The following outlines the Privacy Policy for HealCraft Therapies. Please read the contents so you can understand how I use the personal data I collect about you or that you have provided me with. Only use the website if you’re happy with my policy.

​

It is my policy to collect, process and share the personal data ('data') provided to me by you in order to carry out the services requested by you and any contact in relation to those services only.  Your data will not be used for any purposes other than those explicitly stated in this Privacy Policy or requested by you in your dealings with me.

​

This Privacy Policy describes how I collect, use, protect, process and share your data when you book appointments with me, either online or directly, and when you communicate with me throughout the process of treatment and at any other time.  This Privacy Policy does not provide exhaustive detail.  However, I am happy to provide any additional information or explanation needed.  Any requests for this should be sent to glrobartes@gmail.com 

​

This HealCraft Therapies Privacy Policy does not apply to the information processed by third parties on behalf of HealCraft Therapies, nor to any other websites and website links featured on my website. However, I have reviewed their Privacy Policy/ies and I am satisfied that they meet the standards set out in the General Data Protection Regulations 2018. If you visit/use websites and website links featured on this website then please read their Privacy Policy/ies to confirm that they follow GDPR protocols.

​

I may update this Privacy Policy at any time to enable me to carry out the services I provide in the most effective and efficient way possible.  I will notify you of any changes by revising the date on my published document on my website and in clinic, or for more substantial changes by contacting you via email or text to seek consent.  This Privacy Policy was last reviewed 22 May 2018.

​

1.  THE IDENTITY OF THE DATA CONTROLLER

You are hereby informed that the data that you provide is collected, used, protected, processed and shared by HealCraft Therapies.

​

2.  COLLECTION OF DATA

I may collect data about my clients, prospects and visitors.

​

Your data are collected when you browse our website, contact me via email, phone or in person or through my website. 

​

Data I collect fall into the following categories:

• Identification information

• Contact information

• Medical information

• Browsing information

 

These data are gathered directly from you via online booking and from direct communication with me, i.e. client intake form.  Browsing history is collected via automated methods.

​

2.1.  Information you provide to me

I process data you provide directly to me, in particular when you complete a client intake form or book online.

​

For example, I collect data when you create a booking, use the services, participate in a contest or promotion, register for an event or an online course, apply for a job, request customer support or otherwise communicate with me.

​

The data may include the following data as well as any other type of information that I specifically request you to provide to me through my client intake forms, such as:

• Names

• Address

• Date of birth

• Phone no.

• Email

• Doctor’s details

• Next of kin

• Medical history

• Medical red flag(s)

• Treatment notes

• Relationship data

• Browsing data

​

2.2.  Data I collect automatically when you use my online services

When you access or use my online services, I automatically collect the following information about you:

• Log information:  I log information about your use of the services, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to my services.

• Device information:  I collect information about the computer or mobile device you use to access my services, including the hardware model, operating system and version, unique device identifiers and mobile network information.

• Location information:  I may, with your consent, collect information about the location of your device each time you access or use one of my mobile applications.  If you initially consent to my collection of location information, you may be able to subsequently stop the collection of these data through your device's operating system settings.  You may also stop my collection of location information by following the standard uninstall process to remove my mobile applications from your device.

​

2.3.  Information I collect automatically through cookies and other tracking technology

I may use cookies, web beacon and other similar technologies on my online Services to collect information and provide you with the services or products that you have requested. By using this website, you agree to the use of website cookies.

​

A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and which is used to record information related to the navigation or the use of a device or a website.

​

Session (Transient) cookies: These cookies are erased when you close your browser, and do not collect information from your computer. They typically store information in the form of a session identification that does not personally identify the user.

​

Persistent (Permanent/Stored) cookies: These cookies are stored on your hard drive until they expire (i.e based on a set expiration date) or until you delete them. These cookies are used to collect identifying information about the user, such as Web surfing behaviour or user preferences for a specific site.

 

A “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity.  They are also sometimes referred to as pixels and tags (also known as “tracking pixels”).  It may be used in my services or emails and help deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon.  For more information about cookies, and how to disable them, please see 'Your Choices' below.

​

I use cookies and other similar technologies to collect information for the purposes described in this Privacy Policy.  I may also combine the information collected by these technologies with information I have collected about you by other means that are described in this Privacy Policy.

​

Some of the cookies are used for the exclusive purpose of enabling or facilitating communication or are strictly necessary for the provision of my online services.These are essentially of session cookies for authenticating and connecting to my online services, as well as memorising navigation items during a session.

​

You have the ability to decline cookies by changing the settings on your browser but this might prevent you from benefiting from some elements of my online services.  You can also consult or destroy cookies if you wish, since they are stored on your hard disk.

​

I may also use these technologies for other purposes than my online service operation, such as:

• To improve my online services

• To remember you, for your convenience, when you use my online services.

 

I inform you, in particular, that I use Google Analytics to collect information about use of my online services.  I do not combine the information collected through the use of Google Analytics with personally identifiable information.  I inform you that Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit my site, the cookie cannot be used by anyone but Google.  Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.  You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.  For more information on Google Analytics, please visit Google Analytics.

​

2.4.  Third-party cookies

When you access or use my online services, one or more third-party cookies are likely to be placed on your equipment.

​

I inform you that I have no access to, and cannot exercise any control over, third-party cookies.  However, I shall ensure that the partner companies agree to process the information collected on my online services in compliance with the GDPR and undertake to implement appropriate measures to secure and protect data confidentiality.

​

The types of cookies implemented by Wix and HealCraft Therapies and their purpose on this website are:

svSession: Creates activities and BI

hs: Security

incap_ses_${Proxy-ID}_${Site-ID}: Security

incap_visid_${Proxy-ID}_${Site-ID}: Security

nlbi_{ID}: Security

XSRF-TOKEN: Security

smSession: Identify logged in site members

_wixUIDX: Wix technical cookie

_wix_browser_sess: Wix technical cookie

userType: Wix technical cookie

_pinterest_cm: Ensures that you can share this website's pages via Pinterest by means of the 'share' button.

​

3.  HOW I USE THE DATA

I may use information about you for the following purposes:

• Provide, maintain and improve my services

• Provide and deliver the service you request, process transactions and send you related information, including confirmations and invoices

• Send you technical notices, updates, security alerts and support and administrative messages

• Respond to your comments, questions and requests, and provide customer service

• Monitor and analyze trends, usage and activities in connection with my services

• Personalise and improve the services I provide

 

According to the GDPR, the legal basis I use for processing your data is Consent and Legitimate Interests (the latter is included because I may need to outsource any prescriptions to appropriate dispensaries, or specialised laboratory testing may be required). 

 

I also have a legitimate interest in maintaining my relationship with you and showing you information that I hope is relevant, interesting and useful to you. I acknowledge your trust and I am committed to take responsible steps to protect personally identifiable information you provide from loss, misuse, and unauthorised access.

​

4.  HOW I SHARE YOUR DATA

• I share your data with my online booking system to help me provide our service, including bookings, financial transactions and booking confirmations

• I will seek your express consent before sharing your information with your GP or other healthcare providers.  However, if I believe that your life is in danger then I may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests

• I may share your case history in an anonymised form with our peers for the purpose of professional development.  This may be at clinical supervision meetings, conferences, online forums, and through publishing in medical journals, trade magazines or online professional sites.  I will seek your explicit consent before processing your data in this way

• In response to a request for information if I am required by – or believe that disclosure is required by – any applicable law, regulation or legal process, including in connection with lawful requests by law enforcement, national security, or other public authorities

​

I will not sell, distribute or lease your personal information to third parties unless I have your express written permission or I am required by law to do so. I do not ask any third party companies to process your data on my behalf without your consent.

​

Under normal circumstances, details of your records will only be released upon your written consent, and this includes to General Practitioners (GPs). Client confidentiality will be maintained at all times except when to do so may be considered to lead to a risk to public safety; if I believe that your use of the site is unlawful or damaging to others, I reserve the right to disclose the information I have obtained through the site about you to the extent that is necessary to prevent, remedy or take action in relation to such conduct. 

​

5.  THE PERIOD OF DATA RETENTION

Following completion of your healthcare, I retain your personal data for the period defined by my professional association, the Association of Master Herbalists (AMH). This enables me to process any complaint you may make. In this case, the legal basis of my holding your personal data is for contract administration. 

 

6.  DATA ACCESS

Upon receiving a written request from you seeking access to your data, I will provide either a hard or electronic copy of the data that I hold on you, to be sent by registered post or email, respectively.  This will include exports of the information held about you on my website. I will provide your data to you within a period of 28 days from the date that I receive your request and confirm receipt of such a request.

​

Please make any requests in writing to glrobartes@gmail.com. I may need to verify your identity so I may ask for a copy of your passport, driving licence or a recent utility bill.​

 

7.  DATA AMENDMENTS

Upon receiving a request from you to update, correct or amend your personal data held by me, I will make the amendments within a period of 7 days from the date that I receive your request and confirm receipt of such a request. 

​

Please make any requests in writing to glrobartes@gmail.com. I may need to verify your identity so I may ask for a copy of your passport, driving licence or a recent utility bill.​

 

8.  SECURITY

I am committed to taking appropriate measures designed to keep your data secure.  My technical, administrative and physical procedures are designed to protect data from loss, theft, misuse and accidental, unlawful or unauthorised access, disclosure, alteration, use and destruction.  I follow generally accepted standards to protect the personal information submitted to me, both during transmission and once it is received and use is for business functions.

​

My email list is (and will be) stored by the online service known as "Mailchimp" - please read their privacy policy for more information.

 

9.  YOUR RIGHTS

Under the General Data Protection Regulations 2018 (GDPR), individuals have significantly strengthened rights to:

• Obtain details about how their data are processed by an organisation or business

• Obtain copies of personal data that an organisation holds on them

• Have incorrect or incomplete data corrected

• Have their data erased by an organisation where, for example, the organisation has no legitimate reason for retaining the data

• Obtain their data from an organisation and to have that data transmitted to another organisation (data portability)

• Object to the processing of their data by an organisation in certain circumstances

• Not to be subject to (with some exceptions) automated decision making, including profiling.

​

10.  IN THE EVENT OF A DATA BREACH

Every precaution will be taken to avoid a breach of your data.  However, if such a breach should occur, it will be documented, assessed as to its severity and appropriate action taken.  The Information Commissioner's Office (ICO) will be informed and you will be contacted to assist you in taking steps to mitigate the risks to yourself if the breach is deemed sufficiently severe to put you or your identity at risk.

​

11.  FINAL NOTES

By using this site, you acknowledge acceptance of this privacy statement in effect at that time of use.

​

If you have any questions, comments or concerns about how I handle your personal information, please contact glrobartes@gmail.com

​