ( Depending on the method of payment elected by you, payment details will be collected by third party payment platforms
- Responses to quizzes and surveys that you participate in through our Website, via an app or email
Recording calls and programme sessions
We may record telephone calls for quality assurance and training purposes. Coaching sessions, particularly group coaching sessions are recorded (audio and video) for governance, feedback, quality control and monitoring and reference purposes. Recordings of a 121 consultation if made will be shared only with you, as we believe that having access to your sessions could be beneficial for your progress. We assure you that all such Personal Data will be treated as confidential and will be held strictly in accordance with Applicable Data Protection Law.
Recordings of group sessions are shared with every member of the group programme. By enrolling yourself and participating in a group programme you consent to the sessions of the group programme being recorded and the information recorded therein being accessible to fellow group members.
You warrant that you will not misappropriate, misuse or do anything in relation to another person’s Personal Data that in any way breaches Data Protection Law
What are the sources of collection of Personal Data?
We may obtain Personal Data from you when you contact us or get in touch with us via our Website or when you, or your organisation correspond with us through any means of communication. This includes Personal Data you provide to us when you:
- Contact us with a question or query via email at firstname.lastname@example.org, telephone at +44 1895 602695, purchase one of our Services through the online purchase option or otherwise or download any of our free resources * (*We do seek your express consent before sending you our free resources and/or any other promotional material)
- Ask us to provide our Services to you
- Ask us to collaborate with you
- Contact us or authorise anyone to contact us about your health and nutrition, medical conditions and/or history for the purposes our Services
- Contact us to provide us your Services or goods
- Correspond with us to submit any complaints that you may have
- Correspond with us to address any complaints we may have raised
- Register for a seminar, webinar, event or networking where information is shared between fellow members
- Register to receive updates and newsletters from us
- Attend events and provide our staff with your personal information, business cards or contact details
- Deal with us when we are providing Services to our clients (which may be you, your dependent, your organisation or a third party)
- Submit identity documents directly to us or to third party agencies commissioned by us to collect your data for the purposes of carrying out identity checks and due diligence. (Where we have commissioned a third party to collect your Personal Data on our behalf, we shall continue to remain the Data Controller)
- Contact us for the purposes of employment or apprenticeships
- Connect with us on social media platforms or join groups created and administered by us on social media
We may also collect and retain Personal Data that is:
- obtained from public sources about you or your organisation, which includes all information available on your website, the Companies House, or other online sources accessible through Search Engine Optimisation searches
- Obtained from third parties that may include our clients, professional regulators, public bodies, and other entities, including providers of analysis, screening and database services who have a right to disclose this information to us and
- Relating to whether our contacts read electronic correspondence from us or click on links we send them.
As your health and wellbeing coach and nutritionist, we fulfil our duty to:
- maintain full and accurate records of the consultation and health and wellbeing programme we provide to you
- ensure that your records are confidential, secure, and accurate
- provide a copy at your request that is in an accessible format (for example, in large type if you are partially sighted). Your record may include some or all of the following:
- your name, address, and date of birth
- contacts we have had with you, such as appointments or consultations
- notes and reports on your health
- details of treatment and care, images, and test results (if applicable)
- information on medicines, side effects and allergies (if applicable)
- relevant information from people who care for you and know you well, such as health professionals and relatives
- your nutrition and lifestyle details
- your progress from your first consultation and/or during the course of the health and wellbeing programme or nutrition programme.
Request to share your Personal Data with Caregivers or Relatives and Emergency Contact
Where our clients have requested us to share their information with caregivers or relatives (expressly nominated by them and given their express consent) or where we have been approached by individuals for treatment of their dependents such as but not limited to minors, elderly parents and/or any other dependents who are physically and/or mentally incapable of accessing our Services directly, we will carry out a complete due diligence on such persons and for which we may need to collect all or any of the following data such as:
- full name of the caregiver
- photo ID such as a passport copy or driving license copy
- National Insurance Number
- permanent residential address and supporting documents for proof of address
- any document that proves that the client has expressly appointed the individual as their caregiver
- any document that proves that the individual is the legal guardian of the client (where the client is a minor or is above the age of 17 years but is physically or mentally incapacitated from participating in the consultations directly with IHL)
Information will be shared with care-givers subject to satisfactory due diligence results.
Information will generally be shared with persons nominated as a client’s “Emergency Contact” or where an Emergency Contact has not been nominated, with the next of kin, particularly in cases of emergencies and where the interests (health and safety) of the client over-ride our obligation of confidentiality. For such circumstances it shall be deemed that the client has consented to their information being shared with the Emergency Contact or next of kin.
How do we use your Personal Data?
The information that we collect and store relating to you is primarily used to enable us to provide our Services to you. In addition, we may use the information for the following purposes:
- To provide you with information requested from us, relating to our Services.
- To provide information on other products or services which we feel may be of interest to you, where you have consented to receive such information.
- To meet our contractual commitments to you such as the delivery of our Services to you.
- To notify you about any changes to our Website, such as improvements, or changes to our Services
- To notify you about any changes to our Terms and Conditions and/or Privacy Notice
- To carry out research, including market research, statistical research on site traffic, sales and other commercial information to assist us in improving the Services we provide to you and to improve our Website
- For internal use such as governance, quality control and monitoring purposes
- If you are an existing customer, we may contact you with information about products and Services similar to those which were the subject of a previous sale to you.
- To send you newsletters and other promotional material if you have opted-in.
- To connect with you on social media, if you have requested to connect with us and, once connected, to provide you with information and updates about us and our Services on social media.
By enrolling in any of our programmes or by purchasing any of our Services including without limitation monthly memberships or by dealing with us in any way, you consent to us using your Personal Data as detailed above.
We do not knowingly collect or process Data from anyone under the age of 13 (thirteen) years old (“Child”/ “Children”). Our Services and Website content are not directed at minors, i.e., persons below the age of 18 (eighteen) years, especially children below the age of 13 (thirteen) years.
If you are a parent or guardian and you are aware that your Child has provided us with Personal Data without your consent, please contact us. Unless contacted by a parent or legal guardian, we have no way of knowing that Personal Data was submitted by a Child without parental consent. As a parent/legal guardian you understand that that the onus of controlling your Child’s Personal Data lies on you. If we become aware, after notification by a parent/legal guardian or the Children themselves, that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.
What are the Lawful bases for processing your Personal Data?
Article 6.1 (a) of the GDPR 2016/679 and the UK GDPR- Consent
In order to avail of our Services, you consent to us obtaining and processing your Personal Data. While dealing with you we may issue Terms and Conditions or execute a contract outlining the terms and conditions of our engagement with you. The Terms and Conditions/contract along with this Notice set out the purposes for which your Personal Data may be obtained and processed by us. By accepting our Terms of Service or by using our Website or by executing a contract with us and by continuing to deal with us you confirm that you have consented to us collecting and processing your Personal Data in accordance with our Terms and Conditions and this Privacy Notice.
By expressly opting in to receive our newsletters and promotional material, you consent to us using your email address for the said purposes, in which case the lawful basis for us using your Personal Data is your consent as outlined in Article 6.1 (a) of the GDPR 2016/679 and the UK GDPR.
Article 6.1 (b) of the GDPR 2016/679 and the UK GDPR- Contractual necessity
One of the grounds for obtaining and processing your Personal Data is so that we can fulfil our contractual obligations towards you by performing our Services in line with the Terms and Conditions mutually agreed upon by us.
Article 6.1 (c) of the GDPR 2016/679 and the UK GDPR – Compliance with legal obligations
We may have to collect Personal Data in order to comply with certain legislative and regulatory requirements relating to client due diligence. Consequently, we may process your Data to carry out identity checks and maintain records of customer due diligence.
We may employ third party service providers for the purposes of carrying out client identity checks, or for processing your Data for the purposes of due diligence. However, we remain the Data Controllers.
Article 6.1 (f) of the GDPR 2016/679 and the UK GDPR – Legitimate interests
In circumstances where you are a client or an employee of IHL, we may have to process your Personal Data to promote and pursue legitimate interests of the public and/or our organisation, and/or yours as our client or employee, particularly where we need to access your health or medical records to ensure that the Services being provided to you will not aggravate any existing medical or health conditions.
In terms of promotional material, if you unsubscribe from our mailing list or revoke your consent to receive our newsletters and promotional material, corresponding Data will be removed from our mailing list and will no longer be processed for these purposes. Including your email address in our blocking list is effected in order to safeguard our legitimate interests under Article 6.1 (f) of the GDPR 2016/679 and the UK GDPR. Our legitimate interests lie in not sending you any e-mails in the future.
* However, you can object to us processing your Personal Data, on any of these bases at any time and, if you do so, we will stop processing the Personal Data unless we can show compelling legitimate grounds which override your rights and interests such as, without limitation your own health and safety or the health and safety of any other person(s), or the legitimate interest of our organisation and/or the public or we need the Data to establish, exercise or defend legal claims – see “Your rights” below.
Who may use your Personal Data?
We are committed to keeping your e-mail address confidential. We do not sell, rent, or lease the subscription lists to third parties.
We may disclose your Personal Data:
- to enforce our policies, to comply with our legal obligations (such as if we are required to disclose your Personal Data under a court order, legal requirement and/or regulatory requirement) or in the interests of security, public interest, or law enforcement in any country where we have entities or affiliates. For example, we may respond to a request by a law enforcement agency or regulatory or government authority. We may also disclose Data in connection with actual or proposed litigation, or to protect our property, security, people and other rights or interests
- We may share your Personal Data with our employees, independent contractors, consultants such as legal consultants and accountants, partners and/or third parties who help deliver our Services to you. Examples include hosting our web servers, analysing data, providing marketing and administration assistance, providing customer service, carrying out book-keeping for IHL in which case IHL’s accountant will have access to your Personal Data and transactional information. These companies will have access to your personal information on a ‘need to know basis’, i.e., as necessary to perform their functions, but they may not use that Data for any other purpose. Our contracts with all third parties processing our clients’ Personal Data shall outline their obligations relating to data protection.
- Whilst we encourage you to inform your therapist and/or any other qualified healthcare professional you are consulting with, that you are receiving our Services, we will not share your information with your therapist/NHS care provider/GP and/or any other qualified physician/medical expert unless we have your express written permission to do so or where there is an overriding public interest in disclosing the information without your consent or where your interests in terms of your health and safety over-ride our obligation of confidentiality. This is in accordance with the General Medical Council’s guidance which may from time to time change
While booking a session online, you acknowledge that we use a client portal of a third party, Reservie, to collect your Personal Data on our behalf, the details of which are outlined in the section titled ‘How do we store and transfer your Personal Data?’
- While purchasing our Services, you may have to enter your payment details. Please note that where you elect to make a payment through a payment platform, we do not store your payment details, and these are only used by the payment platform to help facilitate the payment transaction in question.
- As part of our Functional Health Testing, your contact details will be disclosed to the laboratories to which we commission your tests, should you wish us to liaise on your behalf. Your Personal Data will not be disclosed to any other party without your express permission unless such Personal Data belongs to a minor or person physically or mentally incapable of accessing our Services directly, in which case the Personal Data will be shared with the legal guardian/caregiver subject to a due diligence conducted by us.
- Information will also generally be shared with persons nominated as a client’s Emergency Contact or where an Emergency Contact has not been nominated, with the next of kin, particularly in cases of emergencies and where the interests (health and safety) of the client over-ride our obligation of confidentiality. For such circumstances it shall be deemed that the client has consented to their information being shared with the Emergency Contact or next of kin.
- We may share aggregated anonymised data with third parties in order to monitor our Services and to ensure consistent quality and safety relating to the Services provided to clients
Please remember that when you share information publicly on the Website or on social media platforms, for example a comment on a blog post or within social media groups, it may be indexable by search engines, including Google, which may mean that the information is made public.
When you participate in conversations on social media your Personal Data is visible to members of the concerned social media group and to the public in general. Please note that you participate in social media related activities at your sole discretion, and we shall not be liable for the access and use of your Personal Data by third parties, via social media, including circumstances, where third parties contact you or initiate a conversation with you, on social media or otherwise, as a result of your information made available to them via our social media groups or any activity you participate in through our social media platforms or by connecting with us on social media.
Also please note you may be tracked by Facebook, Google or Instagram cookies if you access our profile via these social media platforms. The links to their respective privacy policies have been provided below:
How do we store and transfer your Personal Data?
Hosting and back-end infrastructure- All Personal Data collected by IHL is stored in a secure manner compliant with the Applicable Data Protection Law.
We use third-party hosting services for the purposes of hosting data and files that enable our Website to run and be distributed as well as to enable us to run specific features and functions within our Website. Some of these functions work through geographically distributed servers, thereby making it difficult to identify the exact location where the Personal Data is stored.
The IHL website is hosted on Go Daddy. Therefore, your data may be stored through Go Daddy’s data storage, databases and their applications.
The details relating to Go Daddy are as below:
Personal Data collected– Various types of Personal Data as specified in this Privacy Notice
Your Personal Data may also be stored on servers that may not be located in the United Kingdom and/or the European Economic Area (the EEA). For example, our servers may be located in the United States of America.
Consequently, when you use our Website to purchase our Services or opt in to receive promotional material your Personal Data may be processed by servers located in the United States of America, with less strict privacy laws and the associated risk of your Personal Data being easily accessible in the United States of America.
Should you not wish your Personal Data to be processed in the United States of America you must not:
1. Opt-in to receive promotional material from us
2. Purchase Services via our Website, and/or pay via the Website
A purchase by you of Services using our Website and/or using any of the above-mentioned payment platforms shall constitute your consent to your Personal Data being processed in the United States of America.
We may also transfer Data that we collect from you to locations within and outside of the United Kingdom but within the European Economic Area for processing and storing. Also, it may be processed by staff or independent contractors operating within the European Economic Area who work for us.
By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all reasonable steps to make sure that your Data is treated securely and in agreement with this Privacy Notice.
Emails– all our inbound and outbound email communications are TSL (Transport Security Layer) encrypted, which is an industry standard for all encryptions.
Newsletters and Promotional Material– You will receive newsletters and/or marketing and promotional material from us only if you have expressly opted in. We send marketing emails, newsletters and other promotional material through Convert Kit, an email marketing platform.
In compliance with Applicable Data Protection Law, all emails sent by us will clearly state who the email is from and provide clear information on how to contact the sender, i.e., IHL. In addition, all email messages will also contain concise information on how to remove yourself from our mailing list so that you receive no further email communications from us.
We are committed to keeping your information confidential. We do not sell, rent or lease our subscription lists to third parties, and we will not provide your personal information to any third-party individual, government agency and/or company at any time unless compelled to do so by law. We will use your email address solely to provide information about our Services, programmes and for sending marketing and promotional material as consented to by you. IHL will maintain the information you send via email in accordance with Applicable Data Protection Law.
If you prefer not to receive any direct marketing communications from us, you can opt out at any time by emailing email@example.com or by calling +441895602695
The details relating to Convert Kit are as below:
Personal Data collected– Name, email address and various types of Personal Data as specified in this Privacy Notice
Use of online coaching platform – For the purposes of providing our Services, we use Reservie, an online platform that allows clients to schedule sessions, make payments to us and allows us to store client notes/records (your data) under individual customer records within the Reservie platform.
The details relating to Reservie are as below:
Personal Data collected– Name, email address and various other types of Personal Data as specified in this Privacy Notice
We use Acuity Scheduling (a Square Space company) to help clients schedule their consultations and sessions with us.
At the time of making the booking you may be asked to fill out a client intake form as well as a health questionnaire through which we will collect your personal information such as your name and email address as well as sensitive personal information such as your medical history and information relating to your health, allergies, intolerances and your lifestyle.
By scheduling a session with us through Acuity Scheduling and filling out the client intake form and/or health questionnaire you consent to us collecting and processing the Personal Data submitted by you for the purposes outlined in this Privacy Notice.
The details relating to Acuity Scheduling are as below:
Payment details– When you access checkout to purchase a Service, the following information is gathered:
- Information that tracks progression through the checkout process
- Depending on the payment method selected your payment details including your debit or credit card details.
If a platform like Stripe is being used to facilitate the payment, your information will be transmitted directly to the payment platform to enable the payment to be processed. Upon receipt the payment platform will validate the information and will notify us if the validation was successful or failed.
Security of Personal Data– The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of Data sent to us electronically and transmission of such Data is therefore entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain parts of our Website or Services, you are responsible for keeping this password confidential.
For how long do we store your Personal Data?
Our policy is that we retain your Personal Data for as long as it is necessary for the purposes set out in this Notice, or as is required by applicable law. All of the Personal Data is disposed of securely to ensure compliance with Applicable Data Protection Law.
On occasion, we may gather information about your computer for our Services and to provide statistical information regarding the use of our Website.
Such information will not identify you personally as it is statistical data about our visitors and their use of our Website. This statistical data does not identify any personal details whatsoever.
Similarly, to the above, we may gather information about your general internet use by using a cookie file.
A cookie is a small text file. Where used, these cookies are downloaded to your computer automatically, typically somewhere within your browser settings files. They help us to improve our Website and your experience of it.
Examples of Cookies we use:
Session Cookies. We use Session Cookies to operate our service. Session Cookies are temporary cookies, as they store information about your current session and then are erased when your browser is closed.
Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
Security Cookies. We use Security Cookies for security purposes.
Other tracking technologies are also used such as beacons, tags, and scripts to collect and track information and to improve and analyse our service.
All computers have the ability to decline cookies. Our Website will display a pop-up to remind you that when you access our Website, we will place cookies on your device to improve your experience of our Website. We will also give you the option to consent or opt-out of cookies. You can opt-out of cookies by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies; you may be unable to access particular parts of our Website.
We have presence on social media, such as (without limitation) Facebook, Instagram and Google. Your access of our profile via these social media platforms may result in you and your activities being tracked by the cookies placed by these social media platforms.
For more information on Cookie Consent you may also want to visit the UK Information Commissioner’s webpage on cookies: https://ico.org.uk/for-organisations/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies/
In order to optimise our service, we may apply Google Analytics and our own statistical analyses.
Google Analytics is a web analysis service provided by Google, which is used for purposes of market research and ensuring that the service meets user requirements. Google Analytics uses “cookies”, which are placed on your computer to make it possible to analyse how you make use of the service. The information generated by the cookies about your use of the service (including your pseudonymised IP address) is as a rule transmitted to and stored by Google on servers in the United States. Google uses this information in order to evaluate your use of the service and to create reports on activities for the operator of the service. Google may also transmit this information to third parties if this is prescribed by law, or if third parties process the data on behalf of Google. On no account will Google connect your IP address with other Google data. At https://tools.google.com/dlpage/gaoptout?hl=en-GB you can, with effect for the future, opt out of the recording and saving of your Data at any time. The saving of cookies makes it possible to analyse user behaviour and activate interest-based advertising.
Change in Terms of Privacy
We reserve the right to alter our privacy policies. Any changes to the Notice will be posted on this page. This Website is controlled and operated by IHL from its offices within the United Kingdom. We make no representations that materials, information, or content available on or through this Website are appropriate or available for use in other locations, and access to them from territories where, accessing such materials, information, or content is illegal is prohibited. Those who choose to access this Website from other locations do so on their own volition and are responsible for compliance with applicable local laws.
Third Party Links
You might find links to third party websites on our Website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
In order to enable our consumers to purchase our Services, we use third-party services for payment processing (for example, payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their respective Privacy Policies. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The links to the respective privacy policies of the payment processers used by Illuminated Heath have been provided below:
- Access to information
The GDPR and The Data Protection Act 1998 give you the right to access the information that we hold about you. We will provide the information that we hold on you within one month from the date of request and free of charge as long as this information hasn’t been provided to you already. If the information is a copy of information already provided or is excessive then an administration cost of £10 will be charged. Should you wish to receive details that we hold about you please contact us using the contact details below. You will need to provide suitable evidence that you are the person that the information pertains to before we will release it. Information will be provided to you within one month of receipt of request.
- Erasure of your information
If you are no longer a client with us, then you have a right to erasure of your information. Once we have received your request for erasure, we will ensure all Personal Data we hold on you is erased within one month of the receipt of the request unless we are required to retain your information under a legal requirement.
- Other rights
Under the Data Protection Act you have the following rights in relation to your own Personal Data:
- to prevent us using your Data for direct marketing
- to have (in certain circumstances) inaccurate Personal Data corrected, blocked, or destroyed
- to access a copy of your Personal Data that is undergoing processing (“subject access rights”)
- to object to automated decisions. We do not, however, use automated decision making
- Data portability, which allows you to get and use your Personal Data for different purposes
- the right to withdraw consent and/or to object to us continuing to process your Personal Data
- a right to object to processing that is likely to cause or is causing damage or distress.
If you want to (1) tell us to stop using your Data for direct marketing or withdraw consent from us processing your Personal Data for any of the purposes mentioned in this Notice; (2) exercise your subject access rights; (3) tell us about inaccurate Personal Data you think we hold on you; or (4) object to a use you believe we’re making of your Data which is causing, or is likely to cause damage or distress, please contact our Data Protection Manager or write to us at this address:
We welcome any queries, comments or requests you may have regarding this Privacy Notice. Please do not hesitate to contact us at firstname.lastname@example.org.
If you are unhappy with the way, we are processing your Personal Data you can submit a complaint by writing to our Data Protection Manager at email@example.com.
You are also entitled to make a complaint at the Information Commissioner’s Office https://ico.org.uk/make-a-complaint/
The ICO’s address is:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk