This privacy notice explains what personal data I collect and how I use it. My name is Glyn Blackett, trading as "York Biofeedback", also "Stress Resilient Mind" (hereafter 'we', 'us' etc.) and offering services via my website (www.stressresilientmind.co.uk, hereafter 'the Service'). Your data security and privacy is important to me, and I will never disclose your data to other parties without your permission, except in the exceptional circumstances described below.
We are registered with the UK Information Commissioner's Office (ICO) under the Data Protection Register, our registration number is ZA043634.
If you have any questions about this policy you can contact me: please see my contact page.
What Information Do We Collect, & How Do We Use It?
We may process the following categories of personal data about you.
Personal data means any information capable of identifying an individual. It does not include anonymised data.
If you sign up for a free resource on our website, we will store your name and email address.
We process this data in order to deliver useful content to you and also to promote products and services.
If you become a client, which involves creating an account on the website, we collect much more personal data – for example the client intake process includes a symptoms and risk factors questionnaire, which asks about your health and well-being, etc.
We process this data in order to deliver services to you as effectively as possible.
Our lawful basis for this processing is consent.
This includes any messages you send to us, and includes emails, which may be stored (on an email server, separate to the website) for a period of time.
Messages you send via the website are stored by the site in the database.
We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims.
Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
If you by products or services from us, we store data relating to these transactions, e.g. your address, the date of purchase and the details of the purchase.
Our website does not store financial data such as credit card numbers or bank account numbers, however you may be transferred to a third-party payment provider site in order to make a payment. We are not responsible for data collected by such third party providers.
We process this data to supply the goods and/or services you have purchased and to keep records of such transactions.
Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
Usage Data & Technical Data
We may store data pertaining to how you access the Service, for example, the date you first accessed the website, or your most recent log in date.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
We also use analytics and tracking technologies, for example Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic.
We process this data to operate our website and ensure relevant content is provided to you, and to ensure the security of our website.
Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business, to grow our business and to make decisions about marketing strategy.
How Data Is Collected
We may collect data about you by you providing the data directly to us (for example by filling in forms on our site or by sending us emails). We may automatically collect certain data from you as you use our website by using cookies and similar technologies.
We may receive data from third parties such as analytics providers such as Google based outside the EU, advertising networks such as Facebook based outside the EU, search information providers such as Google based outside the EU, providers of technical, payment and delivery services, such as data brokers or aggregators.
We may also receive data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
Our Service does not address anyone under the age of 16 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 16. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
In some circumstances, we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Disclosure Of Data
We may disclose your Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal or professional obligation
- Protect and defend the rights or property of Stress Resilient Mind
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of users of the Service or the public
- Protect against legal liability.
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Under the General Data Protection Regulation (GDPR) your rights are as follows:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
You can see more about these rights at the ICO website:
You can request deletion of your account on the website, and all personal data associated with it. To do so, or to exercise any of the above rights, please contact us by email (contact information is given below).
We aim to comply with all legitimate requests within one month.
You have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data. We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.