Holistic Health with Liz
Holistic Health with Liz holds some information about you. This document outlines how that information is used, who I may share that information with and how I keep it secure. This notice does not provide exhaustive detail. However, I am happy to provide any additional information or explanation needed. Any requests for this should be sent to firstname.lastname@example.org . I keep my Privacy Notice under regular review. This Privacy Notice was last reviewed in January 2022.
1.1.1 What I Do
I teach Vinyasa Flow Yoga & Womb Yoga, run women’s circles and women's retreats.
I am also a qualified teacher of Womb Yoga and Pregnancy Yoga, which I teach at special events.
I am a certified Mizan Therapist.
1.1.2 How I Obtain Your Personal Data
Information provided by you
You provide me with personal data in the following ways:
By joining my mailing list
By completing a questionnaire
By signing a terms of engagement form
Through email, over the telephone or by post
Via social media channels such as Facebook and Instagram
By taking credit card and online payment
By filling in a form on my website
When you subscribe to my services via any other channel
When you make any bookings via the Practice Better (booking) system connected with my account
When you opt in to receive marketing messages, or news by email, SMS or other means.
This may include the following information:
basic details such as name, address, contact details and next of kin
health information including your any information you share when you sign up for your Yoga class
Data collected from my website
The legal basis for us holding and processing your personal data is in line with GDPR Article 6 (1) (b) and Article 9 (2) (h):
Legal obligation: the processing is necessary for compliance with a legal obligation Article 6 (1)(c)*
Vital interests: the processing is necessary to protect someone’s life. Article 6 (1)(d)
Public interest: the processing is necessary to perform a task in the public interest. Article 6 (1)(e)
Legitimate interests: the processing is necessary for an organisation’s legitimate interests or the legitimate interests of a third-party Article 6 (1)(f)
1.1.3 How I use and store your personal data -
I act as a data controller for use of your personal data. I act as a data controller and processor in regard to the processing of credit card and online payments.
I protect all personal data I hold about you by ensuring that I have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged.
All information you provide is stored securely. Any payment transactions via my website or Practice Better System will be processed securely by third party payment processors. Where I have given you (or where you have chosen) a password that enables you to access the Practice Better System, you are responsible for keeping that password confidential. You must not share your password with anyone.
The transmission of information via the internet cannot be guaranteed as completely secure. Once I have received your information, I use strict procedures and security features to minimise the risk of unauthorised access.
At your request, I may occasionally transfer personal information to you via email, or you may choose to transfer information to me via email. Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so understanding the risks associated with doing so.
I may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime. Also where there is a legal requirement such as a formal court order. I may use your data for marketing purposes such as newsletters but this would be subject to you giving us your express consent.
1.1.4 How I retain your personal data
Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws. Unless I explain otherwise to you, I will retain your personal data on the basis of the following guidelines:
for as long as I have a reasonable business need, such as managing our relationship with you and managing our business
for as long as I provide services and/or treatment to you and then for as long as someone could bring a complaint or claim against me (in general this is a period of 8 years); and/or
in line with the requirements of my professional association ANP (Association of Naturopathic Practitioners) and in accordance with GDPR law.
1.1.5 Sharing of information with others
I will keep information about you confidential.I will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties:
My professional association, ANP, for the processing of a complaint made by you
Any contractors and advisors that provide a service to me or act as our agents on the understanding that they keep the information confidential (such as my booking and payment systems)
Anyone to whom I may transfer our rights and duties under any agreement I have with you
Any legal or crime prevention agencies and/or to satisfy any regulatory request (such as ANP) if I have a duty to do so or if the law allows us to do so
if I believe that your life is in danger then I may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests.
1.1.6 What are your rights?
Every individual has the right to see, amend, delete or have a copy, of data held that can identify you, with some exceptions. You do not need to give a reason to see your data. our personal information is protected under data protection law and you have a number of rights:
To have your personal information corrected if it is inaccurate and to have incomplete personal information completed in certain circumstances.
The right in some cases to object to processing of your personal information (as relevant). This right allows individuals in certain circumstances to object to processing based on legitimate interests, direct marketing (including profiling) and processing for purposes of statistics.
The right to have your personal information erased in certain circumstances (also known as the “right to be forgotten”). This right is not absolute – it applies only in particular circumstances and where it does not apply any request for erasure will be rejected. Circumstances when it might apply include where the personal information is no longer necessary in relation to the purpose for which it was originally collected/processed, if the processing is based on consent which you then withdraw, when there is no overriding legitimate interest for continuing the processing, if the personal information is unlawfully processed, or if the personal information has to be erased to comply with a legal obligation. Requests for erasure will be refused where that is lawful and permitted under data protection law for instance where the personal information has to be retained to comply with legal obligations or to exercise or defend legal claims. Please note that if I have processed an erasure request from you and subsequently you submit your personal data through one of my data capture channels, I will begin to communicate with you again as a new customer in line with the consent you have provided.
To request access to the personal information held about you and to obtain certain prescribed information about how I process it. This is more commonly known as submitting a “data subject access request”. This right will enable you to obtain confirmation that your personal information is being processed, to obtain access to it, and to obtain other supplementary information about how it is processed. In this way you can be aware of and you can verify the lawfulness of our processing of your personal information.
The right to complain to the Information Commissioner’s Office who has the power to investigate whether I am complying with the data protection law. You can do this if you consider that I have infringed it. You can visit its website for more information: https://ico.org.uk/
I do not carry out any automated processing, which may lead to automated decision based on your personal data.
If you would like to invoke any of the above rights then please write to the Data Controller at email@example.com . I shall respond within 20 working days from the point of receiving the request and all necessary information from you.
My response will include the details of the personal data I hold on you including:
Sources from which we acquired the information
The purposes of processing the information
Persons or entities with whom we are sharing the information
1.1.7 What safeguards are in place to ensure data that identifies you is secure?
I only use information that may identify you in accordance with GDPR. This requires me to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.
Within the health sector, we also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. I will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
I also ensure the information I hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it). I ensure external data processors that support us are legally bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
Liz Bortoli of Holistic Health with Liz is registered with the Information Commissioner’s Office (ICO) as a data controller and collects data for a variety of purposes. A copy of the registration is available through the ICO website (search by business name).
1.1.8 How long I hold confidential information
All records held by Holistic Health with Liz will be kept for the duration specified by guidance from our professional association ANP.
1.1.9 Non-personal data collected when accessing my website (Analytics)
Like most websites, I make use of analytics software in order to help me understand the trends in popularity of my website and of different sections. I make no use of personally identifiable information in any of the statistical reports I use from this package.
I do use electronic forms on my website making use of an available ‘forms module’ which has a number of built-in features to help ensure privacy. I also aim to use secure forms where appropriate.
By law, website operators are required to ask for a website user’s permission when placing certain kinds of cookie on their devices for the first time. You can opt out of this.
Where consent is required, the law states that it should be “informed consent”, which means we must ensure that you understand what cookies are and why we want to use them. I am committed to providing the best digital service to you whilst at the same time fully protecting your privacy.
What exactly are Cookies?
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving your user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.
These cookies are essential in order to enable you to move around our websites and use its features, such as accessing secure areas of the websites. Without these cookies, services you have asked for cannot be provided.
Your consent is not required for the delivery of those cookies which are strictly necessary to provide services requested by you.
My website may use these types of cookies.
These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All the information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
My website may use these types of cookies.
These cookies allow websites to remember choices you make (such as language or the region you are in) and provide enhanced, more personal features. They may also be used to provide services you have asked for such as watching a video. The information these cookies collect is generally anonymised and they cannot track your browsing activity on other websites.
My website may use these types of cookies.
These cookies are used to deliver adverts more relevant to you and your interests They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign.
My website may use these types of cookies.
You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential Cookies) you may not be able to access all parts of my website. For information on how to delete cookies, please refer to: use https://ico.org.uk/for-the-public/online/cookies. You can also opt out of being tracked by Google Analytics across all websites by visiting http://tools.google.com/dlpage/gaoptout
Definitions used above are consistent with those supplied by the International Chamber of Commerce ‘ICC UK Cookie Guide’ April 2012. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
1.1.10 What to do if you have a complaint about my use of your personal information
If you have a complaint regarding the use of your personal data then please contact me by writing to the Data Controller at firstname.lastname@example.org and I will do my very best to help you.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 1231113.
How to contact me