Privacy Policy

Health and Vitality Centre Ltd – Privacy Policy – Your Right To Be Informed

Health and Vitality Centre Ltd are committed to the processing of personal data transparently, responsibly in compliance with GDPR – and the latest legislation surrounding data protection.

  • We will use details collected during your initial consultation or your first contact with us to contact you to remind you of your appointment, communicate directly with you, give further health education, invite you one of our parties and for direct marketing in the future.
  • Our lawful basis for processing is based on our knowledge of their being benefit from our direct contact and our marketing being of legitimate interest to them.
  • We will ensure that there is minimal risk of harm or distress from our contact and direct marketing by taking steps to put data subjects in an equivalent position to consent, and by making unsubscribing simple and accessible. Marketing will be relevant to your care with us.
  • We will also use personal data for profiling and analysis purposes. We use a limited amount of automated software to make calculated business decisions and to improve the experience for our guests.
  • We are committed to only using the minimum amount of personal data necessary. We have concluded that the data we collect is the minimum amount we require to give you the most additional value outside of the Health Centre with the most minimum amount of direct marketing possible.
  • We have implemented robust security protocols for the storage of all personal data and have various IT security accreditations.
  • We will not sell personal data to any companies outside of Health and Vitality Centre Ltd.
  • We will conduct necessary due diligence with any third parties involved in the processing of personal data and only use established, reputable and compliant partners to the best of our reasonable knowledge.
  • We will ensure that a data subjects fundamental rights and freedoms are respected at all times.

1) Health and Vitality Centre Ltd & Your Data

Health and Vitality Centre Ltd – which is a registered data controller with the ICO. This privacy policy relates to that of Health and Vitality Centre Ltd and all websites which are trading under it.

Thank you for choosing us as your Health Care professional. We value the trust of our guests and strive to respect your privacy when handling data relating to the use of our websites and transactions performed on our websites.

This policy describes how we collect personal data about you, the type of data we collect, how this data is used and how you, a valued guest, can control the use of your data by the Health and Vitality Centre.

2) What Data Do We Collect?

In order to ensure the best possible levels of service, both practitioner and customer service – we collect certain personal information when you complete your initial consultation questionnaire. This includes:

  1. Your Title
  2. Your Name
  3. Your Date of Birth
  4. Your Address
  5. Your Children’s Ages if any.
  6. Your Payment Details if on a standing order payment plan
  7. Your Email Address
  8. Your Telephone Numbers
  9. GP Practise
  10. Occupation
  11. How did you hear about the Health Centre
  12. Any previous medical conditions.

3) How We Use Your Data

We will primarily use your data to:

  1. Remind you of your appointments.
  2. Send you a receipt of payments.
  3. Contact you to invite you to one of our parties.
  4. Contact you to invite you to a health class.
  5. Contact you with health education related to you.
  6. Contact your Insurance company.
  7. Contact your Bank to set up a standing order for membership.
  8. Contact your GP / Consultant.
  9. Contact reference X-ray.
  10. Assist with any guest queries.
  11. Enable functionality of Apps relating to Health and Vitality Centre Ltd businesses.
  12. Enable functionality of Reward Schemes.
  13. Contact you to inform you of any delivery of products you may have ordered.

In addition, your data including Payment Address and Payment Details will be shared with relevant and reputable third-party banking providers including PayPal, Amazon Payments, Apple Pay and Sage Pay in order to verify and authorise your payment or standing order. All third-parties used to process payments are under strict obligation to ensure your personal information is kept private.

Cookies:

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

This website makes use of cookies to monitor visitor sessions. We may collect data about the type of device, internet browser and operating system that you use, and which pages you visit and interact with. We do this, so we can ensure you have best user experience and can be presented with more relevant content, such as products you have previously viewed.

Information stored in the cookie that is issued by the site is not personally identifiable by us. The value stored in the cookie is an anonymous identifier, which is not linked to any other personal information you may give us during your visit. If you do not wish to receive these cookies you can easily and safely disable them in your browser, though doing so may affect the functionality of our website.

We share cookie data with advertising and analytical providers such as Google and Bing for the purposes of conducting online analysis and making improvements to our websites.

4) Direct Marketing

a) Legitimate Interests

We operate on an opt-out basis as we rely on ‘legitimate interests’ as a lawful basis for processing personal data.

We will process your personal data for the purposes of direct marketing of similar products and services from within Health and Vitality Centre Ltd in the future, unless you take the opportunity to opt out of direct marketing upon completion of your first order with us or unsubscribe at any point.

We have put in place several controls to put our guests in an equivalent position of control to consent, and to minimise the potential for harm or distress that any unwanted direct marketing could cause. We have concluded these steps to be reasonable and effective in balancing our interest of direct marketing with guest’s rights and expectations under GDPR.More information on our legitimate interest’s assessment and justification for the above is available on request.

b) Profiling

  • To improve our direct marketing efforts, we consistently update our mailing list of who and who does not want marketing, also offering them the chance to update the details we hold of them. This helps us to ensure that the data we hold is accurate and up to date, which in turn helps us make marketing decisions that are more appropriate to each guest, thus minimising the potential for harm or distress.
  • Any consultants we work with in order to profile our data have been subject to due diligence checks, hold various accreditations and are also subject to a strict data sharing agreement that prevents the data being illegally sold on to other companies for the purposes of marketing.
  • To minimise the risk of any potential harm or distress, any marketing email sent out has an unsubscribe link on them.

Further information on profiling is available on request.

c) What You May Receive

The privacy of your personal data is of the highest importance to us. We will not share or sell your personal details to any company outside of Health and Vitality Centre Ltd or our parent group for the purposes of sending direct marketing, only to profile data in the interests of accuracy as explained above or for the specific needs of your health journey with us, i.e. contacting your GP / Consultant, Insurance company and Police.

Unless you have requested not to receive promotional material from Health and Vitality Centre, have unsubscribed or chosen to opt out in person in the centre, we may use your personal information to provide you with other relevant offers and details of promotions relating to your health journey with us. We may contact you in several ways using the personal data supplied when placing an order which includes:

  1. Email
  2. Post
  3. Telephone

5) Data Retention & Security

When someone comes to our centre for the first time or meets us at an external event any information collected will be stored on secure servers for the length of time requested by the general chiropractic council.

All guest personal data is stored on secure servers employing extensive security measures to ensure it remains fully protected at all times. All servers used for data storage are also physically secured and provided by reputable companies that meet the highest standards of security.

We do not store any payment card information on any of our own servers.

General Retention Periods

Health and Vitality Centre Ltd will retain guest data for as long as is reasonable and necessary by our governing body – currently 8 years.

The Health and Vitality Centre understands under GDPR we have an obligation to ensure that data is kept up to date and accurate. We take this seriously and therefore have a number of controls in place to ensure that data can be amended easily, and that we take steps to ensure out of date data is not used for direct marketing.

More information on retention periods and the steps we have taken to keep data up to date is available on request.

During The Retention Period

Health and Vitality Centre Ltd may use retained guest data for the purposes of ongoing direct marketing as well as enhancing the user experience and guest service. The data we collect and use:

  • Your Title
  • Your Name
  • Your Date of Birth
  • Your Address
  • Your Children’s Ages if any.
  • Your Payment Details if on a standing order payment plan
  • Your Email Address
  • Your Telephone Numbers
  • GP Practise
  • Occupation
  • How did you hear about the Health Centre
  • Any previous medical conditions.

We will store the details securely and back them up daily to secure cloud-based servers provided by reputable data storage specialists.

We may use data to enhance commercial analysis, guest profiling and improve targeting of future direct marketing.

Guests may unsubscribe from any marketing communication at any time. Their data will still be stored on the system and on secure servers. They will be flagged as not to be marketed to, but their data may still be used for, analysis and generic profiling purposes.

We will not sell or rent data outside of Health and Vitality Centre Ltd or our parent group regardless of how long data has been retained for and will adhere to all other terms set out in our Privacy Policy.

Expiration Of The Retention Period

As set out by our governing body the GCC – General Chiropractic Council the maximum retention period is 8 years. After this time all relevant information relating to that specific guest will be destroyed. Further information is available on request.

Data Minimisation

Health and Vitality Centre Ltd will not collect more personal data than the bare minimum for the purposes of direct marketing. Nor will we retain irrelevant information. We have concluded that the data we collect during the initial consultation is the minimum amount we require in order start your health journey with us.

6) Managing Your Personal Data And How It Is Processed

As a valued guest and in line with GDPR, you have full control over your data and how it is used by Health and Vitality Centre Ltd. We offer several ways our guests can manage their personal data in order to ensure that our interest of direct marketing does not override fundamental rights and freedoms or fall outside of a data subject’s expectations.

Your right to object and your right to restrict processing:

Respecting your rights is important to us. We have no desire to send marketing material that is intrusive or not of interest.

To remove your data from email marketing:
Follow the “unsubscribe” link contained within all communications from Health and Vitality Centre Ltd or any of the websites within it

Or

Email the Centre Assistant team at healthandvitalitycentre@outlook.com with “NO ESHOTS” as the email subject

Or

Tell us in person next time you are in the Health Centre

To remove your data from Postal marketing:
Email our Centre Assistant team at healthandvitalitycentre@outlook.com with “NO MAIL” as the email subject

To remove your data from Telephone marketing:
Email our Centre Assistant team at healthandvitalitycentre@outlook.com with “NO PHONE” as the email subject

To remove your data from All marketing activity:
Email our Centre Assistant team at healthandvitalitycentre@outlook.com with “REMOVE” as the email subject.

All the above can also be managed in person by calling our Centre Assistant team on 01707 333390.

Updating Your Details – Your Right To Rectification

Should any of the information you have provided to us change, or require amending, please let us know the correct details by sending an email stating “Change Details” as the email subject, to healthandvitalitycentre@outlook.com.

Or

By sending a letter to Health and Vitality, 32 Great North Road, Welwyn Garden City, Hertfordshire, AL8 7TJ.

Or

By phoning our Centre Assistant team on 01707 333390 and stating the details you would like to rectify.

Subject Access Requests – Your Right To Access

We respect an individual’s right to access any personal data that we hold on them. As such we have an internal process in place in order to handle subject access requests expediently and in accordance with GDPR requirements.

Health and Vitality Centre Ltd will:

  • Provide a copy of the information free of charge. However, we will charge a reasonable fee based on administrative costs when a request is manifestly unfounded, excessive, or repetitive.
  • Provide a response within one month of request.
  • Take reasonable steps to verify the identity of the person making the request.
  • Provide the information in a commonly used electronic format.
  • Where possible, we will provide the information in a secure self-service system, such as a private link to the information hosted on a secure server.

Deletion Of Personal Data – Your Right To Erasure

We respect an individual’s right to delete any personal data that we hold on them. How ever as our governing body the GCC (General Chiropractic Council) request us to keep the information for 8 years, we must unfortunately for the guest wait 8 years and then delete regardless of an individual’s request.

Third-Parties We May Share Your Data With To Fulfil An Order:

  • Direct or ‘Drop-Ship’ Suppliers: Some products we sell may be shipped directly from a supplier to the guest. Where this is the case we will need to pass on invoice and delivery names and addresses in order to fulfil the order. We will have processes and documentation in place with our drop-ship suppliers which will demonstrate our due diligence in checking that they will handle and dispose of any personal data in accordance with GDPR. We will also have strict agreements in place with regards to the processing of personal data.
  • Payment gateways: Your data including Payment Address and Payment Details will be shared with relevant and reputable third-party banking providers including PayPal, Amazon Payments, Apple Pay and Sage Pay in order to verify and authorise your payment so your order can be processed. All third-parties used to process payments are under strict obligation to ensure your personal information is kept private.
  • Search Engines: we use advertising and analytical packages from Google and Microsoft which use cookies in order to deliver their services effectively. This means that we share data collected via cookies on our websites with them, however this is not personal data for us, as we are unable to reasonably identify any individual from it.
  • Couriers; we may despatch orders via a number of established couriers, this involves passing name and address details used for delivery in order to fulfil the order.

7) Data Breaches

Health and Vitality Centre Ltd have a breach reporting procedure in place and in the unlikely event of a breach, will act as per requirements under GDPR.

8) Changes To This Privacy Policy

We may update this privacy policy from time-to-time by posting an updated version on our websites. You should check this page occasionally to ensure you are happy with any changes.

We may also notify you of changes to our privacy policy by email.

Sale Of Business
If our business were sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchasers’ advisers. They may also be passed on to the new owners of the business, in order to continue providing the service that is currently provided. The purchaser however will be required to follow the practices disclosed in this Privacy Policy or to give you at least three months’ notice of any proposed changes.