1.0 Privacy and Data Protection
I believe that I have a duty to respect the privacy and data protection rights of
- people who contact Body in Balance and Body in Balance Training
- therapy clients or potential therapy clients of Body in Balance
- people who are students or potential students at Body in Balance Training
- people who use the Body in Balance website, mariettelobo.com
I understand that any person communicating with me at Body in Balance and at Body in Balance Training and visitors to mariettelobo.com are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party.
Your data is only collected, processed and stored when absolutely necessary and in compliance with legislation. I will never sell, share, distribute or make public your personal information. You can read about your rights and my obligations to you regarding the processing and control of your personal data at http://www.knowyourprivacyrights.org/
If you are unhappy with anything in the following policy statements you should leave the website and if you are already my client or have been in contact with me at Body in Balance or Body in Balance Training you should contact me to discuss any of your confidential data I may have.
I am registered with the Information Commissioners Office (ICO) and you can check my registration details at this page: https://ico.org.uk/ESDWebPages/Search
3.0 Relevant Legislation
This policy covers the collection, processing and other use of personal data under the UK Data Protection Act, 1998 (DPA) and the EU General Data Protection Regulation, 2018 (GDPR).
4.0 Owner and Data Controller of Website
The owner and data controller of this website is Mariette Lobo, owner/director of Body in Balance and Body in Balance Training. If you have any enquiry regarding the collection or processing of your data you should write to me by email in the first instance using this email address: firstname.lastname@example.org
5.0 The bases on which I process information about you
There are six possible bases for collecting and/or processing your personal information defined in the GDPR. I will usually use the basis of contract and the basis of consent. The remaining bases may also apply in certain circumstances.
If a basis on which I process your personal information is no longer relevant then I shall immediately stop processing your data. If the basis changes then if required by law I will notify you of the change and of any new basis under which I have determined that I can continue to process your information. You can find out more about the bases for legitimate use of personal data at this page: http://www.knowyourprivacyrights.org/legitimate-uses/
5.1 Information I process because I have a contractual obligation with you
When you buy a product or service from me or otherwise agree to my terms and conditions, a contract is formed between you and me. In order to carry out my obligations under that contract I must process the information you give me. Some of this information may be personal information. I may use it in order to:
- verify your identity for security purposes
- sell products to you
- provide you with my services
- provide you with suggestions and advice on products, services and how to obtain the most from using my website.
I process this information on the basis that there is a contract between us, or that you have requested I use the information before we enter into a legal contract.
Additionally, I may aggregate this information in a general way and use it to provide class information, for example to monitor my performance with respect to a particular service I provide. If I use it for this purpose, you as an individual will not be personally identifiable.
I shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
5.2 Information I process with your consent
Sometimes you might give your consent implicitly, such as when you send me a message by e-mail to which you would reasonably expect me to reply.
Except where you have consented to my use of your information for a specific purpose, I do not use your information in any way that would identify you personally. I may aggregate it in a general way and use it to provide class information, for example to monitor the performance of a particular page on my website.
I continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing me at email@example.com
However, if you do so, you may not be able to use my website or my services further.
5.3 Information I process for the purposes of legitimate interests
I may process information on the basis that there is a legitimate interest, either to you or to me, of doing so. Where I process your information on this basis, I do so after having given careful consideration to:
- whether the same objective could be achieved through other means
- whether processing (or not processing) might cause you harm
- whether you would expect me to process your data, and whether you would, in the round, consider it reasonable to do so.
For example, I may process your data on this basis for the purposes of:
- record-keeping for the proper and necessary administration of my business
- responding to unsolicited communication from you to which I believe you would expect a response
- protecting and asserting the legal rights of any party
- insuring against or obtaining professional advice that is required to manage business risk
- protecting your interests where I believe I have a duty to do so.
5.4 Information I process because I have a legal obligation
Sometimes, I must process your information in order to comply with a statutory obligation. For example, I may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This may include your personal information.
When I receive a complaint, I record all the information you have given to me and use that information to resolve your complaint.
If your complaint reasonably requires me to contact some other person, I may decide to give to that other person some of the information contained in your complaint. I do this as infrequently as possible, but it is a matter for my sole discretion as to whether I do give information, and if I do, what that information is.
I may also compile statistics showing information obtained from this source to assess the level of service I provide, but not in a way that could identify you or any other person.
6.1 Complaints regarding content on my website
If you complain about any of the content on mariettelobo.com, I will investigate your complaint. If I feel it is justified or if I believe the law requires me to do so, I will remove the content while I investigate. If I think your complaint is vexatious or without any basis, I shall not correspond with you about it.
7.0 Sending me a message
When you contact me, whether by telephone, through my website or by e-mail, I collect the data you have given to me in order to reply with the information you need. I record your request and my reply in order to increase the efficiency of my business.
I keep personally identifiable information associated with your message, such as your name and email address so as to be able to track my communications with you to provide a high quality service.
Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely. Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.
9.0 Personal identifiers from your browsing activity
Requests by your web browser to my servers for web pages and other content on our website are recorded. I record information such as your geographical location, your Internet service provider and your IP address. I also record information about the software you are using to browse my website, such as the type of computer or device and the screen resolution.
I use this information in aggregate to assess the popularity of the webpages on my website and how the website performs in providing content to you. If combined with other information I know about you from previous visits, the data possibly could be used to identify you personally.
10.0 Access to your personal information
To obtain a copy of any information that is not provided on my website you may send me a request at firstname.lastname@example.org
After receiving the request, I will tell you when I expect to provide you with the information.
11.0 Verification of your information
When I receive any request to access, edit or delete personal identifiable information I shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
11.1 Removal of your information
If you wish me to remove personally identifiable information from my website or from any business information resource I maintain, you may contact me at email@example.com
This may limit the service I can provide to you.
12.0 Use of my services and use of website by children
I do not sell products or provide services for purchase by children, nor do I market to children. If you are under 18, you may use my website only with consent from a parent or guardian.
13.0 Encryption of data sent between us
My website uses Secure Sockets Layer (SSL) certificates to verify my identity to your browser and to encrypt any data you give me.
Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.
14.0 How you can complain
If a dispute is not settled then I hope you will agree to attempt to resolve it by engaging in good faith with me in a process of mediation or arbitration.
If you are in any way dissatisfied about how I process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office. This can be done at https://ico.org.uk/concerns/
15.0 Retention period for personal data
- provide you with the services you have requested
- comply with other law, including for the period demanded by the tax authorities
- comply with my professional insurance policy
- comply with my professional association’s reccommendations
- support a claim or defence in court.
17.1 Change log
11/05/2018 – Version 1