Privacy Policy
1. Business Information
1.1 Use the details below to contact us;
Contact Name: Wendy-Anne Steer
Registered Address: Suite A, 82 James Carter Road, Mildenhall, Suffolk, IP28 7DE
Website: https://thewellbeingalchemist.co.uk/
Email Address: wendy@thewellbeingalchemist.co.uk
Telephone number: 07887 984033
2. About This Privacy Policy
2.1 This policy sets out, as a business how we process data both inside the business, and on the website.
2.2 We are committed to protecting your privacy and complying with our data protection obligations under the Data Protection Act 2018 (the DPA 2018), the UK General Data Protection Regulation 2016/679 (the UK GDPR) and any other applicable UK legislation (together, Data Protection Law).
2.3 When you interact with us or use the website, we act as the data controller of your personal data. This means we are responsible for processing your personal data and deciding how to use it. This privacy policy explains the types of personal data we may collect about you when you interact with us, why we collect it, what we use it for and what rights you have over it. Personal data is any information about an identifiable person. Processing is anything we do with your personal data, including using, storing, sharing and deleting it.
2.4 This policy was last updated on the date shown at the top. We may change this policy at any time by posting an updated version on the website and will make reasonable efforts to bring any material changes to your attention. You may wish to check it before using the website, as any changes will be effective from the date they are made.
3. Contact Information
3.1 If you have any concerns or want further information about our use of data or this policy in general, you can contact us at the address above or by email.
4. What Information Do We Collect?
4.1 We collect, store and use the types of personal data set out in the tables at the end of this policy.
5. How Will We Use Your Personal Data?
5.1 We will use your personal data for the purposes set out in the table at the end of this policy.
6. How Do We Share Your Personal Data?
6.1 When we share personal data, we do so under Data Protection Law. We may share certain personal data, where necessary, with employees, contractors, consultants or advisers to facilitate sales and for general commercial purposes.
6.2 We may also provide third parties with aggregated but anonymised information and analytics about our customers. Before doing so, we will ensure that it does not identify you.
7. Sharing Information
7.1 We endeavour to keep as much data within the UK/EU. However, there may be times when this is not possible. Where the platforms we use are outside of the UK, or not a country where we have adequacy regulations, we will assess if the transfer is necessary to perform our service under the contract and that the data transfer comes under a restricted transfer.
7.2 Where we are legally required to do so, information is shared. On occasion, we may not be allowed to tell you of information being shared.
7.3 A full list of the information we collect can be found here.
7.4 The website may contain links to other websites over which we have no control, usually in relation to blogs. We are not responsible for and do not review or endorse the privacy policies or practices of other websites you choose to access from this website. We encourage you to review the privacy policies of those other websites to understand how they collect, use and share your personal information.
Type of plugin | Name and link of Business |
Email marketing form | https://mailchimp.com/legal/ |
Contact form | |
Calendly | https://calendly.com/privacy |
https://privacycenter.instagram.com/policy | |
https://www.linkedin.com/legal/privacy-policy |
7.5 The website does have plug-ins that we use to third-party platforms.
7.6 We use a number of platforms to deliver our services. For a full-list of these, please email us.
8. Your Rights
8.1 We respect your privacy rights and will respond to requests for access or control over information about you under Data Protection Law. We may require you to verify your identity before we take any action.
8.2 Depending on the reason we have your personal data, you have a right to:
a) access the personal information we hold about you (commonly known as subject access);
b) request that we correct or complete personal information we hold about you that is inaccurate or incomplete;
c) request that we erase your personal information in some circumstances or object to our processing it;
d) restrict how we use your personal data, in certain circumstances;
e) request that we provide you with copies of your personal information in a machine-readable format or transfer it across different services; and
f) where we have asked for your consent to process your data to withdraw this consent.
8.3 These rights are limited in some situations under Data Protection Law – for example, where we can demonstrate that we are under a legal obligation to process your data.
8.4 If you wish to exercise any of these rights, please get in touch with us.
Your right to object
8.5 You have a right to object to our processing of your personal data and ask us to stop doing so. If we are processing your personal data for direct marketing purposes (which includes profiling to the extent that it is related to such direct marketing) and you object to this, we will stop processing your personal data immediately.
8.6 If our processing of your personal data is in the public interest or under our legitimate interests and you object to this, we will stop processing your personal data unless we have compelling reasons which override your interests or our use of your personal data is for the establishment, exercise or defence of legal claims.
8.7 We hope we can satisfy any queries you may have about how we process your data. However, if you have unresolved concerns, you also have the right to complain to data protection authorities (in the UK, the Information Commissioner’s Office). You can call the ICO on 0303 123 1113 or visit their website: https://ico.org.uk/make-a-complaint/).
9. Data Retention
9.1 Your personal data will only be kept for as long as necessary for our purposes. Specific retention periods are set out in the table at the end of this policy.
9.2 At the end of the specified retention periods, your personal data will either be securely destroyed or anonymised unless we must keep it to comply with our legal obligations.
10. Data Protection Principles
10.1 We process your personal data under the following principles:
a) we process your personal data lawfully, fairly and in a transparent way;
b) we collect your personal data for specified, explicit and legitimate purposes; any further processing we do is compatible with the original purposes for which we collected it;
c) we only process personal data that is adequate, relevant and limited to what is necessary to achieve the purpose for which it is processed;
d) we take reasonable steps to ensure that all personal data is accurate and kept up to date where necessary;
we do not store personal data in a form that identifies you for any longer than is required for the purposes of our processing; and
e) we process personal data securely and in a way that protects against unauthorised or unlawful processing, accidental loss, destruction or damage.
10.2 When we ask for your personal data, we will tell you whether you are required by law or contract to provide it and what will happen if you do not provide the data.
10.3 Any request for consent to processing your personal data will be made directly to you and will include information about why we require the personal data and what will be done with it.
11. What Is Our Lawful Basis For Processing?
11.1 We will only process personal data when we have a lawful basis for processing. The table at the end of this policy sets out the legal basis we rely on for each type of data we process.
11.2 We will choose one of the lawful bases in the UK GDPR to justify how we use your personal data. These are:
a) Consent: You have given consent to the processing of your personal data for one or more specific purposes. You have the right to withdraw your consent at any time, as detailed above.
b) Contract: The processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
c) Legal obligation: We must process your personal data to comply with a legal obligation.
d) Vital interests: The processing is necessary to protect the vital interests of you or another person.
e) Public interest: Processing is necessary for performing a task in the public interest or in the exercise of some official authority.
f) Legitimate interests: Processing is necessary for legitimate interests pursued by us or someone else, except where such interests are overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.
12. Table Of Personal Information We Use
The table below sets out detailed information about the types of personal information we collect, our purposes for processing, the basis for processing and the retention period for the personal data.
Contacts / Clients /Leads
When collected / stored |
Category of personal data
|
Purpose of processing
|
Lawful basis for processing
|
Retention period
|
Contract
Website Email marketing platform
|
Name and contact details
|
To deliver your purchases to you To send you order updates For fraud prevention and detection
To contact you with information, newsletters and marketing materials about our products and services
|
Performance of contract
Compliance with legal obligation
Consent |
For three years since you gave consent, or until you withdraw consent if earlier
|
Online payment platform Bank transfer Cheque |
Payment information
|
To take payment and give refunds For fraud prevention and detection |
Performance of contract
Compliance with legal obligation
|
For three years since you last logged on to the website |
Emails CRM Project management platform |
Contact history |
To provide customer service and support
|
Performance of contract
Legitimate interests in dealing with complaints or claims |
For six years since you last logged on to the website |
Platform analytics |
Browser, device and Site usage information
|
To improve the website To protect the website against fraud To set default options for you, such as language and currency
|
Performance of contract
Legitimate interest in maintaining our website |
For three years since you last logged on to the website
|
Website Testimonial capture form Emails |
Customer comments and product reviews
|
To improve our products and services Where relevant, to establish, exercise or defend legal claims |
Performance of contract
Legitimate interest in dealing with complaints or claims and improving our products and/or services generally
|
For six years
|
Website Social media platform analytics Google Analytics
|
Information collected through cookies and similar technologies |
To conduct and store website usage analytics, statistical and trend analysis and market research To generate customer profiles to facilitate marketing initiatives
|
Consent |
For three years since you gave consent, or until you withdraw consent if earlier
|
Sensitive personal data
Category of sensitive personal data |
Purpose of processing |
Lawful basis for processing |
Special condition for processing sensitive personal data |
Retention period |
Health and medical information, including whether the individual has a disability |
Compliance with the Business’s health and safety obligations, personnel management and administration purposes Used to consider how health affects their ability to do their job and whether any reasonable adjustments are required |
The processing is necessary to pursue the Business’s legitimate interests. Specifically: Supporting the wellbeing and pursuing business continuity purposes The processing is necessary to comply with a legal obligation. The processing is necessary to perform a contract.
|
The processing is necessary for the Business to exercise its rights or comply with its obligations under employment law. |
Throughout period of working with you and for up to six years after it comes to an end |
Information about racial or ethnic origin |
Used to help the Business meet its diversity aims and ensure compliance with the Equality Act 2010 |
The individual has consented to the processing.
|
The individual has given explicit consent to the processing of their sensitive personal data in this way. |
Throughout period of working with you and for up to six years after it comes to an end |
Information about individuals’ religious or philosophical beliefs |
Used to ensure we are providing treatments to meet their needs |
The individual has consented to the processing.
|
The individual has given explicit consent to the processing of their sensitive personal data in this way. |
Throughout period of working with you and for up to six years after it comes to an end |