Privacy Policy

/Privacy Policy
Privacy Policy 2018-05-12T03:10:45+00:00

1. Introduction and Scope

This document concerns YOUR personal data, legally defined as information concerning any living person that is not already in the public domain, and covers legislation from The Data Protection Act (DPA), Privacy and Electronic Communications Regulations (PECR) and The General Data Protection Regulations (GDPR).

The aforementioned regulations seek to protect and enhance your rights as a data subjects, and cover the safeguarding of personal data, protecting the user against the unlawful processing of personal data and the unrestricted transfer of personal data within the EU.

Please be aware; GDPR does not apply to information already accessible in the public domain, for example, Companies House data, or domain registration information.

In this policy document, “we”, “us” and “our” refer to the data controller listed in Section 2.4 of this document.

1.1 BODILIGHTOSTEOPATHY.CO.UK is committed to safeguarding the privacy of visitors to our website (https://www.bodilightosteopathy.co.uk) and general service users, in accordance with the General Data Protection Regulation (GDPR) 2018.

1.2 This Privacy Policy applies to all cases in which BODILIGHTOSTEOPATHY.CO.UK is acting as a data controller responsible for the processing and safeguarding of personal data of website visitors and service users.

1.3 Upon first visiting our website, you will be asked to agree to the terms presented in this policy document, and to the use of cookies. Continued use of our website after the privacy/cookie notice implies consent has been granted by the user (YOU).

2. Who we are

The information provided in this section clearly defines who “we” are, and who is responsible for managing your personal data. Methods of contact should also be clearly defined in accordance with EU laws on service provider transparency.

If you believe information is missing or incorrect in this section, or does not adequately describe the service provider, you should discontinue use of this website immediately.

2.1 Who are we?

BODILIGHTOSTEOPATHY.CO.UK is an osteopath clinic which specialises in offering a range of proven, safe and highly successful services including osteopathy, posture analysis, sports massage, personal pilates coaching and rehabilitation/sports therapy.

2.2 Physical address

344 Avebury Boulevard
Milton Keynes
Buckinghamshire
MK9 2JH

2.3 Contact methods

You can contact us via any of the following methods:

(a) By post to

344 Avebury Boulevard
Milton Keynes
Buckinghamshire
MK9 2JH

(b) Use of our website’s contact form on the following URL

https://www.bodilightosteopathy.co.uk/contact-us/

(c) By telephone

(01908) 722499

(d) By email

osteopath@bodilight.co.uk

2.4 Data Protection Officer

Our data protection officer/data controller is Paul Avraam and contact details for the aforementioned controller are as detailed above in section 2.3.

3. Collection of YOUR personal data

The section below will detail the types of data that is collected, in addition to the methods of collecting this data.

3.1 User provided information

BODILIGHTOSTEOPATHY.CO.UK will collect direct information provided by you (via contact forms, for example) to provide quotations, make telephone contact, or to email you concerning any information you may request.

3.2 Automatically collected information

Whilst visiting our website, some additional personal data may be collected, including but not limited to personally-identifying information like Internet Protocol (IP) addresses, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information concerning the timing, frequency and pattern of your service use.

3.3 How YOUR data on our website is collected and stored

Data will be collected on our website in the following ways:

a) Via web contact forms on our website

Data provided via our website forms is manually submitted by the user, and stored in an encrypted MySQL database.

b) Via Google Analytics tracking

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic and user behavior, enabling us to enhance the user experience and analyse marketing.

Google use cookies to offer this service and their privacy policy is available at: https://www.google.com/policies/privacy/

All data is stored on Google’s secure servers.

c) Via web server tracking software provided with our web hosting

Our web hosting provider may track user behaviour and monitor potential security threats, and as such will collect data designed to keep the website operational and your information secure.

All data is stored on our web host’s secure servers and will be made available in association with a relevant data protection request.

d) Via browser cookies

Our website uses cookies, defined as a string or array of information that a website stores on a visitor’s computer. YOUR browser provides this information on each visit to our website.

Website visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our website.
Further information on browser cookies and how to manage them can be found in section 12 of this document.

4. Use of YOUR personal data

It is required that ANY use of YOUR personal data will be lawful and fair, and initiation of data transfer from user (YOU) to BODILIGHTOSTEOPATHY.CO.UK should be easy to understand, and be transparent as to which data is being processed and how it may be used.

4.1 Lawful basis for data processing

Your personal data will only be used only to provide or enhance a service that you have initiated or requested.

BODILIGHTOSTEOPATHY.CO.UK will never use your personal data for operations outside the defined scope of our working arrangement or contract, unless legally required to do so.

4.2 Legal obligations

Should it be legally required to divulge your personal information to a higher authority such as law enforcement organisations, YOU as the user will be notified of any such data transfer.

5. Transfer of YOUR personal data

5.1 Third party transfer

If it is necessary to utilise your details for a third party service such as Google Analytics, this data transfer will only take place upon your direct instructions in writing or email.  No transfer will take place without your consent.

5.2 Third party conformity

Should any transfer occur, BODILIGHTOSTEOPATHY.CO.UK expect all third party organisations to adhere to the same data protection regulations.

5.3 Data transfer outside of EEA

Should data transfer concerning YOU be necessary to an organisation outside of the European Economic Area (EEA), YOU will be notified beforehand and must consent before any data transfer takes place. No data transfer will take place without prior consent.

5.4 External data transfer via hyperlinks

This website may include relevant hyperlinks to external websites not controlled by BODILIGHTOSTEOPATHY.CO.UK. Whilst all reasonable care has been exercised in selecting and providing any such links, you are advised to exercise caution before clicking any external links. We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents which may be provided to you.  No personal data will ever be passed to external websites via hyperlinks as detailed above.

5.5 Transfer internally across website

All data transferred from page to page, from page to mailer, or from page to database is sent encrypted via the HTTPS protocol.  The site is protected via a COMODO RSA SSL certificate.

6. Your rights as a data subject

6.1 Your rights

At any point whilst BODILIGHTOSTEOPATHY.CO.UK is in possession of, or processing your personal data, all data subjects have the following rights as dictated by EU laws and regulations:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to erasure – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.

6.2 Refusal of access

In the event that BODILIGHTOSTEOPATHY.CO.UK refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge this refusal, or lodge an official complaint to the ICO (see Section 13).

7. Transparency of data held

7.1 Requesting information

BODILIGHTOSTEOPATHY.CO.UK is legally obligated to provide the data we have collected concerning YOU at any time. You may request the following information:

  • Information concerning how we collected the data.
  • Contact details of the data protection officer, if applicable.
  • The purpose of the processing your information, in addition to the legal basis for processing.
  • The categories of personal data collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • How long the data will be stored.
  • Details of your rights to correct, erase, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • How to lodge a complaint with the supervisory authority (ICO).
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
  • The source of personal data if it wasn’t collected directly from you.
  • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

7.2 Verification requirements

To access what Personal data is held, identification will be required for verification. This may be a copy of your current driving licence, your passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If BODILIGHTOSTEOPATHY.CO.UK is dissatisfied with the materials provided, further information may be sought before personal data can be released.

8. Consent and withdrawal of consent

8.1 Consenting and withdrawal of consent

Through agreeing to this privacy notice you are consenting to BODILIGHTOSTEOPATHY.CO.UK processing your personal data for the purposes outlined. You can withdraw consent at any time by emailing or phoning the data protection officer detailed in this document.

9. Data retention policy

9.1 Data storage expiration

BODILIGHTOSTEOPATHY.CO.UK will process personal data during the duration of any contract and will continue to store only the personal data needed for three years after the contract has expired to meet any legal obligations. After this period any personal data no longer required or dormant will be deleted.

10. Data storage

10.1 Storage of data across multiple locations

Data collected by this website is held primarily in the United Kingdom using different (multiple) servers.  However, data is backed-up to servers across Europe via cloud storage backup solutions. All servers are located in locations that are required to comply with the same data protection regulations.  Our primary load balancing system for cloud server operation is based in Bulgaria.

10.2 Transparency of data storage by third party providers

As defined in sections 4 and 5, your data may be transferred by BODILIGHTOSTEOPATHY.CO.UK to a third party service to enhance your user experience or to provide client services.  Companies that may have access to some of your data and the data they are able to process is as follows:

  • Google (Analytics) – Email address and website address

11. Amendments

11.1 Policy updates

We may update this policy without notice. The most recent version will always be available on our website.

11.2 Keeping up to date with this policy

Website users should check this page occasionally to ensure you are in agreement with any changes to this policy.

12. Cookies

12.1 Types of cookie

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

12.2 Data contained within cookies

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

12.3  Storage of cookie data

Information provided in these cookies may be stored by BODILIGHTOSTEOPATHY.CO.UK in an encrypted MySQL database if it’s necessary the operation or our website. Cookies will also be stored by YOU, should your browser be set to use them.

12.4 Refusing and deleting cookies

Most modern browsers allow you to refuse to accept cookies and also allow you to delete cookies.

The methods for doing so vary from browser to browser, from version to version, and can be dependent on operating system. You can however obtain up-to-date information about blocking and deleting cookies via the following:

12.5  The impact of blocking cookies

Blocking all cookies will have a negative impact upon the usability of many websites, and should you block cookies on our website, you will not be able to use all of the features of our website.

13. Complaints

13.1 Filing a complaint to the ICO

In the event that you wish to make a compliant about how your personal data is being handled, you have a legal right to complain. If you do not get a response within 30 days of your correspondence, you can initiate a complaint to the ICO.

ICO
Address:  Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone: 0303 123 1113
Email: https://ico.org.uk/global/contact-us/email/

14. Policy Updates

14.1 Latest version

The latest version of this document is dated 10th May 2018.

14.2 Previous revisions

None