Website Privacy Policy

Introduction

This policy relates to how I collect, use and disclose data when you use my website, and to your choices and rights relating to that data. Definitions are given at the end.

When you visit this website it collects, stores and uses certain data which is used to deliver and improve the service; however you will have choice about sharing personal data.  By visiting my website you agree to this in accordance with this policy.

Please refer to my separate Clinic Privacy Notice for details about how I keep and use clinic and patient case records at https://lizcastle.com/clinic-privacy-notice

Background to this Policy

UK Data Protection Act 2018 which enshrines the General Data Protection Regulations (GDPR) requirements

General Data Protection Regulations (GDPR) – your rights if you are a resident of the EEA (European Economic Area)

Residents of the UK/EEA have the following data protection rights under certain circumstances, relating to personal information that is held about them:

• To be informed (hence this website privacy policy)
• To access information and have information updated
• For incomplete or inaccurate information to be rectified
• For information to be deleted
• To restrict processing of personal information
• To data portability (receive a copy of the information in a structured commonly used and machine readable electronic format)
• To object to the processing of their data. This includes withdrawing consent when the information was given on the basis of consent.
• Relating to automated decision making including profiling.

Any queries about the GDPR should be addressed to your local UK/EEA data protection authority.

Your information

My website collects several different types of information, which are used:

• to provide, maintain and improve my site;
• to look for, to prevent and deal with any technical issues
• to monitor how my site is used
• to tell you the user about any changes
• to allow you to use some aspects of my site; and, if you request it, to send you my newsletter.

Legal basis: UK Data Protection Act 2018 which enshrines the General Data Protection Regulations (GDPR) requirements.  (if you are from the EEA (European Economic Area) under the General data Protection Regulations (GDPR))

The legal basis for collecting and processing personal data varies according to the type of data and how it is collected.

Liz Castle MBAcC Acupuncturist collects and process personal data:

• to comply with the law
• in relation to a contract with you
• because of “legitimate interests” which are not overridden by your rights.
• because you have given consent (eg for me to send you a newsletter)

Personal Data

While using my site, it may ask you to provide personal information and contact details such as first and last name, email address and telephone number, from which you can be identified. This is so that I can contact you with my newsletter, or on occasion, other promotional material. You can choose to opt in, or to opt out of receiving any of these communications at any time by clicking the newsletter unsubscribe link or following instructions provided in an email. I will keep and use your personal data for the stated intention and in accordance with my legal obligations, to resolve disputes, and enforce my legal agreements and policies. I will not keep your personal information longer than necessary for the purposes set out in this privacy policy.

Usage Data

My website may collect ‘usage data’, such as your computer’s IP address, type of browser, when you look at my site and how long you stayed on a particular page, as well as unique device identifiers and other diagnostic data.

Usage data is used to analyse how my site is being used. This is usually kept for less time than personal data, except when the data is used to improve security or the functionality of the site, or if by law I am required to keep this data for a longer length of time.

Tracking Cookies Data

Cookies (and similar tracking technologies) track the activity on my site.

A cookie is a small file which is sent to your internet browser from a website and is stored on your computer or other device. It may include an anonymous unique identifier, such as a serial number.

Third party cookies such as those used by Google or Facebook are included in many websites for functions such as statistics or for advertising data.

You can stop the use of all cookies or get your browser to say when a cookie is being sent. If you decide not to accept cookies, some of my site may not be available to you.

My website currently uses the following cookies:

• Session cookies: in order to operate the website
• Preference cookies: to remember your preferences and some settings

Please see my Cookie Policy for further details.

Data Retention

My website is hosted by WP Engine.  I understand that they do not collect personal information. The personal data that you may choose to give me to sign up for my newsletter, will only be kept while you are subscribed, and you can unsubscribe at any time.

Data Transfer

Any data you submit is transferred to the United Kingdom, where it is processed. If you live outside the UK, the data protection laws may be different from where you live.

By consenting to this Privacy Policy and by submitting personal information you are agreeing to the transfer of data.

I will take all reasonable measures to ensure that your information is treated securely, as laid down in this privacy policy. Your personal data will not be transferred to any organization or country unless there are sufficient safeguards in place to ensure your personal information is secure.

Data Disclosure

Liz Castle aims to take reasonable steps to allow you

• to change, correct, delete, or limit the use of your own personal information. You can update your personal data within your account settings section (for example if you use Mail Chimp to sign up for my website), or you can contact me to make changes to information that I hold. If you would like to know what personal data I hold, please contact me.

• In certain circumstances, you are entitled to access and receive a copy of the personal data I hold in a common electronic form so that you can correct any inaccuracies, or request its deletion. You may need to prove your identity before I respond to any such request.

Patients and prospective patients please refer to my privacy notice for more information about your rights as a patient relating to your case notes.

Service Providers

I may employ a third-party company or individual to assist with, maintain, provide or analyse my internet service on my behalf. Access any third party has to your personal data is limited to what is necessary to perform these tasks. They are not allowed to use it for anything else or to pass it on.

Data Security

Although I will endeavour to keep your data secure by using responsible service providers, transferring information over the internet or storing it electronically is never completely secure. Therefore, I cannot make an absolute guarantee as to its security.

Patients and prospective patients please note that if you send me emails, the replies that I send to you are not encrypted. For this reason I prefer to receive personal data by telephone or in person, and sensitive information during consultations only.

Legal Requirements

I may be required to or in good faith believe it necessary to disclose your personal data when requested by a public authority, to comply with a legal obligation, to protect against legal liability, to protect my rights or property, to prevent or investigate possible misconduct in connection with my website, or to protect the public or the personal safety of users of this website.

Mail Chimp

I use Mailchimp as my Newsletter delivery service. When you sign up on the website to join my newsletter list, your name and email address are collected by Mailchimp. They take the security of your data seriously. You can read their privacy policy here: https://mailchimp.com/legal/privacy/

They will hold your data until you decide to unsubscribe. You can unsubscribe from my newsletter via the ‘Unsubscribe’ link at the bottom of every newsletter. You can change your preferences using the link at the bottom of every newsletter. You can also contact me at any time and ask me to completely ‘forget’ any information Mailchimp holds in connection with you. Email me at info@lizcastle.com or telephone me on 01948 880170

Google Analytics

I use Google Analytics to monitor and analyse the use of my website Service.

Google Analytics analyses web activity. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out from having your activity on my web site available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/

Links to other sites

If you click on a link to another site, I have no control over and assume no responsibility for the content, practices or privacy policy of that third-party site or service. You should review the privacy policy of every site you visit.

Children

My website is not aimed at anyone under the age of 13. I do not knowingly collect personally identifiable information from anyone under the age of 13. If as a parent or guardian you find out that your child has provided me with personal data, please contact me. If I discover that I have collected personal data from children without parental consent, I will take steps to remove that information from my servers.

Changes to this Website Privacy Policy

If I update this privacy policy I will let you know of any changes by posting the new policy on this page and update the ‘effective date’ at the top. In advance of any change I will also email you, or put a prominent notice on my site. I suggest that you review this privacy policy periodically for any changes, which become effective when they are posted on this page.

This website is made using Word Press and hosted by WP Engine.

Questions

If you have any questions about my Website Privacy Policy, and to exercise all relevant rights, queries or complaints please in the first instance contact me Liz Castle MBAcC Acupuncturist (the data controller):

• by email info@lizcastle.com
• by visiting my website https://lizcastle.com/website-privacy-policy
• by telephone: 01948 880170

Further to this in the UK you can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Definitions

GDPR

General Data Protection Regulations

Personal Data

Personal Data means data or informqation about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

Data Subject

Data Subject is any living individual who is the subject of Personal Data

User

The User is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Cookies

Cookies are small pieces of data stored on a User’s device.

Data Controller

Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, I am a Data Controller of your data.

Data Processor (or Service Providers)

Data Processor (or Service Provider) means any person who processes the data on behalf of the Data Controller. I may use the services of various Service Providers in order to process your data more effectively.