We encourage you to visit the GDPR page
Isobel McArthur – Last updated May 7th 2018
THERAPIES (please use this policy for therapies)
WEBSITE POLICY (found below therapy policy)
What information do we need?
We need your contact details, your name phone number, address, postcode and email address. We will also need information about your age and health in order for treatment to go ahead.
Why do we need it and how will we use it and how long will we retain it?
We need all the details above in order to ensure that it is safe for us to provide the treatments you may ask for and also for insurance purposes. We will store your information for 8 years after the date of your treatment, or for 8 years after you have reached the age of 18 if you are/were under 18 when your treatment took place.
Our lawful basis for processing this personal information is ‘contract’, this means that we have a legal reason to ask you for your data because we need it for contractual reasons. You do not have to share your personal data with us, but if you do not we cannot offer you a treatment with Isobel McArthur. You must fulfill your side of the contract (share your personal information) in order for us to fulfill ours (carry out treatment).
We would also like to send you information about the products and services we offer using the information you have shared with us, but you do not have to agree to this for treatment to go ahead. If you agree to be contacted for marketing purposes using the following methods, please tick below to give your consent. You may withdraw this consent at any time by emailing us at isobel@insightfullwellbeing or by calling 077 202 48593.
Will we share your information?
We will not share your information relating to the above with anyone.
Who can I complain to if I feel you are not handling my data correctly?
Isobel McArthur owner of www.insightfulwellbeing.co.uk and is the data controller and is responsible for your personal data.
My contact details are: Isobel McArthur, trading as Isobel McArthur
Email Address: firstname.lastname@example.org
Postal Address: 68 Cove Gardens, Cove, Aberdeen AB12 3 QR, Scotland
You always have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). if you are unhappy with how I collect your data. Please contact me first to give me the opportunity to resolve the issue. I am doing my best to comply with GPDR and to put all systems that are necessary.
Please ensure that your contact details are up to date. You can email me of any changes to email@example.com
Notice and Collection
While using our Site, we may ask you to provide us with certain information that can be used to contact or identify you. “Personal Information” is any information that is identifiable with you, as an individual. It does not include anonymized data.
The Data I collect about you
We collect information about you when you place an order for our products or services in order to fulfill your order. We also collect information when you contact us through the Contact Forms on this Website, in order to respond to your communication. Website information is collected using cookies. Personal data means any information capable of identifying an individual.
The personal information we collect may include:
First name and email address when you sign up for free services
First and surname (when you purchase a product)
Billing address, delivery address and email address (when purchasing a product)
Transaction data. May include details about any payments between us and other purchases made by you from this site.
Technical data may include your login data, internet and protocol addresses, browser type, version, browser plug-in types and versions, time zone setting and location, operating system and platform and any other technology on the devices you use to access this site.
Purchases, preferences, survey responses and feedback
Information on how you use my website, services, and products
Communications and marketing data may include your preferences for marketing activity from third parties and myself, communication preferences included
Aggregated data from your personal data. This does not reveal your identity and as such is not personal data, for example when I observe your usage data to enable me to work out percentages of website users. This uses a specific feature on my site.
Personal Information does not include your business title or business address or business telephone number in your capacity as an employee of an organization. Isobel McArthur will only collect personal information by fair and lawful means. The provision of personal information is voluntary.
Isobel McArthur collects personal information for the following purposes:
•To establish and maintain responsible commercial relations with customers and to provide ongoing services
•To understand customer needs and preferences
•To meet legal and regulatory requirements
•To respond to your inquiry when you contact us or request a download
•To send you our newsletter when you sign up for it, or other free services or you sign up to stay informed
•To advise you about new products and services that may be of interest to you (provided that you can choose not to receive any invitations or direct mail from us by indicating your preferences (you can unsubscribe at any time)
•Other uses as may be permitted or required by applicable law
•To carry out therapies and for insurance purposes
Unless required or permitted by law, we shall not use or disclose your personal information for a new purpose not identified here.
How I collect your personal data
Filling in forms on my site, or via telephone call, email or otherwise
When you give feedback; or fill in my discovery call or contact forms
Request marketing to be sent to you
Enter a competition, promotion, survey or prize draw
Order services or products
How I use your personal data
This will only be used when legally permitted or in the following circumstances:
To give you access to the product or service you have signed up for
Where I need to perform the contract between us or digital delivery of a free product or delivery of a product you have ordered
To enable you to have access to what you have signed up for
Where it is necessary for my legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
When I need to comply with a regulatory or legal obligation such as my legal obligations to HMRC
Choice and consent
Prior to obtaining your consent, Isobel McArthur will describe the choices available to you and obtain implicit or explicit consent with respect to the collection, use, and disclosure of your personal information, except in certain situations otherwise permitted by the law. I generally do not rely on consent as a legal ground for processing your data, other than in relation to sending you emails or my newsletter, only when you have given your consent. Otherwise, we will rely on explicit consent received directly from you to collect or use your personal information, for example, the collection of your personal information if you subscribe to a newsletter on the Site.
You may withdraw or modify your consent to any marketing by clicking the ‘unsubscribe’ links in an email message or by contacting Isobel McArthur at firstname.lastname@example.org or call 077 202 48593
Purposes for processing your personal data
Isobel McArthur limits the use of personal information to the purposes identified in this Policy and for which the individual has provided implicit or explicit consent. We retain personal information for only as long as it is necessary to fulfill the stated purposes, except with the consent of the individual or as required by law. Below is a description of the ways I intend to use your personal data and the legal grounds on which I will process such data. Wherever relevant I have also explained legitimate interests.
Your personal data may be processed for more than one lawful ground. This depends on the purpose for which I hold your data. You may email me at email@example.com to have details about the specific legal ground I rely on for processing your personal data when there is more than one ground.
Personal information provided to us by users is primarily stored on servers in the UK, USA, Netherlands, Italy, and Singapore. The continuous monitoring, upgrading and securing of the servers are performed by the highly qualified team of system administrators at the hosting company.
Registering you as a new customer, the lawful basis contract, data is identity and contact
Processing & delivery of products – lawful basis is contract with you, necessary for my legitimate interests for payment, data is, identity, contact details, financial, transaction
To manage payments, recover and collect money owed, charges and fees – lawful basis is contract necessary for my legitimate interests, Data held is financial, transaction, Identity, Contact, Identity
To give you access to Course materials – lawful basis is contract, identity, contact, to give you access to what you have ordered
To nurture my relationship with you – Lawful basis is contract, data held is identity, contact, profile, communications and marketing. This is necessary to comply with my legal obligations. To fulfil my contract with you
When I ask you to leave a review. The lawful basis is the legitimate interest. Data held is identity, contact, for marketing purposes
Website functionality. The lawful basis is legitimate interest to ensure the smooth running of the business to protect the website. This includes hosting of data, data analysis, troubleshooting, testing, maintenance, support. The lawful basis is necessary for my legitimate interests, and to prevent malicious use of site, network security, IT services, necessary to comply with any legal obligations. Data held is identity, contact, and technical.
Advertisements, marketing information, measuring results. The lawful basis is my legitimate interests to enable me to grow my business by studying how customers are using my information and products to help me improve and develop my content strategy. Data held is identity, contact, profile, usage, marketing & communications, technical.
Data analytics to make necessary improvements to services, products, website, and marketing activity. The lawful basis is my legitimate interest to improve on all that I offer and keep up to date and relevant. Data held is usage and technical.
Isobel McArthur will erase personal information that is no longer needed.
Disclosure to third parties
Your personal data may be shared with the parties below for business purposes only as described in the purpose and activity section. These are:
IT and system administration services, and service providers
HMRC, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances
I require all third parties to whom I may transfer your data to respect the security of your personal data in accordance with the law. I will only allow such third parties to process your personal data for specified purposes and in accordance with my instructions.
Companies I work with who use your data to provide functionality for this website, email software, product/service purchase are:
MailChimp (collection of contact information)
Woocommerce WordPress (payments)
Facebook (on my business Facebook pages)
Isobel McArthur provides individuals access to their personal information for review or update. If you wish to access your personal information to challenge the accuracy or update it to ensure completeness, you may email us. We will provide a response within 30 days of receiving an access request. If under certain circumstances we are unable to fully separate your personal information from that of another individual, we will not be able to provide you with access to your information.
Isobel McArthur will strive to maintain an accurate and complete record of your personal information for the purposes identified in this Policy. If you believe your personal information may be inaccurate, you may contact us to access your personal information and take steps to verify, update, and correct it.
Security measures are in place to prevent your personal data from being accidentally lost, accessed or used in an unauthorized way, disclosed or altered. I have put in place data breach procedures and will notify you and any regulator of any breach where I am legally required to do so. Access to your personal data is limited only to those who have a business need to know such data. They are subject to a duty of confidentiality.
Website Visitor Tracking
When someone visits www.insightfulwellbeing.co.uk we use a third party service Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make and do not allow Google Analytics to make any attempt to find out the identities of those visiting our Website.
Downloads and Media Files
Any downloadable documents, files or media made available on this Website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available, users are advised to verify their authenticity using third-party anti-virus software or similar applications. We accept no responsibility for third party downloads and downloads provided by external third party Websites and are advised to verify their authenticity using similar applications.
Contact & Communication with us
Users contacting us through this website do so at their own discretion and provide any such details personal details at their own risk. Your personal information is kept private and stored securely until a time it is no longer required, or has no use. Where we have clearly stated and made you aware of the fact, and where you have given your express permission, we may use your details to send you product/services information through a mailing list system. This is done in accordance with the regulations named in the “Policy” above.
Email Mailing list and Marketing Messages
Marketing information will be sent to you If you click on a GPDR consent link in an email, or request information from me or purchased products or goods from me. In each case, you have not opted out of receiving that marketing. I will get your express opt-in consent before I share your personal data with any third party.
We operate an email mailing list programme, used to inform subscribers about products/services and or news we supply/publish. Users can subscribe through an online automated process where they have given their explicit permission. Subscribers personal details are collected, processed, managed and stored in accordance with the regulations named in the Policy above. Subscribers can unsubscribe at any time through an automated online service, or if not available, other means as detailed in the footer of sent marketing messages (or unsubscribe from Mailchimp email lists).
When you opt out of receiving marketing communication, this will not apply to personal data provided to me as a result of product service purchase. Product service experience or any other transactions or my legal obligations for complying with business law.
Security for Privacy
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. www.insightfulwellbeing.co.uk protects personal information against unauthorized access in accordance with established policies and procedures. Information is protected by security safeguards appropriate to the sensitivity of the information.
Third Party Links
This website may include links to third-party websites, plug-in, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. I do not control these third-party websites and are not responsible for their privacy statements.
Countries outside of the European Economic Area (EEA) don’t always offer the same levels of protection to your personal data. In this case, European law has prohibited transfers of personal data outside of the EEA unless the transfers meet certain criteria. Some of our third party service providers are based outside the EEA so their personal data will involve a transfer of data outside the EEA. Whenever I transfer your personal data out of the EEA, I will do my best to ensure a similar degree of security data. Transfers will only be conducted to countries deemed to have an adequate level of protection for personal data by the European Commission. Where I use providers in the USA I may transfer data to them if they are part of the EU-US Privacy Shield. If insufficient safeguards are available I may request your explicit consent to the specific transfer. You have the right to withdraw this consent at any time.
Monitoring and enforcement
Isobel McArthur monitors compliance with its privacy policies and procedures. Users may file privacy complaints and disputes by contacting Isobel McArthur who is accountable for privacy compliance. Every privacy-related complaint will be acknowledged, documented, and investigated, with the results being provided to the complainant. If the complaint is found to be justified, appropriate measures will be taken as a result.
You can do this by email firstname.lastname@example.org or post 68 Cove Gardens, Cove, Aberdeen, AB12 3QR, Scotland. If you are unhappy with our response you should then contact the ICO ((Independent commissioner’s office) by contacting them or using the following web page https://ico.org.uk/concerns/
1.1 We are committed to safeguarding the privacy of our website visitors and customers; in this policy, we explain how we will handle your personal data.
1.3 Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information. You can access the privacy controls via www.insightfulwellbeing.co.uk
- How we use your personal data
2.1 In this Section 2 we have set out:
(a) the general categories of personal data that we may process;
(b) in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
(c) the purposes for which we may process personal data; and
(d) the legal bases of the processing.
2.2 We may process data about your use of our website and services] (“usage data“). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed [for the purposes of analysing the use of the website and services. The legal basis for this processing is consent OR our legitimate interests, namely monitoring and improving our website and services.
2.3 We may process (“account data“). The account data may include your name and email address. The source of the account data is you. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is consent OR our legitimate interests, namely the proper administration of our website and business OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
2.4 We may process information that you post for publication on our website or through our services “publication data“. The publication data may be processed for the purposes of enabling such publication and administering our website and services. The legal basis for this processing is consent OR our legitimate interests, namely the proper administration of our website and business OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
2.5 We may process information contained in any enquiry you submit to us regarding goods and/or services (“enquiry data“). The enquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The legal basis for this processing is consent.
2.6 We may process information relating to our customer relationships, including customer contact information (“customer relationship data“). The customer relationship data may include your name, your contact details. The source of the customer relationship data is you. The customer relationship data may be processed for the purposes of managing our relationships with customers, communicating with customers, keeping records of those communications and promoting our products and services to customers. The legal basis for this processing is consent OR our legitimate interests, namely the proper management of our customer relationships.
2.7 We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website (“transaction data“).The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the proper administration of our website and business.
2.8 We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data“). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
2.9 We may process information contained in or relating to any communication that you send to us (“correspondence data“). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
2.10 We may process your personal data such as name, address, contact details, and health-related information (therapy purposes) and marketing purposes. This data may be processed for ensuring we can carry out treatments, and for insurance purposes, and to be able to contact you should regarding scheduling of appointments. We would also like to contact you regarding promotions and offers. The legal basis for this processing is consent OR our legitimate interests, OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract to enable us to fulfill our contact in treating you with regard to therapy sessions.
2.11 We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
2.12 We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
2.13 In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Providing your personal data to others
3 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
3.1 Financial transactions relating to our website and services are OR may be handled by our payment services providers,Woo Commerce or PayPal. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at PayPayPal and Woocommerce
3.2 We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4. International transfers of your personal data
4.1 In this Section 4, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
4.2 The hosting facilities for our website are situated in UK, USA, Netherlands, Italy, Singapore The European Commission has made an “adequacy decision” with respect to the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.
4.3 You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
5. Retaining and deleting personal data
5.1 This Section 5 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
5.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
5.3 We will retain your personal data as follows:
(a) Personal data for therapies purposes will be retained for a minimum period of 8 years, all other data will be deleted if not required.
5.4 Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
6.1 We may update this policy from time to time by publishing a new version on our website.
6.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
7. Your rights
7.1 In this Section 7 we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
7.2 Your principal rights under the data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
8. You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
8.1 You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
8.2 In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes, and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
8.3 In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
8.4 You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
8.5 You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
8.6 You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
8.7 To the extent that the legal basis for our processing of your personal data is:
(a) consent; or contract for therapy purposes
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
8.8 If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
8.9 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
8.10 You may exercise any of your rights in relation to your personal data by writing to Isobel McArthur 68 Cove Gardens, Cove, Aberdeen AB12 3QR, Scotland OR by email to email@example.com
- Third party websites
9.1 Our website includes hyperlinks to, and details of, third party websites.
9.2 We have no control over, and are not responsible for, the privacy policies and practices of third parties.
- Personal data of children
10.1 Our website and services are targeted at persons over the age of 18.
10.2 If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.
- updating Information
11.1 Please let us know if the personal information that we hold about you needs to be corrected or updated.
68 Cove Gardens, Cove, Aberdeen, AB12 3QR, Scotland