Privacy Notice
This privacy notice explains how Lauren Stoney Life Crafting uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing.
Data controller
Lauren Stoney Life Crafting is the data controller, this is because we make decisions about what data is collected and how it is used and with whom it is shared with. We can be contacted at lauren@laurenstoney.co.uk or telephone number 07554 841880
On what basis do we collect and process your data?
Data Protection law defines the basis by which we can lawfully collect and process personal data. To allow us to engage with you to provide our services, we will collect and process personal data where it is necessary to enable a contract for services to be put in place and subsequently to deliver that service and also where it is in our legitimate interest to do so. This includes the collection of third-party emergency contacts. In doing this we are careful to do this in a way that does not outweigh your own rights and freedoms. Our legitimate interests are to fulfill your requirements to the best of our ability and to raise awareness of the benefits of the Lightning Process®.
To tailor the Lightning Process® to your specific needs and condition, we need to process personal data about your health, religious beliefs, and relationships. This type of data is called Special Category data because of its nature and we require your explicit consent to process this information. We will also process your personal data with your consent to send you updates and marketing material which we feel is relevant to you.
You are free to withdraw your consent at any time and can do so by contacting us on the numbers above or using the email address.
We will also process your data if we feel it is required to protect your vital interests, or the vital interests of another person. This might occur in serious life or death situations where immediate disclosure of personal data is required, and you are unable to give that information yourself.
This is the data we collect and the basis for doing so.
Contact details
Data collected: Name, address details, telephone number(s), email address
Purpose: Provide required service, Marketing
Legal Basis: Contract (Article 6(b)), Legitimate interest (Article 6(f))
Data collected: Emergency contact telephone numbers
Purpose: Vital Interest
Legal Basis: Legitimate interest (Article 6(f))
Data collected: General practitioner
Purpose: Duty of Care
Legal Basis: Legitimate interest (Article 6(f))
Contextual
Data collected: Occupation, marital status, lifestyle
Purpose: Legitimate interest (Article 6(f))
Legal basis: Provide required service
Health Data
Data collected: Medical history
Purpose: Provide required service
Legal basis: Contract (Article 6), Explicit consent (Article 9(2)(a))
Identity details
Data collected: Date of birth, signature
Purpose: Provide required service
Legal basis: Contract (Article 6(b))
Data collected: Emergency contact name
Purpose: Provide required service
Legal basis: Legitimate interest (Article 6(f))
Religious beliefs
Data collected: Religion (only if applicable)
Purpose: Provide required service
Legal basis: Contract (Article 6), Explicit consent (Article 9(2)(a))
Sex life
Data collected: Sexual orientation / behaviour (only if applicable)
Purpose: Provide required service
Legal basis: Contract (Article 6), Explicit consent (Article 9(2)(a))
We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication. In addition to the lawful purpose described previously for the above categories, we have a legitimate interest purpose to collect and retain this data to enable and improve our communication and for record keeping purposes.
The data we collect as data controllers from our data subjects is obtained directly from the data subject themselves, although some contact details may be obtained from third party referrals. Please see our Cookie Policy for information on the data collected by our website.
Some of the data we collect is deemed necessary to contractually deliver our service to you. If you do not provide this data, we will be unable to enter you onto the Lightning Process®.
Data recipients and data transfers
We do not sell any of your personal data to any third party. We do share data where necessary with referring clinics and we also transfer data to our client relationship management platform called HubSpot CRM. HubSpot CRM store the data we place onto the system on Amazon Web Services (AWS) in the United States East region or AWS in the Germany region.
HubSpot has a robust privacy program that is designed to align with many regions’ data hosting needs. HubSpot’s Data Processing Agreement includes the European Commission’s Standard Contractual Clauses (SCCs) as the mechanism to transfer data from the EU to the US. Additionally, HubSpot follows the Privacy Shield Principles. These guarantees are structured to assure the appropriate groups that HubSpot’s data-handling processes meet rigorous policy requirements.
We transfer data for processing to Zapier. This application transfers your data to the United States of America which is conducted through Standard Contractual Clauses approved by the European Union and UK Government.
We utilise virtual assistant administrative support for assistance with administrative tasks and some communications. These services process your data for our business purpose and we ensure they have the appropriate level of security in place to protect your data. These services are based in the UK.
With your consent, we also share your data with the Lightning Process® head office in the UK to enable progress monitoring.
Your personal contact data is transferred to Tsohost who are our web and email hosting provider. We use Google Mail. In addition, we share your data with Facebook to allow targeted advertising when you use that platform. The data we send is encrypted and pseudonymised by Facebook so that they do not collect any additional information from you. We undertake this data sharing in the legitimate interests of the company.
Where required we will disclose your personal data with law enforcement and fraud prevention agencies. This is so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject. Additionally, we will disclose your personal data in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Personal data in electronic form is held in UK, EU or USA accredited data centres. Where data is transferred outside of the EEA, we ensure that the transfer is covered by an EU adequacy decision or through mechanism such as standard contractual clauses as approved by the EU.
Sensitive information
Lauren Stoney Life Crafting does process sensitive data as defined by Article 9 of the GDPR. Specifically, we process:
- Religious beliefs data (where appropriate)
- Medical and health data
- Sex life (where appropriate)
In order to process this data lawfully, we obtain explicit consent from you.
Retention policy
The data we collect directly from you is the minimum we require to facilitate the lawful processing activity described above. Personally Identifiable Information processed by us will be deleted in accordance with legal obligations and or our retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.
Full personal data of clients will be retained for a minimum of 3 years following the end of any commercial agreement. Personal data required for statutory reporting or HMRC audit purposes will be retained for 7 years.
Name and contact details of clients processed for the purposes of marketing activity will be retained for the duration that consent is maintained. This also applies to personal data provided through our website contact form.
For personal referrals, we will retain name and contact details on our CRM for 12 months.
Data storage and security
We follow strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission and to prevent unauthorised access. We store both physical and electronic records. We have put in place technical and organisational measures to ensure our physical security as well as technical measures for data backup, authorisation and authentication onto systems. We use secure firewalls and other measures such as strong passwords to restrict electronic access, including anti-virus and anti-malware measures. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data. We have a process in place to mitigate the impact of any data breach that should occur.
Only persons who need the information to fulfil their roles and responsibilities are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly.
Your rights as a data subject
The regulations provide a number of rights to you as the Data Subject. Lauren Stoney Life Crafting is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
- The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information
- Right of Access – you have the right to know what personal information is held, by whom and why.
- The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
- Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
- Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
- Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
- Right to Object – You have the right to object to profiling and direct marketing
- You also have rights in relation to automated decision making.
You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk
Automated decision making
We do not use automated decision making to process personal data.
Third party websites
Our website may contain links to other websites. This privacy policy only applies to Lauren Stoney Life Crafting, so if you follow a link to another website, you should read that organisation’s own privacy policy.
Changes to our privacy policy
We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in August 2022.
How to contact us
You can write to us at this address:
Lauren Stoney Life Crafting
35 Clyde road, Brighton,
BN1 4NN
You can telephone us on this number: 07554 841880
You can email us by using this link: lauren@laurenstoney.co.uk