GDPR Policy
Amanda Brooks is a sole trader in complementary therapy and currently holds the email addresses for her clients so will be classed as the Data Protection Officer
Websites
The websites www.findyourinnerharmony.co.uk and www.peacewithin.online both have opt in to the newsletters, which asks the customer to accept subscription after their initial enquiry and the option to unsubscribe at any time. The email database is never shared and is kept, in order, to update customers with new information, in regards, to, health, changes in my services such as: new therapies, changes to opening hours, holidays, price increases, etc. No personal information of clients is held on either website.
Mail Chimp and Campaign Monitor– Email Campaigns
MailChimp and Campaign Monitor is used to send monthly email about the month’s current topic – which has an unsubscribe button and supports SSL encryption. https://us10.admin.mailchimp.com/account/billing-plan/
Using MailChimp and Campaign Monitor signup forms on www.findyourinnerharmony.co.uk and www.peacewithin.online results in there always being a record of the permission data, and also has a double opt-in feature, which, requires the client to choose for a second time, thereby, ensuring they are happy with the sign-up to the newsletter.
Also all e-news sent either via www.peacewithin.online or www.findyourinnerharmony.co.uk will include a “preferences” link in the footer of any campaign, which gives all recipients the ability to easily update and edit their profile details within the MailChimp and Campaign Monitor account, meeting the GDPR’s right of access requirement. Or, if they contact Amanda Brooks, this will be actioned within one week of contact
Emails
Emails with my clients are on devices that are password protected and/or use biometrics to access.
Payments
All payments are either through Paypal, Stripe or Internet Banking where encrypted passwords are used to access the accounts.
Computer, Mobile Phone, Ipads and Phone Security
All devices have Kaspersky Total Security on them, which are kept up-to-date on a regular basis. The devices are either hard wired to the internet or use the wireless network and have encrypted passwords that, along with the password protection of Kaspersky on each device, is only accessible by Amanda Brooks, or her staff. Data is not stored in the ‘cloud’.
Each device is password and finger print protected, so no-one can access the data unless they are Amanda Brooks, or her staff.
Compliance
Amanda Brooks is currently with the ICO (Information Commissioner’s Office) and has compliance for the data with them.
Data breaches
In the event of a data breach, ICO (Information Commissioner’s Office) will be contacted within 72 hours, and from the decision reached with them, all affected clients will be contacted by Amanda Brooks.
The right to be forgotten, object, rectification, access and portability.
- Right to be forgotten: An individual may request that an organization delete all data on
that individual without undue delay. Within 48 hours (during normal working hours and excluding holidays) of the request being made the client’s information will be deleted from any newsletter or database list that Amanda Brooks holds.
- Right to object: An individual may prohibit certain data uses.
- Right to rectification: Individuals may request that incomplete data be completed or
that incorrect data be corrected. This is to be actioned within 48 hours (during normal working hours and excluding holidays) of the request.
- Right of access: Individuals have the right to know what data about them is being
processed and how. This is laid out in the sign-up form that each client must complete in order to receive emails about the services.
- Right of portability: Individuals may request that personal data held by one
organization be transported to another by written request from said client, this will be actioned within one week.
Business Paperwork
All paperwork is kept under lock and key which is only accessible by Amanda Brooks and her employees.