Heart Essence Healing
i) Data Controller: the person or organisation that determines when, why and how to process Personal Data. Responsible for establishing practices and policies in line with the GDPR.
ii) Data Subject: a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.
iii) Personal Data: any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Sensitive Personal Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour.
iv) Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.
Data Subject's rights and requests
Data Subjects have rights when it comes to how we handle their Personal Data. These include rights to:
withdraw Consent to Processing at any time;
receive certain information about the Data Controller's Processing activities;
request access to their Personal Data that we hold;
prevent our use of their Personal Data for direct marketing purposes;
ask us to erase Personal Data if it is no longer necessary in relation to the purposes for which it was collected or Processed or to rectify inaccurate data or to complete incomplete data;
restrict Processing in specific circumstances;
challenge Processing which has been justified on the basis of our legitimate interests or in the public interest;
prevent Processing that is likely to cause damage or distress to the Data Subject or anyone else;
be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedoms;
make a complaint to the supervisory authority; and
in limited circumstances, receive or ask for their Personal Data to be transferred to a third party in a structured, commonly used and machine readable format.
Lawfulness and fairness
We may only collect, Process and share Personal Data fairly and lawfully and for specified purposes. The GDPR legislation restricts our actions regarding Personal Data to specified lawful purposes. These restrictions are not intended to prevent Processing, but ensure that we Process Personal Data fairly and without adversely affecting the Data Subject.
The GDPR allows Processing for specific purposes, some of which are set out below:
the Data Subject has given his or her Consent,
the Processing is necessary for the performance of a contract with the Data Subject,
to meet our legal compliance obligations.
to protect the Data Subject's vital interests.
What information we collect
We collect information from you when you fill out and return an online initial contact form. On taking up one of our services we may collect further information, via for example, a client history questionnaire and session records. This information will be held on paper and stored in a lockable cabinet.
You may also visit our site anonymously.
How your information is used
We use your information to establish and maintain support and to enable us to provide tailored, safe and effective services. Information may also be used for supervision to ensure the effectiveness and quality of services offered. However, where possible identifying details are changed to protect anonymity. Details of our confidentiality policy are provided both upon request and on the client history questionnaire.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, transaction information and data stored on our Site and on our Back Office Systems.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Sharing your personal information
We do not sell, trade, or rent Data Subject personal identification information to others. We may use third party service providers (for example Mailchimp email newsletter service provider), such as for sending out newsletters or surveys. We may share your information with these third parties for those limited purposes provided that you have given us your permission.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses. Further information below.
Non-personal identification information
We may collect non-personal identification information about Data Subjects whenever they interact with our Site via our own and third party cookies (e.g. Google Analytics website analytics cookies). Non-personal identification information may include the browser name, the type of computer and technical information about Data Subjects means of connection to our Site, such as the operating system and the Internet service providers utilised and other similar information.
Web browser cookies
Google Analytics is a web analysis service provided by Google. Google utilises the data collected to track and examine the use of www.example.com, to prepare reports on its activities and share them with other Google services. Google may use the data collected to contextualize and personalize the ads of its own advertising network.
Visitors can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy or customer service practices or policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies. When you leave our website, we encourage you to read the privacy notice of each website you visit.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, insurance, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax and insurance purposes.
Your acceptance of these terms
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes via the links below.
Alternatively please contact for postal address details.
The material contained on this web site is provided for general information only and does not constitute any form of advice, assumes no responsibility for the accuracy of any particular statement and accepts no liability for any loss or damage which may arise from reliance on the information contained on this site.
This website and its use is governed by the laws of England and Wales and English courts which shall have exclusive jurisdiction over any disputes.
Last updated May 2018.