This document outlines how that information is used, who we may share that information with and how we keep it secure. This notice does not provide exhaustive detail, however, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to firstname.lastname@example.org. This privacy notice was last reviewed in August 2022.
1. Dragonfly Healing Room Ltd (The “company”, “us”, “we”, or “our”) operates the company. This also covers reference to its employees and resources.
2. “Service” is wellness support, care and education. This also includes all resources and products supplied by or through Dragonfly Healing Room Ltd.
3. “Client”, “you”, “your”; this refers to the individual purchasing/using the Service from Dragonfly Healing Room Ltd.
4. “Terms and Conditions”; this refers to the terms of usage and conditions under which all purchases are pursued (including the Service).
5. “GDPR” means Regulation (EU) 2018 of the European Parliament and of the Council of 25 May 2018 on the protection of natural persons with regard to the processing of Personal Data and repealing Directive 95/46/EC (General Data Protection Regulation) OJ L 119/1 and as modified from time to time
6. “Data Protection Laws”; any applicable law relating to the processing of personal Data, including but not limited to the Directive 96/46/EC (Data Protection Directive) or the GDPR, and any national implementing laws, regulations and secondary legislation, for as long as the GDPR is effective in the UK.
7. “Personal Data” refers to data about a living individual who can be identified from that data (or from other information either in our possession or likely to come into our possession). This also refers to collectively all information that you submit to Dragonfly Healing Room Ltd via the Website or during the performance of the Service.
8. “Usage Data” is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
9. “Special Category Data”; is personal information of data subjects that is especially sensitive; Personal Data revealing political opinions, Personal Data revealing religious or philosophical beliefs, Personal Data revealing trade union membership, genetic data, biometric data (where used for identification purposes), data concerning health, data concerning a person’s sex life and data concerning a person’s sexual orientation.
10. “Cookies”; cookies are small pieces of data stored on your device (computer or mobile device). They are a small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the cookies used by this Website are set out in the clause below (Cookies);
11. “Website”; the website that you are currently using, www.dragonflyhealingroom.co.uk, and any sub-domains of this site unless expressly excluded by their own terms and conditions.
12. “UK and EU Cookie Law”; the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011;
13. “User” or “you”; any third party that accesses the Website and is not either (i) employed by Dragonfly Healing Room Ltd and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to Dragonfly Healing Room Ltd and accessing the Website in connection with the provision of such services.
15. “Data Processors”; Data processors (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of other Service Providers in order to process your data more effectively. In these instances, we will ensure that the relevant agreements will be in place to ensure the security of your data to the best of our ability.
16. “Data Subject” or “User”; Data subject is any living individual who is using our Service (whether directly or through a representative) and is the subject of Personal Data.
a. the singular includes the plural and vice versa;
c. a reference to a person includes firms, companies, government entities, trusts and partnerships;
d. "including" is understood to mean "including without limitation";
e. reference to any statutory provision includes any modification or amendment of it;
It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media websites.
In a situation where you are using the Service, but in aid of a third party, or when you are using Service on behalf of someone else, remember to obtain appropriate authorisation prior to providing this data.
In accordance with Article 14 of UK GDPR please ensure that they have read and understood how their data is used and shared before authorising the use of their data.
This document governs your use of this Service and you should cease using the Service if you do not agree with these provisions.
We will use reasonable efforts to include up-to-date and accurate information in its resources and information, but make no representations, warranties, or assurances as to the accuracy, currency, or completeness of the information provided. We shall not be liable for any damages or injury resulting from your access to, or inability to access, the Service, or from your reliance on any information provided on this Service.
The Service does not constitute in any way medical advice or treatment and should not be taken as such. If you have medical concerns contact your GP, Local Health Service or an accredited medical professional.
Where we need to collect Personal Data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How we obtain your Personal Data:
You provide us with personal data in the following ways:
- By completing a pre-appointment questionnaire
- By signing a terms of engagement form
- During a consultation
- Through email, over the telephone or by post
- By taking payment - credit card and online
This may include the following information:
- Basic details such as name, address, contact details and next of kin
- Details of contact we have had with you
- Health information including your previous medical history, dietary, lifestyle, supplement and medicine details, biochemical test results, clinic notes and health improvement plans
- GP contact information
- Bank details
Information we get from other sources
We may obtain sensitive medical information (Special Category Data) in the form of test results from biochemical testing companies. We use this information in order to provide you with direct wellness care. Before obtaining this data, we will always ask for your consent, as such, this is our legal basis. This information may also be necessary in order for us to undertake the Service; in this instance, our legal basis is contract. We may obtain sensitive information from other healthcare providers. The provision of this information is subject to you giving us your express consent. If we do not receive this consent from you, we will not be able to coordinate your wellness with that provided by other providers which means the wellness provided by us may be less effective.
How we use your personal data:
We act as a data controller for use of your personal data to provide direct wellness support. We also act as a controller and processor in regard to the processing of your data from third parties such as testing companies and other healthcare/wellness providers. We act as a data controller and processor in regard to the processing of credit card and online payments. We undertake at all times to protect your personal data, including any health and contact details, in a manner which is consistent with your duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data storage. We may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime. Also where there is a legal requirement such as a formal court order. We may use your data for marketing purposes such as newsletters but this would be subject to you giving us your express consent.
Sharing Your Information with Other Organisations
We will keep information about you confidential. We will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties:
- Any contractors and advisors that provide a service to us or act as our agents on the understanding that they keep the information confidential
- Anyone to whom we may transfer our rights and duties under any agreement we have with you
- Any legal or crime prevention agencies and/or to satisfy any regulatory request if we have a duty to do so or if the law allows us to do so
We may share your information with supplement companies and biochemical testing companies as part of providing you with direct wellness care. We will not include any sensitive information.
We will seek your express consent before sharing your information with your GP or other healthcare providers. However if we believe that your life is in danger then we may pass your information onto an appropriate authority (such as the police, social services or GP) using the legal basis of vital interests.
We may share your case history in an anonymised form with our peers for the purpose of professional development. We will seek your explicit consent before processing your data in this way.
1. We may collect the following Data, which includes personal Data, from you:
b. date of birth;
c. contact Information such as email addresses and telephone numbers;
How we collect Data
2. We collect Data in the following ways:
a.data is given to us by you ;and
b. data is collected automatically.
Data that is given to us by you
3. We will collect your Data in a number of ways, for example:
a. when you contact us through the Website, by telephone, post, e-mail or through any other means;
b. when you register with us and set up an account to receive our products/services;
c. when you complete surveys that we use for research purposes (although you are not obliged to respond to them);
d. when you enter a competition or promotion through a social media channel;
e. when you make payments to us, through this Website or otherwise;
f. when you elect to receive marketing communications from us;
g. when you use the Service;
Data that is collected automatically
4. To the extent that you access the Website, we will collect your Data automatically, for example:
a. we automatically collect some information about your visit to the Website. This information helps us to make improvements to Website content and navigation, and includes your IP address, the date, times and frequency with which you access the Website and the way you use and interact with its content.
b. we will collect your Data automatically via cookies, in line with the cookie settings on your browser. For more information about cookies, and how we use them on the Website, see the section below, headed "Cookies".
Our use of Data
5. Any or all of the above Data may be required by us from time to time in order to provide you with the best possible Service and experience when using our Website. Specifically, Data may be used by us for the following reasons:
a. internal record keeping;
b. improvement of our products/ the Service;
c. transmission by email of marketing materials that may be of interest to you;
d. contact for market research purposes which may be done using email, telephone, fax or mail. Such information may be used to customise or update the Website;
6. We may use your Data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see the section headed "Your rights" below).
7. For the delivery of direct marketing to you via e-mail, we'll need your consent, whether via an opt-in or soft-opt-in:
a. soft opt-in consent is a specific type of consent which applies when you have previously engaged with us (for example, you contact us to ask us for more details about a particular product/service, and we are marketing similar products/services). Under "soft opt-in" consent, we will take your consent as given unless you opt-out.
b. for other types of e-marketing, we are required to obtain your explicit consent; that is, you need to take positive and affirmative action when consenting by, for example, checking a tick box that we'll provide.
c. if you are not satisfied about our approach to marketing, you have the right to withdraw consent at any time. To find out how to withdraw your consent, see the section headed "Your rights" below.
8. When you register with us and set up an account to receive our services, the legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
Keeping Data Secure
9. We will use technical and organisational measures to safeguard your Data, for example:
a. access to your account is controlled by a password and a user name that is unique to you.
b. we store your Data on secure servers.
10. Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by contacting us via this e-mail address: email@example.com.
11. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
13. Even if we delete your Data, it may persist on backup or archival media for legal, tax or regulatory purposes.
How long we hold confidential information for
All records held by us will be kept for the duration specified by guidance from our professional association, the Kinesiology Association.
We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
All essential contact information will be kept for a duration of 6 years for the basis of accountancy records and our legal requirement to maintain them. After this point the information will be archived, unless a Data Subject exercises their right to removal. If this is exercised, it will be determined what, if any, information needs to be retained by us to comply with current laws.
All personal information that is collected and anonymised as a statistical data set will be retained as long as that statistical information is still relevant to the company or any educational information/statistical analysis that it is needed for. Please note that once data has been added to a statistical data set, as it is anonymised, we would be unable to remove this data. However, once it is part of the data set it is no longer Personal Data as it would not be identifiable.
All correspondence including personal information will be kept for a period of 5 years in case it is needed for reference in continuing communications/education. After this period it will be archived or deleted. Please note that although we make every effort to delete or archive all information, it is often difficult to compile every digital communication (particularly when it is spread across different platforms of communication) and so will likely never cover 100% of communication.
All personal information collected/processed will be kept for a period of 7 years as recommended by the Kinesiology Association. It is unlikely that we have a direct relationship with our users/clients beyond this period. In the cases where a relationship is ongoing, data will be retained until such time that the relationship ceases, at which point the data will be archived, unless a person exercises their right to removal. If this is exercised, it will be determined what, if any, information needs to be retained by us to comply with current laws.
14. You have the following rights in relation to your Data:
a. Right to access - the right to request
(i) copies of the information we hold about you at any time, or
(ii) that we modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is "manifestly unfounded or excessive." Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.
b. Right to correct - the right to have your Data rectified if it is inaccurate or incomplete.
c. Right to erase - the right to request that we delete or remove your Data from our systems.
d. Right to restrict our use of your Data - the right to "block" us from using your Data or limit the way in which we can use it.
e. Right to data portability - the right to request that we move, copy or transfer your Data.
f. Right to object - the right to object to our use of your Data including where we use it for our legitimate interests.
15. To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), please contact us via this e-mail address: firstname.lastname@example.org. If you are not satisfied with the way a complaint you make in relation to your Data is handled by us, you may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner's Office (ICO). The ICO's contact details can be found on their website at https://ico.org.uk/.
16. It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.
Links to other websites
Changes of business ownership and control
19. We may also disclose Data to a prospective purchaser of our business or any part of it.
20. In the above instances, we will take steps with the aim of ensuring your privacy is protected.
22. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law.
23. Before the Website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling us to provide a better experience and Service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.
24. This Website may place the following Cookies:
Cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
25. You can find a list of Cookies that we use in the Cookies Schedule.
26. You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser.
27. You can choose to delete Cookies at any time; however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.
28. It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
29. For more information generally on cookies, including how to disable them, please refer to aboutcookies.org. You will also find details on how to delete cookies from your computer.
32. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
33. This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.
The Service does not directly address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18 without parental consent. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
If you are providing us with personal information relating to anyone under the age of 18, please ensure you have gained informed consent from a parent/guardian and have made them aware of their rights when doing so. It is also important before disclosing any personal information of anyone between the ages of 14 and 18 to us to ensure that they also understand how their data is being used and consent to it.
In the instances where personal data is collated as a part of a data-set for statistical analysis, educational resources or market research, the data will be anonymised.
Security of Data:
The security of your data is important to us, but remember that no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
All content of the Service is owned or controlled by/licensed to Dragonfly Healing Room Ltd and is protected by worldwide copyright laws. You may not download content for your personal or professional use and no modification or further reproduction of the content is permitted without prior written consent from us. The content may otherwise not be copied or used in any way. Any products supplied by us are also protected by worldwide copyright laws, and should not be redistributed.
The trademarks, service marks, trade names, trade dress and products in this service are protected internationally. No use of any of these may be made without prior written authorisation from us, except to identify the products or services of the company. Information, products, processes and technologies described as a part of the service may be subject to other intellectual property rights.
Every individual has the right to see, delete or have a copy of data that can identify you, with some exceptions. You do not need to give a reason to see your data.
If you want to access your data you must make a subject access request in writing to email@example.com. Under special circumstances, some information may be withheld. We shall respond within 20 working days from the point of receiving the request and all necessary information from you. Our response will include the details of the personal data we hold on you. [including]:
You have the right, subject to exemptions to ask to:
- Have your information deleted
- Have your information corrected or updated where it is no longer accurate
- Ask us to stop processing information about you were we are not required to do so by law
- Receive a copy of your personal data, which you have provided to us, in a structured, commonly used and machine readable format and have the right to transmit that data to another controller, without hindrance from us
- Object at any time to the processing of personal data concerning you.
The process if you exercise any of these rights:
- Please note we may ask you to verify your identity before responding to such requests.
- Please note we may also ask for clarification/specification on which data it is you are requesting, in circumstances where certain data is anonymised or we hold large volumes of data or it required access to our archives in order to obtain or remove the desired data.
- Please note we are obligated and will comply with your data protection rights to a reasonable extent.
- In cases whereby a data request is deemed excessive or manifestly unfounded, we may charge a reasonable free to provide the data, taking into account the administrative costs of providing the information or communication.
- We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
What safeguards are in place to ensure data that identifies me is secure?
We only use information that may identify you in accordance with GDPR. This requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful. Within the health sector, we also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct wellness care. We will protect your information, inform you of how your information will be used and allow you to decide if and how your information can be shared. We will ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment such as laptops and encryption (which masks data so that unauthorised users cannot see or make sense of it). We ensure that external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed. Dragonfly Healing Room is registered with the Information Commissioners Office (IC) as a data controller and collects data for a variety of purposes. A copy of the registration is available through the ICO website (search by business name).
Personal Data and Your Duty to Inform Us of Changes
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
How to contact the appropriate authority
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.
By email: firstname.lastname@example.org.