Privacy policy
Privacy policy & data subject rights
Identity and contact details
Our postal address is Castle Top Cottage, Castle Hill Lane, Burley, Hampshire, BH24 4HG. Our telephone number is +(44)7866 581568. You can contact us by email using: neena@neenashealing.com.
Our designated supervisory authority under the Data Protection Act 2018 and UK GDPR is the Information Commissioner’s Office (ICO). We are based in the United Kingdom.
You can contact the individual in charge of Data Protection in our company using the details above.
What data we collect
Prospects
Neena’s Healing captures information on prospective customers that are corporate employees. We use ‘Legitimate Interest’ to process this data. We have conducted the specification of the Legitimate Interest for this processing, and the necessity and balancing tests. We do not capture special category information on these individuals.
Neena’s Healing may capture information on data subjects who are individuals and not corporate employees. We use the lawful reason of ‘Consent’ to process this data. We do not capture special category information on these individuals.
Customers
Neena’s Healing captures information on customers that we are in the process of providing services for. We use ‘Contract’ to process this data. We do capture special category information on these individuals and we use a category of explicit consent for processing the special category data.
In some cases, we provide therapies for children, and where we capture data on a child, we gather consent from those with parental responsibility for the child. We do not use the data on the child for any other purpose apart from therapeutic reasons.
Staff
We process information on staff and potential staff so that we can manage their employment. We use ‘Contract’ to process this data. We can capture special category information on this data and use category (b) of Article 9(a) of the GDPR (“necessary for the purposes of carrying out the obligations … in the field of employment…”) as the condition for processing this data.
We process information on staff so that we can report and pay their taxes. We use ‘Legal Obligation’ to process this data.
Suppliers
Neena’s Healing captures information on suppliers and prospective suppliers to Neena’s Healing. We use ‘Legitimate Interest’ to process this data. We have conducted the specification of the Legitimate Interest for this processing, and the necessity and balancing tests. We do not capture special category information on these individuals.
Other information on what we do with data
Storage
The data subjects that we work with can provide us with data relevant to their therapies. We store and process data for which we act as Data Controller in receptacles that include secure, lockable filing cabinets on our premises, or secure systems based in the ‘cloud’. We sign data processor agreements with these organisations. Some of the cloud organisations host their data outside of the EEA and the UK, and where they do, the organisations have signed up to Privacy Shield and/or Standard Contractual Clauses.
Sharing
We do not provide information for which we act as Data Controller to any third parties, except to those which Neena’s Healing uses as data processors. We require all data processors to have signed data processing agreements with us. Providers of cloud systems have these agreements embedded in their standard terms and conditions.
Where we use shared premises for conducting our therapy sessions, we share information that allows us to book sessions with the organisation which manages the premises. This can include the name of the customer. The information is only used in relation to the booking of the room needed to carry out the sessions and is not used for any other purpose.
Retention and deletion
We delete the data relating to the data subjects being assessed in the course of Neena’s Healing’s therapy activities 7 years after the end of the last sessions with a customer.
We delete data relating to financial payments after 6 years, as we are required to retain information for HMRC.
Records will be removed from our sales and marketing system, email marketing system, and email and file storage systems after 5 years if there has been no engagement with a contact.
All records are disposed of securely when deleted.
How we look after data
We take reasonable technical and procedural precautions to prevent the loss, misuse or unauthorised alteration of personal data.
We store the personal data that we collect securely.
We do not publish the details of the safeguards we use to protect the personal data that we control as this could reduce the effectiveness of those safeguards.
Cookies
Cookies are text files placed on your computer to collect information about which pages you visit, and how long for. This information is used to track use of the website and to compile statistical reports on website activity.
When you visit our website you will be presented with a choice which will allow you to decide whether cookies are used or not. In a few cases some of our website features may not function if you choose not to allow cookies on our website.
Other websites
Our website contains links to other websites. This privacy policy only applies to this website, so when you link to other websites you should read their own privacy policies.
Your rights
Neena’s Healing recognises the rights of data subjects as defined in the General Data Protection Regulation (GDPR).
We will always seek to uphold those rights and the links provided will enable you to communicate with us to exercise those rights, where relevant.
Your right to be informed (this page and further information in communications we might send to you)
Click on the following links to send us an email so that you can exercise your rights.
Neena’s Healing recognises your right to lodge a complaint with a supervisory authority. You can access the ICO's website from this link.