The HerbSmith Privacy Policy
It is the policy of The HerbSmith ("the Company") to collect, process and share the personal data ("data") provided to us by you in order to carry out the services requested by you and any contact in relation to those services only. Your data will not be used for any purposes other than those explicitly stated in this Privacy Policy or requested by you in your dealings with us. The terms “we,” “us,” and “our” refer to the Company. “You” refers to you, as a user of the Service.
This Privacy Policy describes how we collect, use, protect, process and share your data when you book appointments with us, and when you communicate with us throughout the process of treatment and at any other time. This Privacy Policy does not provide exhaustive detail. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to info@herbsmith.uk.
This HerbSmith Privacy Policy does not apply to the information processed by third parties on behalf of The HerbSmith. However, we have reviewed their Privacy Policy/ies and are satisfied that they meet the standards set out in the General Data Protection Regulations 2018.
We may update this Privacy Policy at any time to enable us to carry out the services we provide in the most effective and efficient way possible. We will notify you of any changes by revising the date on our published document on our website, or for more substantial changes by contacting you via email or text to seek consent. This Privacy Policy was last reviewed in May 2018.
1. The identity of the data controller
You are hereby informed that the data that you provide is collected, used, protected, processed and shared by The HerbSmith (Adam Smith).
2. Collection of data
We may collect data about our clients, prospects and visitors.
Your data are collected when you browse our website, contact us via email, phone or in person or through our website.
Data we collect fall into the following categories:
2.1. Information you provide to us
We process data you provide directly to us when you complete a client intake form.
For example, we collect data when you create a booking, use the services, participate in a contest or promotion, register for an event, request customer support or otherwise communicate with us.
The data may include the following data as well as any other type of information that we specifically request you to provide to us through our client intake forms, such as:
2.2. Data we collect automatically when you use our online services
When you access or use our online services, we automatically collect certain "Non-Personal Information" about you. Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks.
In addition, we may also track information provided to us by your browser when you view or use the Service, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you. We use this information for, among other things, the operation of the Service, to maintain the quality of the Service, to provide general statistics regarding use of the Service and for other business purposes. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal Information about that user and keep a record of the user’s preferences when utilizing our services, both on an individual and aggregate basis. The Company may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser. Persistent cookies can be removed by following your Internet browser help file directions. If you choose to disable cookies, some areas of the Service may not work properly.
2.3. Weebly
Our Service is hosted by Weebly, Inc. (“Weebly”). Weebly provides us with the online website platform that allows us to provide the Service to you. Your Non-Personal Information, along with name and email address, may be stored through Weebly’s servers. By using the Service, you consent to Weebly’s collection, disclosure, storage, and use of your Personal Information in accordance with Weebly’s Privacy Policy available at https://www.weebly.com/privacy.
2.4. Third-party cookies
When you access or use our online services, one or more third-party cookies are likely to be placed on your equipment.
We inform you that we have no access to, and cannot exercise any control over, third-party cookies. However, we shall ensure that the partner companies agree to process the information collected on our online services in compliance with the GDPR and undertake to implement appropriate measures to secure and protect data confidentiality.
3. How we use the data
We may use information about you for the following purposes:
4. How we share your data
5. The period of data retention
Following completion of your healthcare, we retain your personal data for the period defined by our professional association, the Association of Master Herbalists (AMH). This enables us to process any complaint you may make. In this case, the legal basis of our holding your personal data is for contract administration.
6. Data access
Upon receiving a written request from you seeking access to your data, we will provide either a hard or electronic copy of the data that we hold on you, to be sent by registered post or email, respectively. This will include exports of the information held about you on our website. We will provide your data to you within a period of 28 days from the date that we receive your request.
7. Data amendments
Upon receiving a request from you to update, correct or amend your personal data held by us, we will make the amendments within a period of 7 days from the date that we receive your request.
8. Security
We are committed to taking appropriate measures designed to keep your data secure. Our technical, administrative and physical procedures are designed to protect data from loss, theft, misuse and accidental, unlawful or unauthorized access, disclosure, alteration, use and destruction. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received.
9. Your rights
Under the General Data Protection Regulations 2018 (GDPR), individuals have significantly strengthened rights to:
10. Merger or acquisition
In the event we (or Weebly) undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our (or Weebly’s) assets may continue to process your Personal Information as set forth in this Privacy Policy. If our information practices change at any time in the future, we will post the policy changes here so that you may opt out of the new information practices. We suggest that you check this Privacy Policy periodically if you are concerned about how your information is used.
11. In the event of a data breach
Every precaution will be taken to avoid a breach of your data. However, if such a breach should occur, it will be documented, assessed as to its severity and appropriate action taken. The Information Commissioner's Office (ICO) will be informed and you will be contacted to assist you in taking steps to mitigate the risks to yourself if the breach is deemed sufficiently severe to put you or your identity at risk.
This Privacy Policy describes how we collect, use, protect, process and share your data when you book appointments with us, and when you communicate with us throughout the process of treatment and at any other time. This Privacy Policy does not provide exhaustive detail. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to info@herbsmith.uk.
This HerbSmith Privacy Policy does not apply to the information processed by third parties on behalf of The HerbSmith. However, we have reviewed their Privacy Policy/ies and are satisfied that they meet the standards set out in the General Data Protection Regulations 2018.
We may update this Privacy Policy at any time to enable us to carry out the services we provide in the most effective and efficient way possible. We will notify you of any changes by revising the date on our published document on our website, or for more substantial changes by contacting you via email or text to seek consent. This Privacy Policy was last reviewed in May 2018.
1. The identity of the data controller
You are hereby informed that the data that you provide is collected, used, protected, processed and shared by The HerbSmith (Adam Smith).
2. Collection of data
We may collect data about our clients, prospects and visitors.
Your data are collected when you browse our website, contact us via email, phone or in person or through our website.
Data we collect fall into the following categories:
- Identification information
- Contact information
- Medical information
- Browsing information
2.1. Information you provide to us
We process data you provide directly to us when you complete a client intake form.
For example, we collect data when you create a booking, use the services, participate in a contest or promotion, register for an event, request customer support or otherwise communicate with us.
The data may include the following data as well as any other type of information that we specifically request you to provide to us through our client intake forms, such as:
- Name
- Address
- Date of birth
- Phone no.
- Doctor’s details
- Next of kin
- Medical history
- Medical red flag(s)
- Treatment notes
- Relationship data
- Browsing data.
2.2. Data we collect automatically when you use our online services
When you access or use our online services, we automatically collect certain "Non-Personal Information" about you. Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks.
In addition, we may also track information provided to us by your browser when you view or use the Service, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you. We use this information for, among other things, the operation of the Service, to maintain the quality of the Service, to provide general statistics regarding use of the Service and for other business purposes. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal Information about that user and keep a record of the user’s preferences when utilizing our services, both on an individual and aggregate basis. The Company may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser. Persistent cookies can be removed by following your Internet browser help file directions. If you choose to disable cookies, some areas of the Service may not work properly.
2.3. Weebly
Our Service is hosted by Weebly, Inc. (“Weebly”). Weebly provides us with the online website platform that allows us to provide the Service to you. Your Non-Personal Information, along with name and email address, may be stored through Weebly’s servers. By using the Service, you consent to Weebly’s collection, disclosure, storage, and use of your Personal Information in accordance with Weebly’s Privacy Policy available at https://www.weebly.com/privacy.
2.4. Third-party cookies
When you access or use our online services, one or more third-party cookies are likely to be placed on your equipment.
We inform you that we have no access to, and cannot exercise any control over, third-party cookies. However, we shall ensure that the partner companies agree to process the information collected on our online services in compliance with the GDPR and undertake to implement appropriate measures to secure and protect data confidentiality.
3. How we use the data
We may use information about you for the following purposes:
- Provide, maintain and improve our services
- Provide and deliver the service you request, process transactions and send you related information, including confirmations and invoices
- Send you technical notices, updates, security alerts and support and administrative messages
- Respond to your comments, questions and requests, and provide customer service
- Monitor and analyze trends, usage and activities in connection with our services
- Personalise and improve the services we provide.
4. How we share your data
- We will seek your express consent before sharing your information with your GP or other healthcare providers. However, if we believe that your life is in danger then we may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests
- We may share your case history in an anonymised form with our peers for the purpose of professional development. This may be at clinical supervision meetings, conferences, online forums, and through publishing in medical journals, trade magazines or online professional sites. We will seek your explicit consent before processing your data in this way
- In response to a request for information if we are required by – or believe that disclosure is required by – any applicable law, regulation or legal process, including in connection with lawful requests by law enforcement, national security, or other public authorities.
5. The period of data retention
Following completion of your healthcare, we retain your personal data for the period defined by our professional association, the Association of Master Herbalists (AMH). This enables us to process any complaint you may make. In this case, the legal basis of our holding your personal data is for contract administration.
6. Data access
Upon receiving a written request from you seeking access to your data, we will provide either a hard or electronic copy of the data that we hold on you, to be sent by registered post or email, respectively. This will include exports of the information held about you on our website. We will provide your data to you within a period of 28 days from the date that we receive your request.
7. Data amendments
Upon receiving a request from you to update, correct or amend your personal data held by us, we will make the amendments within a period of 7 days from the date that we receive your request.
8. Security
We are committed to taking appropriate measures designed to keep your data secure. Our technical, administrative and physical procedures are designed to protect data from loss, theft, misuse and accidental, unlawful or unauthorized access, disclosure, alteration, use and destruction. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received.
9. Your rights
Under the General Data Protection Regulations 2018 (GDPR), individuals have significantly strengthened rights to:
- Obtain details about how their data are processed by an organisation or business
- Obtain copies of personal data that an organisation holds on them
- Have incorrect or incomplete data corrected
- Have their data erased by an organisation where, for example, the organisation has no legitimate reason for retaining the data
- Obtain their data from an organisation and to have that data transmitted to another organisation (data portability)
- Object to the processing of their data by an organisation in certain circumstances
- Not to be subject to (with some exceptions) automated decision making, including profiling.
10. Merger or acquisition
In the event we (or Weebly) undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our (or Weebly’s) assets may continue to process your Personal Information as set forth in this Privacy Policy. If our information practices change at any time in the future, we will post the policy changes here so that you may opt out of the new information practices. We suggest that you check this Privacy Policy periodically if you are concerned about how your information is used.
11. In the event of a data breach
Every precaution will be taken to avoid a breach of your data. However, if such a breach should occur, it will be documented, assessed as to its severity and appropriate action taken. The Information Commissioner's Office (ICO) will be informed and you will be contacted to assist you in taking steps to mitigate the risks to yourself if the breach is deemed sufficiently severe to put you or your identity at risk.