This document sets out how data is collected and stored about the user related to this site, onlywellbeing.com.
Data Controller: Jeanne Wearing
How Information is Collected
- By completing our request form
- By using the contact request form the information collected is all the items listed on the form with the addition of IP address. Those form fields are composed of name, contact email address and subject. Additional information may be provided as the user may consider relevant.Additionally the IP address is logged and in all cases the user is sent a copy by email of the information collected.
- Request information is recorded by server logs. Server logs include date and time, IP address, pages accessed, referral link if relevant, name of browser used and operating system. This information storage by logs is standard procedure by all web servers.
How your Information is used
The information provided is used store customer contact details.
Legal basis for OnlyWellBeing processing customer personal data
OnlyWellBeing collects and uses customers’ personal data because is it necessary for:
– the pursuit of our legitimate interests (as set out below);
– the purposes of complying with duties and exercising rights under a contract for the sale of services to a customer; or
– complying with legal obligations.
The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of OnlyWellBeing, including:-
– selling and supplying services to customers;
– protecting customers, maintaining their safety, health and welfare;
– promoting, marketing and advertising services;
– improving existing services and developing new services;
– complying with our legal and regulatory obligations;
– handling customer contacts, queries, complaints or disputes;
Information Disclosure to Third Parties
Disclosure to third parties is limited to the extent which is required to fullfil a contract or as may be required by law
Information may be exposed to service providers such as email, telephone, hosting.
Under no circumstances is your personal information sold to third parties
Necessary Information Disclosure
Disclosure of personal information my be required by law:
- Suspicion of criminal act or threat to public safety
- Enforcement of legal rights
- Under the circumstance of legal dispute or proceedings
Term of Information Retained
Information retention is kept to a minimum and absolutely no longer than necessary. Such information as may be required by taxation and other authorities as dictated by their requirements.
Server log data is retained for one year.
Where a contract has been executed, information is retained for a period of six years after the conclusion of the financial year in which it was executed.
Correspondence involving the negotiation of a service will be retained for as long as the enquiry remains unresolved. and for a further six months and then deleted.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
All reasonable measures have been taken to ensure industry standard security implementations are in place including a domain TLS (SSL) certificate. The said certificate permits secure (encrypted) two way communication between site user and site server. Depending on the browser (Google Chrome, Firefox etc) an indication of a secure connection by mounting a green / grey padlock at the beginning of the site address. Or by making no indication unless the connection is considered not secure.
Information Transfer Outside European Economic Area
No information is deliberately transferred outside the EEA, data is stored in a secure location in the UK.
However, service providers ( email etc) may store information in the United States of America
Automated Decision Making and Profiling
No use is made of this technology.
Sensitive Personal Information
No attempt is made to collect information of this nature.
Your Rights in Relation to Your information
You have the following rights:
- the right to ask for a copy of personal data held about you (the right of access);
- the right to request that we delete personal data held on you; where we no longer have any legal reason to retain it (the right to be forgotten);
- the right to request update and correct any out-of-date or incorrect personal data held about you (the right of rectification);
- the right to ask us to ‘restrict processing of data’; which means that we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and
- the right to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability).
- If you wish to exercise any of the above rights, please the contact details set out above.
You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the General Data Protection Regulation.