GDPR and Privacy- we take it seriously
The GDPR legislation will replace current data privacy law on 25th May 2018, giving more rights to you as an individual and more obligations to organisations holding your personal data. One of the rights is a right to be informed, which means we have to give you even more information than we do now about the way in which we use, share and store your personal information. We have explained how we will do this below.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes.
By using our websites or contracting for our services, you’re agreeing to be bound by this Policy.
Any queries in the first instance are to be directed to Heather Rachel Johnston at email@example.com or alternatively, you can telephone 07801 246113.
• What information is being collected?
We collect information about you when you register with us or place an order or contract for services. We also collect information when you voluntarily complete psychometrics, surveys and provide feedback along with information gained through the course of coaching and supervision sessions, P&OD Consultancy or enrol on an art course. Website usage information is collected using cookies.
Use of ‘cookies’
It is possible to switch off cookies by setting your browser preferences.
Visitors to our websites
When someone visits our websites we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.
We use a third party services, WordPress.org and WordPress.com, to publish and manage the mindtrip website. This site is hosted at www.zen.co.uk. We use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. WordPress requires visitors that want to post a comment to enter a name and email address. For more information about how WordPress processes data, please see Automattic’s privacy notice and Zen’s privacy notice
We use a third party provider, mailchimp, to deliver our ad hoc e-newsletters for both mindtrip and Heather Rachel Art. We gather statistics around email opening and clicks using industry standard technologies. For more information, please see mailchimp’s privacy notices
• Why is it being collected?
We collect information about you to process your order, manage your account, provide a service and, if you agree, to email you about other products and services, or latest thinking we think may be of interest to you. The personal information we collect might include your name, address, email address, IP address, bank details and information regarding what pages or newsletters are accessed and when.
If you purchase a product or service from us, through our website, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.
We would like to send you information about products and services of ours or latest thinking in these related fields which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date through our unsubscribe feature on marketing emails and you have a right at any time to stop us from contacting you for marketing purposes, you can do this by emailing firstname.lastname@example.org or email@example.com or using the unsubscribe button on any communication.
• How will it be used?
We may use your information to:
- Book you on an art based course
- Establish a coaching or supervision contract and provide a service
- Process orders or deliver services that you have submitted online or personally
- To carry out our obligations arising from any contracts entered into by you and us
- Seek your views or comments on the services we provide
- Notify you of changes to our services
- Send you ad hoc communications/newsletters which you have opted in to that may be of interest to you
- Gain your consent to screening information for our courses
We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract we have agreed between us.
• Who will it be shared with?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
If you have agreed to share your details as part of a survey we aim to either ensure you have a direct relationship with the third party e.g. survey company and voluntarily agree to their GDPR compliant policy or we use third party organisations that are GDPR compliant data processors. We are in the process of gaining confirmation of this compliance as organisations update and make themselves GDPR ready.
We may transfer and disclose personal data, as set out above, regardless of the country of residence. Countries outside the European Economic Area may not have equivalent regulations regarding the processing of personal data, but where the disclosure or transfer is to a prospective third party outside the European Economic Area, we will confirm your authorisation and will take reasonable steps to ensure that your rights and freedoms in relation to the processing of the relevant personal data are adequately protected.
Third Party Service Providers working on our behalf
We may pass your information to our third party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example psychometric survey providers). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and require them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
We may transfer your personal information to a third party as part of any business restructuring or reorganisation, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
How will you keep my data secure?
We place great importance on the security of personally identifiable information and take all reasonable precautions in relation to the security of your personal data so as to prevent unauthorised access to it both from within and outside the organisation.
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is processed through third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
Links to other websites
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about our new products and services and latest thinking or latest work then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.
We will not contact you for marketing purposes by email, text or phone unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by contacting us by email: firstname.lastname@example.org or email@example.com telephone on 07801 246113.
How you can access and update your information
The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: firstname.lastname@example.org or email@example.com
If you make a written request to Heather Rachel Johnston, you are entitled to receive a copy of your personal data held by us, which we will make available within a month. Such requests may be made free of charge at reasonable intervals, but if we feel that they are excessive, we may charge a small administrative fee.
Who do I talk to if I have any concerns?
We aim to meet the highest standards when collecting and using personal information. For this reason, we take any concerns we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
Any questions or concerns regarding this Policy and our privacy practices should be sent by writing to Heather Rachel Johnston Greenwoods, Coach Road, Great Horkesley CO6 4AX. Alternatively, you can telephone 07801 246113.
This privacy notice was drafted with brevity and clarity in mind.
We keep this Policy under regular review. This Policy was last updated on 4th May 2018.