Sophie Heath Women’s Fitness & Nutrition Privacy Notice
Date completed: 1st April 2021
About this privacy notice
Sophie Health Women’s Fitness and Nutrition (referred to as “we”, “us” or “our” in this privacy notice) is committed to protecting and respecting the privacy of its clients, participants, customers and website users.
This privacy notice sets out why we collect personal data, how we collect and use it and who it is shared with. It also explains the legal basis for the use of your personal data and the legal rights you have over the way it is used.
Who we are
For the purposes of the UK GDPR and the Data Protection Act 2018, the controller of your personal data is Sophie Heath Women’s Fitness & Nutrition.
Our contact details are as follows:
The type of personal information we collect
We may collect and process the following information about you:
- Personal information including full name, contact details, DOB, occupation, baby’s name & DOB
- Financial and transaction data
- Profile data which may include your username and purchases
- Usage & device data which may include information about how you use our website, products & services
- Technical information such as IP address which is used to maintain security, the operation of our website, and for our analytical purposes
- Marketing & communications data which includes your preferences in receiving marketing communications from us and your communication preferences
Certain categories of personal information are regarded by data protection law as more sensitive than others. This is known as special category data and it warrants a higher level of protection. We may process special category data about you, including health and medical information. We will always make it clear what special category data we are collecting and why.
How we get the personal information
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- When you purchase a product or service via website or direct from Sophie Heath (we will collect personal data via the relevant forms (for example sign up forms, screening forms, questionnaires and informed consent))
- When you create an account on our website
- When you register your interest by filling out an online form
- When you sign up to our newsletter or email communications
- When you are taking part in a competition
- When you communicate with us via post, phone, email or otherwise
- When you visit our website
- When you create testimonials on the website (consent for use of any personal information within a testimonial will be requested prior to publication on the website)
We may also collect personal information about you from the following sources:
We have a duty to keep your personal information up to date and accurate, and so you must inform us of any changes as soon as possible via the contact details in this document.
Why we process your personal data and our legal reasons for doing so
- Publicly available sources, including social media platforms
We process your personal data for the following purposes:
- In order to register you as a client or customer
- To manage our relationship
- To provide you with the service or product you have purchased
- To manage your payment
- To collect money owed
- To improve our services or products
- To send details of our services and products (including marketing emails)
With regards to special category data, this is processed in order to provide the best possible service to you.
Under the UK GDPR, the lawful bases we rely on for processing this information are:
- In order to perform the contract we have with you - this is in relation to points 1-5 above
- We have a legitimate interest – this is in relation to point 6 above in order to develop & improve our business.
- Where we need to comply with a legal or regulatory obligation – for example for tax return purposes
- Where it is necessary to protect the vital interests of you or another individual - for example, providing your details to a medical professional in the case of an emergency
- Where we have your consent – this is in relation to point 7 above
Our legal condition for processing special category data is explicit consent and therefore you will be asked to confirm your consent when you are asked to provide this information during registration. You can withdraw consent at any time by emailing us at firstname.lastname@example.org. We may also process health information where it is necessary to protect the vital interests of you or another individual - for example, providing your details about your health to a medical professional in the case of an emergency.
You have the right to withdraw consent to receiving marketing communications at any time by updating your preferences on our website, using the link on the communication or by emailing us at email@example.com
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
Who we may share your personal data with
We will not share your personal data with any third party unless it is lawful for us to do so.
We may share the information you provide to us with other health professionals for a second opinion and to ensure the highest quality of care for you (where possible, this will be anonymised); with trusted organisations that carry out functions or services on our behalf (for example IT and system administration support); with professional advisors (e.g lawyers, bankers, auditors and insurers); with HRMC and regulatory authorities; for legal reasons.
We may also share your personal data with third party service providers, such as payment and cloud-based storage companies, to enable us to receive payment in the performance of a contract, and to enable us to store information, which is in our legitimate interests.
Any third party to whom we share your data with is required to respect the security of your personal data and to treat it in accordance with the law.
We will not share your details with third parties for marketing purposes except with your consent.
Transfers of your personal data to other countries
Some of our third party service providers, such as payment and cloud-based storage companies, may be located outside of the UK / European Economic Area (EEA). We will ensure a similar degree of security through safeguards such as contracts, code of conduct or certification to give your personal data the same protection it has within the UK / Europe.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
How we store your personal information and how long we keep it for
Your information is securely stored either on the database held at sophieheath.co.uk or on a personal computer using cloud-based services.
Your personal data will only be retained for as long as necessary to fulfil the purposes we collect it for, including satisfying any legal, accounting or reporting requirements. By law we have to keep basic information about you (including contact information, identity information, financial information and transactional data) for 7 years after you cease being a client or customer for tax & insurance purposes. We will then dispose your information by deleting or anonymising it.
In some circumstances we may anonymise your personal data (so that it can no longer be identified from it) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
We have implemented appropriate security measured designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our website is at your own risk. You should only access the website within a secure environment. We will notify you and any applicable regulator where we are legally required to do so.
Automated decision-making and profiling
Automated decision-making is when a computer or similar electronic system uses personal information to make decisions about people without any human involvement. Profiling is a type of automated decision-making process that takes place when different aspects about a person (such as their behaviour, interests or personality) are analysed in order to make predictions or decisions about them.
We do not carry out automated decision making (including profiling). If that changes we will update this privacy notice and notify you in writing (where appropriate).
Cookies are small text files that are downloaded and sometimes stored on your device when you visit a website. Cookies are often used in order to make a website work, but may also be used to provide information to the owners of the website, and help users to navigate the website more effectively.
Your data protection rights.
Under data protection law you are able to exercise certain rights in relation to your personal data that we process, which may include:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
For more information with regards to which rights are applicable to you, please see more detail here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protectionregulation-gdpr/individual-rights/
You are not required to pay any charge for exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may decline to respond to your request in these circumstances.
We endeavour to respond to all requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Please contact us at firstname.lastname@example.org if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Changes to this Privacy Notice
This privacy notice was published on 1/4/21. We will update and change this privacy notice from time to time to reflect changes to the way we handle your personal data or changing legal requirements. Any substantive changes we may make to our privacy notice in the future will be notified to clients and customers by email and will be available via our website.