PRIVACY & COOKIES POLICY

Cookies Policy

 

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics.

 

As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

How do we use cookies?

On this website cookies are used to:

 

• Add items to the shopping basket and purchase your selections.

• Remember who you are each time you visit the website and comment on the blog, and allow you to login and maintain your account.

• Improve the site by collating data using Google Analytics.

PRIVACY POLICY

 

Illume & Bloom (https://illumeandboom.com) is a holistic wellness and vibrational essences business and this policy sets out how I, Hollie Jeans, collect and use personal data and what it is used for.

What information do I collect?

Therapy clients

 

In order to give professional treatments, I collect and keep the following information about your health and well being:

 

• Your contact details (name, telephone number, address, email address)

• Medical history and other health-related information

• Treatment details and related notes

 

I collect this information based on your explicit consent. You can refuse to share the above information at any time, but please be advised that this may affect my ability to deliver your treatment.

 

 

Online shop customers

 

In order to fulfil your order received through https://illumeandbloom.com, you must provide me with:

 

• Your contact details – name, email address, postal address

• Payment information (Please note that I do not have access to your credit and debit card details. Your payment is processed by Stripe – their Privacy Policy can be found here)

• Details of the product(s) you are ordering

• You may also choose to provide additional information (for a custom essence, for example)

• For users that register on the website, the personal information you provide in your user profile is stored. All users can see, edit, or delete their personal information at any time (except you cannot change your username)

How will this data be used?

Client Records

 

As a full Member of the Association of Reflexologists, or AoR (MAR), I abide by the Code of Conduct and Ethics for this organisation. The lawful basis under which I hold and use your information is my legitimate interests – my requirement to retain the information in order to provide you with the best possible treatment options and advice. As I hold Special Category data (i.e. health related information), the Additional Condition under which I hold and use this information is: for me to fulfil my role as a health care practitioner bound under the AoR Confidentiality as defined in their Codes of Ethics and Conduct.

 

 

Customer orders and website visitors

 

I rely on a number of legal bases to use your data, including:

 

• as needed to provide my services, such as when I use your information to fulfil your order, respond to enquiries, or to provide customer support;

• when you have provided your affirmative consent, which you may revoke at any time;

• if necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law; and

• as necessary for the purpose of my legitimate interests, if those legitimate interests are not overridden by your rights or interests, such as providing and improving my services.

Who do I share your data with?

I will NOT share your information with anyone else (other than within my own practice, or as required for legal process) without explaining why it is necessary, and getting your explicit consent.

 

For clients, it may be necessary for me to share your information with your GP if I need their permission to treat you prior to treatment.

 

I engage certain trusted third parties to perform functions and provide services to my shop. These include:

 

WooCommerce – my online shop provider.

Stripe – provides my shop’s online payment processing.

Google Drive – for cloud storage

 

I will share your personal information with these third parties, but only to the extent necessary to perform these services.

For these providers, we recommend that you read their privacy policies so you can understand how your personal information will be handled by these providers. These can be accessed by clicking on the name of each provider above.

How long do I keep your data for?

I only keep hold of your personal information for as long as necessary to provide you with my services and as described above.

 

I am also required to retain this information to comply with my legal and regulatory obligations.

 

 

CLIENTS & CUSTOMERS

 

I keep client records for 7 years after your last treatment, and customer purchase order data for 6 years.

 

 

WEBSITE VISITORS

 

If you leave a comment or review, the comment or review is retained indefinitely.

 

If you leave a comment on the site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

 

Login cookies that save your login information last for two days, and screen options cookies that save your display options last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Protecting your data

Ensuring your personal data is secure is important to me. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information I collect from you.

Your rights

The General Data Protection Regulation gives you the following rights:

 

• Right to be informed
To know how your information will be held and used (this notice)

• Right of access
To see the records of your personal information held by me, so you know what is held about you and can verify it

• Right to rectification
To tell me to make changes to your personal information if it is incorrect or incomplete

• Right to erasure (right to be forgotten)
For you to request me to erase any information I hold about you

• Right to restrict processing of personal data
You have the right to request limits on how I use your personal information

• Right to data portability
Under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems

• Right to object
To be able to tell me you do not want me to use certain parts of your information, or only to use it for certain purposes

• Rights in relation to automated decision-making and profiling

• Right to lodge a complaint with the Information Commissioner’s Office:
To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they do not have to be

 

Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you wish to exercise any of these rights, please use the contact details given above.

If you are dissatisfied with the response you can complain to the Information Commissioner’s Office; their contact details are at:  www.ico.org.uk 

 

MY RIGHTS

Please note:

 

• If you do not agree to me keeping records of information about you and your treatments, or if you do not allow me to use the information in the way I need to for treatments, I may not be able to treat you

• I am required to keep your records of treatment for a certain period as described above, which may mean that even if you ask me to erase any details about you, I might have to keep these details until after that period has passed

• I can move my records between my computers and IT systems, as long as your details are protected from being seen by others without your permission

Changes to this policy

I reserve the right to revise this privacy policy at any time. Any modifications or clarifications will take effect immediately upon their revision to the website. The most current version of the policy will govern my use of your information and will always be at illumeandbloom.com/privacy. If I make material changes to this policy, I will notify you here that it has been updated, and also on my blog.

Queries

If you would like to access, amend or delete any personal information I have about you, register a complaint, or have any questions, please email hollie@illumeandbloom.com or fill out the contact form.