PRIVACY POLICY

We understand that your privacy is important to you, so this privacy policy provides you with all the details on how we collect and then process your personal data through the use of our site www.mandylaingacupuncture.

Please read this privacy policy carefully and ensure that you understand it. 

What data do we collect about you and for what purpose?

We may process the following personal data:

User data - Includes data on how you use our website or and any services you use or data you post for publication on our site. This data is used to ensure our website provides relevant content to you, maintain back ups of our website and/or databases, to ensure the security of the website and enable administration and publication of our website. This data is processed to allow us to properly administer and our website and business.  

Customer data - This relates to any data used for purchasing goods or services where we require your name, title, billing and delivery addresses, email address, phone number, purchase details, contact details and payment details. This data is processed to allow us to provide you with the services/goods purchased and record the transactions. The lawful grounds for this data collection is a contract between yourself and us/or steps at your request to enter a contract. 

Communication data - Communication data applies to any form of contact you have had with us, this could be the online form on our website, through email, text, social media messaging or posts, or any other form of communication you send us. The reason and lawful grounds for processing this data is for returning communication streams with you, to keep records of conversations and in some cases for the action or defence against legal claims. 

Technical data - Includes data about your use of our website, including you IP address, login data, length of visit to pages, navigation paths, details about the number of times you use our website, details about your browser and other technology on the devices you use to access our website. The source of this data is from the analytics tracking system. The legitimate grounds behind this are to properly administer our website and business and grow the business and determine the marketing strategy. 

Marketing data - That includes data about your preferences on receiving marketing from us, our third parties and your communication preferences. By processing this data it allows you to take part in our promotions such as prize draws, competitions and give-aways to deliver website content and advertisements. Our grounds for processing this data, is to study how customers use our products/services and to help develop our marketing strategy.  

We may also use User Data, Customer Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you - through facebook ads and other display advertisements. The lawful grounds are our legitimate interests which are to grow the business. We may also use such data to send out marketing communications to you. 

Your legal rights:

Under the GDPR, you have the following rights, which this privacy policy and our use of personal data guarantee:

  • The right of access to any personal data we hold about you;

  • The right to be informed about how we collect and then use your personal data;

  • The right to correct any personal information we hold about you that has changed or incorrect;

  • The right to prevent any processing of your data;

  • The right to request for us to delete any personal data of yours that we have about you;

  • The right to object to us using your personal data for specific reasons;

  • The right to data portability; 

  • The right to not be subject to a decision based solely on automated processing.

For further information about your rights, seek advice and help from the Information Commissioner's Office or your local Citizen's Advice Bureau. 

Sharing of your personal data:

Subject to the below items, we will not share any of your personal data with any third parties for any reasons.

  • When compiling statistics about the use of our website, including usage patterns, traffic, user numbers and sales. All data will be anonymised and not include any identifiable personal data. In certain cases where data is shared with third parties such as advertisers, prospective investors or partners, data will only be used and shared permitted by law.

  • In some instances we may contract with third parties to supply services to yourself on behalf of us. These could include payment processing, search engine facilities, delivering of goods, advertising and marketing. In cases where the third parties require access to some or all of your data, we take all reasonable steps to ensure your data is handled safely, securely and in accordance with the your rights, our obligations and the obligations of the third party under the law.

  • In some cases we use third party processors, who are located outside the European Economic Area ("the EEA"). The EEA consists of all EU members, plus Iceland, Norway and Liechtenstein. If we transfer any data outside of the EEA, we will take all reasonable steps to make surer your data is safe and secure, as it would be in the UK and under the GDPR. 

  • In certain circumstances, we may be legally required to share data held by us, this could include your personal data when involved with legal proceedings, where we are complying with the requirements of legislation such as a court order or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of us.

Data security

We have put in place security procedures to prevent your personal data from being accidentally lost, used, disclosed, altered or accessed without authorisation. We only access to you personal data to those employees and partners who have a business need to know such data. They will only process data on our instruction and will keep it confidential. 

We have measures in place to deal with any suspected personal data breach, you will be notified and any applicable regulator of a breach if we are legally required to. 

Data retention

We will retain your personal data only for as long as is necessary, to fulfil the purposes we collected it. To determine the length of time data is maintained 

For tax purposes we are required by law to keep basic data information about our customers this includes: Identity, Contact and Financial and Transaction data, for six years after they are no longer customers. 

How can you access your data?

You have the right to ask for a copy of your personal data held by us. Under the GDPR no fee is payable, and we will provide any and all information upon your request, free of charge.

Contacting us

If you have any questions about our site or this privacy policy, please contact us by email at mandy.laing@icloud.com. Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you. 

Changes to our privacy policy

We keep our Privacy Policy under regular review. We will post any updates on the website. If significant changes are made we will directly contact you by email so you can review the changes. Please check back frequently to see any updates or changes to our Privacy Notice.