All of this stuff can seem quite impenetrable, some might say a bit dull even, but, over and above the legal requirements, I am deeply, personally committed to protecting your personal information and respecting your privacy, and I want you to understand how I collect and use your data. I want to be transparent about the data that I hold about you, so in this document below I am going to attempt to set out as clearly as I can how I collect and use your data, within the context of the law. I promise to only use your personal information for the purposes for which you supplied it – to support you in your health journey through Health Coaching, mentoring or Mindfulness teaching, or to book and administer courses that you book onto.
Who is the Data Controller for Live Well With Chronic Illness
The law requires an organisation to appoint a Data Controller, who is responsible for processing all data collected by that organisation.
The data controller (or “controller” as defined in the General Data Protection Regulation) for Live Well With Chronic Illness is Deborah Bircham, and Live Well With Chronic Illness is registered as a Data Processor with the ICO
There are several laws which govern how I collect and use your data, including
The Data Protection Act 1998 and
The EU General Data Protection Regulation (Regulation EU 2016/679), (‘GDPR’).
What Does the Law Say?
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
There is stronger legal protection for more sensitive information, such as:
Due to the nature of the work of Live Well With Chronic Illness, I can sometimes be processing data relating to your physical or mental health, for example, if you have a health coaching consultation with me or book onto a Mindfulness course. This data that I collect and handle is confidential and protected by the stronger legal safeguards used for sensitive information.
What is personal data, and how do I collect data about you?
Personal data is classed as any data which identifies a specific individual, from which that person may be identified.
Most of the personal information I process is provided to me directly by you for one of the following reasons:
· Subscribe to my mailing list via my website, or from any other means
· Book onto one of my courses
· Fill in my pre-course assessment form
· Fill in my post-course feedback form
· Information which you share with me as part of our coaching or mentoring sessions
· by corresponding with me via email, ‘phone or post or via my ‘contact me’ form on my website
· When you message me or make an enquiry on Facebook, Messenger or WhatsApp, I collect information about you in order to fulfil your request and answer your enquiry.
I also receive personal information indirectly, from the following sources in the following scenarios
· Digital data that is collected automatically by cookies and analytical software on my website. For more information, see Digital Data Section, below.
· I may occasionally receive information about you from third parties, for example Analytics providers such as Google, MailerLite and Social Media Providers like Facebook and Instagram.
What Personal data might I collect?
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases I rely on for processing this information are either:
(a) Your consent. because you either give me consent to process that data, ie by signing up to my mailing list, or by choosing to provide me with your medical history in order to do a course or coaching with me,
You are able to remove your consent at any time. You can do this by contacting me at email@example.com, via my website at www.livewellwithchronicillness.co.ukor by phone 01780 672505
(f) I have a legitimate interest. Because it is necessary for me to process that data as part of the legitimate interests of the business of Live Well With Chronic Illness, for example, the digital analytics that my website collects about you to allow me to monitor my website traffic to optimise my website performance.
Why Do I need your Data, and what happens if you don’t want to share it with me?
I need your personal data in order to be able to provide and support you with relevant content and/or services. For example, in order to provide you with Mindfulness courses, I need to collect your contact details, and some information about your mental health and general wellbeing in order to ensure that Mindfulness is safe for you. If I am coaching you about your health, I need to obtain and store data from you about your medical history and current health issues, in order to be able to support you with these.
If you fail to provide any personal data requested I may not be able to provide my services to you as intended. I may also not be able to contact you to discuss your courses or your coaching, or to provide you with material that you have requested.
How Do I Use Your Data?
I will use your data for the purposes of contacting you about the services and courses that I run, in accordance with your contact preferences, and if you have given me consent to do so.
I will use your data to book appointments between us for you to attend courses or sessions with me, and for sharing information and resources that I discuss with you during our sessions, such as links to useful websites or recordings of Mindfulness Meditations.
I will send you my email newsletter, if you have subscribed to it, and if you have opted in to receiving the newsletter. You can unsubscribe at any time.
I will use your personal data, medical history and health information in order to inform the work we do together to support your mental and physical wellbeing, either through Mindfulness teaching, or through coaching and mentoring.
If you sign up to my marketing and newsletter, I may use your personal information to send you promotional information about third parties if I think they may legitimately be of interest to you.
How do I keep your Data Secure?
A Data Risk Assessment has been completed and can be viewed on request.
If you purchase any courses or services from me, payment will be made by BACS transfer or Paypal, which ensures your data is secure and I do not have your bank details. I will not store your bank details as a result of any transactions.
Record-keeping will be as minimal as possible, solely as necessary for the legitimate purposes of the business.
All the data that I collect about you will be stored in a secure manner, either digitally on a password protected system, or manually, in locked metal filing cabinets.
In my Mindfulness and Coaching work, I adhere to all the standards as laid out by BAMBA and the ANP in relation to record-keeping, confidentiality and data management.
I will never sell or transfer your data to a 3rdparty unless you specifically consent to this happening for the benefit of your health and wellbeing journey – for example, if you were to request a referral to another practitioner, or a letter for your GP, and I would obtain your written consent to do this.
Otherwise, data will be kept confidential and not shared with 3rd parties without your permission, unless you have given permission to share, it is required by law, or if I have reason to believe that you or another person may be at risk if I fail to disclose information to the relevant authorities, specifically for the purposes of ensuring your wellbeing, or the wellbeing of others. If I am required to break confidentiality in this way, I would notify you of that.
I will never add you to my mailing list without your consent.
I will never send you spam.
I will never sell your data to a 3rd party for financial gain.
It’s important to bear in mind that the transmission of any information via the Internet on websites or emails is not completely secure. Although I will do my best to protect your personal data, I cannot guarantee the security of your data transmitted via my website or via email, and any transmission is at your own risk. Once I have received your information, I will use appropriate procedures and password security to try to prevent unauthorised access.
What are your rights and how can you control your personal data?
I may process your data for relevant business purposes, which are considered to be legitimate interests for my business, and to enable me to deliver and enhance the services I provide to you. Under data protection law, you have certain rights, detailed below. If you want to exercise any of these rights, please contact me by email on firstname.lastname@example.org or ring on 01780 672505
Your data protection rights
Under data protection law, you have rights, including:
Your right of access - To request to see what data I hold about you
Your right to rectification- To request me to change any data that you believe is inaccurate, or to complete any data that you believe is incomplete
Your right to erasure - To request me to erase your personal data
Your right to restriction of processing - To request to restrict processing of your data, in certain circumstances
Your right to object to processing- To object to me processing your data, in certain circumstances
Your right to data portability- To request that your data is moved elsewhere, either to another organisation, or to you.
You are not required to pay any charge for exercising your rights, including if you would like to see what data I hold about you. If you make a request, I have one month (30 days) to respond to you.
If you have previously agreed to me holding your personal information, for example, by booking onto a course with me, or signing up for coaching, you may change your mind at any time and withdraw consent by emailing me at email@example.com or phone on 01780 672505
If you have previously agreed to receiving my newsletter and marketing communications, you may change your mind at any time by clicking on the ‘unsubscribe’ option on the email, or by emailing me at firstname.lastname@example.org or phone me at 01780 672505. Please put UNSUBSCRIBE as the title of your email.
Occasionally technical glitches may occur and I want to apologise in advance if a technical issue affects how I respond to or action any request relating to how I process your data. If you do not receive a response to a request relating to a data query, please contact me via Facebook Messenger, email, or by telephone, as I will do my best to rectify this.
I hope that you will be happy with the way that I process and handle your data, and it is my intention to act with integrity and transparency and to treat your data as I would want my own to be treated. However, if you are unhappy with the way that I process your data, you can make a complaint to me at any time by contacting me at email@example.com or via my website at www.livewellwithchronicillness.co.ukor 01780 672505
You can also complain to the ICO if you are unhappy with how I have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
WARNING! Please note that if you ask me not to contact you any more or ask for your personal data to be deleted, it will mean that I am not able to contact you about services or courses that you might have booked on to, or to respond to any enquiries, or to provide you with any support that has been agreed.
How long will I keep your data for?
I will hold your personal information on my systems for as long as is necessary in order to perform the services that you have purchased, and then for 7 years after that, in order to satisfy any legal, accounting or reporting requirements. Your data will be stored securely during this time, and then securely destroyed either by shredding or by digital deletion.
Information Relating to Digital Data and Website Data
All of the above applies also to any digital records that I may hold about you, including but not limited to, your medical history and contact information.
Links to external websites
My website and my newsletters, social media posts or other communications may contain links to other websites that I believe may useful or interesting to you. However, once you have used these links to leave my site, you should note that I do not have any control over that other website. Therefore, I cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. I would urge you to exercise caution and look at the privacy statement applicable to the website in question.
Mailing List Data
I offer you the opportunity to sign up to my mailing list so that I can send you emails with free information and tips, as well as information about forthcoming paid events and courses which may be of interest to you.
I promise I will not spam you or fill your inbox up with junk, I will only send you occasional emails that contain relevant information that you might find of interest. I use MailerLite for creating and storing data in my mailing lists, and their privacy terms and conditions can be found here https://www.mailerlite.com/legal/data-processing-agreement
Signing up to my mailing list is entirely optional, and you can unsubscribe at any time by clicking on the ‘unsubscribe’ link in the email, or by emailing me at firstname.lastname@example.org, or telephone on 01780 672505. Please put UNSUBSCRIBE as the title of your email.
How my website provider uses your data
Your data may be available to my website provider to enable them to deliver their service, carry out analysis and research on the demographics, interests and behaviour of my users and supporters to help me to improve my services. This may include connecting data I receive from you on the website to data available from other sources.
My website is operated by GoDaddy. You can find the details about how they use data here
As you interact with my website, it may automatically collect usage data and technical data, which may include URL, clickstream through to my site, information you viewed, page response times, download errors, and page interaction information. It may also collect your internet IP address, your login data, your browser type and version, time zone setting and operating system etc. This information is used in order to improve my website performance and allow analytics data to be generated.
I collect this personal data by using cookies and by using Google Analytics, and other similar technologies. You are able to change your computer/device settings to enable you to have more control over this.
More information about the data that Google Analytics collects about you can be found here https://policies.google.com/technologies/partner-sites
More information about cookies can be found below.
This type of data does not contain personally identifiable information (PII) and is only used to help me understand whether my website has visitors and is loading quickly.
My website also provides me with the opportunity to collect your personal data, if you sign up to mailing lists or submit your data into my website form. According to GoDaddy, this data is housed in data stores in the United States.
You can opt-in or opt-out of allowing my website to collect your data. Any places where my website obtains personal information are automatically encrypted. The data stores where the information is maintained are secured by GoDaddy, and the details of these methods can be found here. https://uk.godaddy.com/help/securing-your-digital-identity-27881
A note about Cookies
When you visit my site, you will be asked to consent to these cookies, and you will have the option to decline consent, or change your cookie settings.
If you wish to withdraw your consent for cookies at any time, you will need to delete your cookies using your internet browser settings.
Internet browsers allow you to change your cookie settings. These settings are usually found in the 'options' or 'preferences' menu of your internet browser.
More information about cookies