Fiona’s Privacy Policy

May 2018 (as per the new EU GDPR)

This is the privacy policy for Fiona Grant, trading as The Angel Sisters

and as the following website: TheAngelSisters.com

Contact details:

01202 862864 Ferndown, UK

Click/tap here to access contact email

Personal data means any information capable of identifying an individual. It does not include anonymised data.

There are two sections to the following information:

  1. About your personal data – the type of data that is collected or used, including when, how and why
  2. Your rights – all the ways that you can control what happens with your data

 

About your personal data:

By providing me with your data, you warrant to me that you are 18 years of age or older.

I will only use your personal data when legally permitted. The most common uses of your personal data are:

  • Where I need to perfrom the contract between you and me.
  • Where it is necessary for my legitimate business interests, and your interests and fundamental rights do not override those interests.
  • Where I need to comply with a legal or regulatory obligation.
  • You have given your consent.

When you make an enquiry via email, phone or forms on the website

The name and contact details you give and the content of your message(s) are retained as part of a contract only while we communicate, and for legimate business interests, as good business practice I keep tabs on who has made contact before, the type of questions asked etc.

When you purchase a service (e.g. reading, meditation, programme, workshop, group)

This is classed as a contract between you and me. Your contact details are used to perform the contract.

Your purchase history summary, (and a printout of the PayPal purchase summary, if you have paid by credit or debit card using the online payment facility PayPal ), is retained for six years beyond the end of the contract for legal reasons – accounting law.

Your name and email may be retained beyond the end of the contract for me to make suggestions and recommendations to you about a service that may be of interest to you and benefit you, or it could be to ask for a review or to take a survey. This is for my legimate business interests to learn how my clients use my services/products, to develop them, to grow my business and to inform my marketing.

 When you work with me

All client sessions are held in the strictest of confidence and all information obtained will remain confidential, unless see section on Sharing your Data below.

Dependent on the work, you may wish (or need) to provide personal details of a sensitive nature.

With some services an intake form will need to be completed and these are retained in a printed or combination printed and handwritten format and include your contact details and where appropriate, signature. The sensitive nature of such documents will generally be in relation to health or medical history.

With some services session notes are required, these are notes handwritten by me for the purpose of fulfilling our contract and keeping tabs on the work during the session and from one week to the next, with only initials, date, session number as identifiers.

In both cases I am required by law to retain these records for seven years after the completion of our contract.

Marketing emails

I have two email newsletter mailing lists:

  1. I use MailChimp as The Angel Sisters marketing automation platform, which you are advised of when you give your consent to receiving The Angel Sisters email newsletter and marketing emails via the website, or when you have give your consent to me by signing up with your signature or initials at a workshop, talk, group, fayre, festival etc. You have the right to withdraw consent to receiving marketing, and can ask us to stop sending you our newsletter and marketing emails by following the opt-out link on any marketing email sent to you via MailChimp, or by emailing me at the above email address at any time.
  2. My original Angel Aura (previous name of business) mailing list which does not use a marketing automation platform. I am not taking any new subscribers to this list. For those on this list, consent has been given by emailing me to receiving The Angel Sisters email newsletter and marketing emails. You can ask us to stop sending you our newsletter and marketing emails by emailing me at the above email address at any time.

You may also receive emails from me if you have purchased services from me.  This could be to make suggestions and recommendations to you about a service that may be of interest to you and benefit you, or it could be to ask for a review or to take a survey. This is for my legimate business interests to learn how my clients use my services/products, to develop them, to grow my business and to inform my marketing.

Sharing your data

Your privacy is important and I will not sell your data. Nor will I share your data for other people, businesses or companies to market to you.

In continuation of current UK law on confidentiality I also retain the right and in some cases the legal requirement to breach confidentiality to inform an authority such as the police or your GP of impending harm or illegality.

Data Security

I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Third-Party Links

This website includes links to third-party websites, MailChimp, PayPal, Facebook and Twitter. Clicking on those links may allow third parties to collect or share data about you. I do not control these third-party websites and are not responsible for their privacy statements. When you leave The Angel Sisters website, I encourage you to read the privacy notice of every website you visit.

Please note: 
The ways I process your data (and the legal bases used) are constantly under review as my business grows and develops. Please always refer to the current privacy notice which can be found on my website.

 

Your Rights

The GDPR sets out clearly what your rights are. It also lays out deadlines for a reply and other rules which are reproduced for your information at the bottom of this section.

Right to be informed

You have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the GDPR.

I must provide you with information including: my purposes for processing your personal data, my retention periods for that personal data, and who it will be shared with. This ‘privacy information’ is provided above.

I must provide you with privacy information at the time I collect your personal data from you, in other words it has to be available to you before you fill in a form or hand over your data such as your email address.

If I obtain your personal data from other sources, e.g. from the payment service provider you selected, I must provide you with privacy information within a reasonable period of obtaining the data and no later than one month.

There are a few circumstances when I do not need to provide people with privacy information, such as if an individual already has the information or if it would involve a disproportionate effort to provide it.

The information I provide to people must be concise, transparent, intelligible, easily accessible, and it must use clear and plain language.Therefore if there is anything you do not understand, please get in touch.

Right of access

You have the right to access your personal data and supplementary information.This allows you to be aware of and verify the lawfulness of the processing.

You are entitled to confirmation that your data is being processed, access to your personal data, and

other supplementary information as provided in this privacy notice

Right to rectification

You have the right to have the data your personal data corrected if it is incorrect, or completed if it is incomplete.

Right to erasure

You may request, verbally or in writing, to have your data erased. This is also commonly known as ‘the right to be forgotten’. This right only takes effect when:

  • Your personal data is no longer necessary for the purpose for which it was originally collected or processed,
  • you withdraw your consent when the sole legal basis to hold this information is your consent,
  • There is a legitimate interest in processing this data, which does not override your request
  • processing/analysingof the personal data was for direct marketing purposes and this is the use you object to
  • your personal data was processed unlawfully without a proper legal basis; or
  • there is a legal obligation to comply with your request.

Right to restrict processing

You have the right to request the restriction or suppression of your personal data. In other words you want to stop the data being used but keep it on file.

In this caseyour personal data cannot be used and can only be stored unless:

  • you give your consent;
  • it is for the establishment, exercise or defence of legal claims;
  • it is for the protection of the rights of another person (natural or legal); or
  • it is for reasons of important public interest.

Right to data portability

This allows you to obtain and reuse your personal data for your own purposes across different services.It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. Doing this is meant to enable you to take advantage of applications and services that can use this data to find you a better deal or help you understand your spending habits. In general this rule exists for data held by big service providers, such as your call history or insurance or gas bill history. The right also only applies to information you have provided.

Right to object

Individuals have the right to object to:

  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • direct marketing (including profiling); and
  • processing for purposes of scientific/historical research and statistics.

Your objection must be made on grounds relating to yourparticular situation.

Once you object your data can no longer be processed, unless

  • there are demonstrably compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
  • the processing is for the establishment, exercise or defence of legal claims.

You may complain directly to me using the contact details above. If you find the outcome unsatisfactory you are then able to object or complain to: Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

Timelines:

You can claim a right verbally or in writing.

A response should come without delay and at least within one month of receipt. The time limit is calculated from the day after you make the request (whether the day after is a working day or not) until the corresponding calendar date in the next month.

I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request to speed up our response.

I aim to respond  to all legimate requests within 28 days. Occasionally it may take me longer than a month if your request is particularly complex or you have made a number of requests. In this case, I will notify you and keep you updated.

Exceptions:

When you request access to your data, a copy must be provided free of charge. However, you can be charged a ‘reasonable fee’ when a request is:

  • manifestly unfounded or excessive, particularly if it is repetitive, unless that’s because I failed to respond; or
  • for further copies of the same information (that’s previously been provided).