GDPR Privacy Notice
This document refers to personal data, which is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.
The General Data Protection Regulation (GDPR) which is EU wide and far more extensive than its predecessor the Data Protection Act, along with the Privacy and Electronic Communications Regulations (PECR), seek to protect and enhance the rights of EU data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU and its storage within the EEA.
This is the privacy notice of Veronica Massa.
I am a fully qualified therapist. I provide holistic therapies and I am a full member of IFPA, the International Federation of Professional Aromatherapist, ensuring high standards of professional integrity and healthcare. I am also a certified cosmetic maker and offer natural skincare to clients.
In this notice Veronica Massa will be referred to as VM, "we", "our", or "us".
This is a notice to inform you of VM policy about all information that VM records about you. It sets out the conditions under which VM may process any information that VM collect from you, or that you provide to VM. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
If there are one or more points below with which you are not happy, please leave VM website immediately and unsubscribe from VM newsletter.
VM takes seriously the protection of your privacy and confidentiality. VM understands that all visitors to VM website are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party.
VM undertake to preserve the confidentiality of all information you provide to VM, and hope that you reciprocate.
VM policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
The law requires me to tell you about your rights and our obligations to you in regards to the processing and control of your personal data. VM do this now, by requesting that you read below and the information provided at knowyourprivacyrights.org
Except as set out below, VM do not share, or sell, or disclose to a third party, any information collected through VM website.
Through agreeing to this privacy notice you are consenting to Veronica Massa processing your personal data for the purposes outlined. You can withdraw consent at any time by using the postal, email address or telephone number provided at the end of this Privacy Notice.
The bases on which VM process information about you
The law requires to determine under which of six defined bases VM processes different categories of your personal information, and to notify you of the basis for each category.
If a basis on which VM processes your personal information is no longer relevant then VM shall immediately stop processing your data.
If the basis changes then if required by law, VM shall notify you of the change and of any new basis under which VM have determined that VM can continue to process your information.
Your rights as a data subject
At any point whilst VM is in possession of, or processing your personal data, all data subjects have the following rights:
Right of access – you have the right to request a copy of the information that VM hold about you.
Right of rectification – you have a right to correct data that VM hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data VM hold about you to be erased from VM records.
Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
Right of portability – you have the right to have the data VM hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
In the event that VM refuses your request under rights of access, VM will provide you with a reason as to why, which you have the right to legally challenge. At your request VM can confirm what information VM holds about you and how it is processed.
You can request the following information:
Identity and the contact details of the person or organisation (VM) that has determined how and why to process your data.
Contact details of the data protection officer, where applicable.
The purpose of the processing as well as the legal basis for processing.
If the processing is based on the legitimate interests of VM and information about these interests.
The categories of personal data collected, stored and processed.
Recipient(s) or categories of recipients that the data is/will be disclosed to.
How long the data will be stored.
Details of your rights to correct, erasure, restrict or object to such processing.
Information about your right to withdraw consent at any time.
How to lodge a complaint with the supervisory authority (ICO).
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
The source of personal data if it wasn’t collected directly from you.
Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
1. Information we process because we have a contractual obligation with you
Legal basis for processing any personal data
To meet VM contractual obligations obtained from explicit Patient Consent and legitimate interest to respond to enquiries concerning the services provided. The legitimate interests pursued by VM is to promote treatments for clients with common ailments, skin problems and beauty enhancement goals.
When you create an account on VM website, buy a product or service from VM, or otherwise agree to VM terms and conditions, a contract is formed between you and VM. In order to carry out VM obligations under that contract VM must process the information you give us. Some of this information may be personal information.
We may use it in order to:
verify your identity for security purposes
sell products to you
provide you with our services
provide you with suggestions and advice on products, services and how to obtain the most from using our website
VM process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.
Additionally, I may aggregate this information in a general way and use it to provide class information, for example to monitor my performance with respect to a particular service I provide. If we use it for this purpose, you as an individual will not be personally identifiable.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
2. Information VM process with your consent
Personal Data for the purpose of providing treatment – FOR YOU AS A CLIENT RECEIVING TREATMENT.
a) For the purposes of providing treatment, VM may require detailed medical information. VM will only collect what is relevant and necessary for your treatment. When you visit VM clinic, VM will make notes which may include details concerning your medication, treatment and other issues affecting your health.
VM will require your signature as you consent to receive treatment and agree with the way VM process your information and personal data. This data is always held securely, is not shared with anyone not involved in your treatment, although for data storage purposes it may be handled by pre-vetted staff who have all signed an integrity and confidentiality agreement. To be able to process your personal data it is a condition of any treatment that you give your explicit consent to allow VM to document and process your personal medical data. Contact details provided by you such as telephone numbers, email addresses, postal addresses may be used to remind you of future appointments and provide reports or other information concerning your treatment.
b) For marketing purposes, VM may also use the contact details provided by you to respond to your enquiries, including making telephone contact and emailing information to you which VM believe may be of interest to you, including VM newsletter.
c) In making initial contact with VM, you consent to VM maintaining a marketing dialogue with you until you either opt out (which you can do at any time) or VM decide to desist in promoting VM services.
d) Some basic personal data may be collected about you from any marketing forms and/or surveys you complete, from records of my correspondence and phone calls and details of your visits to my website, including but not limited to, personally identifying information like Internet Protocol (IP) addresses.
e) VM will only collect the information needed so that VM can provide you with the services you require, VM will not sell or broker your data.
VM will keep your personal information safe and secure, and only VM will have access to your patient records. VM will not disclose your Personal Information unless compelled to, in order to meet legal obligations, regulations or valid governmental requests.
g) Retention Policy
VM will process personal data during the duration of any treatment and will continue to store only the personal data needed for eight years after the contract has expired to meet any legal obligations. After eight years all personal data will be deleted, unless basic information needs to be retained by me to meet my future obligations to you, such as erasure details. Records concerning minors who have received treatment will be retained until the child has reached the age of 25.
Personal Data for the purpose of visiting VM website
Through certain actions when otherwise there is no contractual relationship between us, such as when you browse this website or ask us to provide you more information about our business, including our products and services, you provide your consent to us to process information that may be personal information.
Sometimes you might give your consent implicitly, such as when you send VM a message by e-mail to which you would reasonably expect VM to reply.
Except where you have consented to VM use of your information for a specific purpose, VM do not use your information in any way that would identify you personally. VM may aggregate it in a general way and use it to provide class information, for example to monitor the performance of a particular page on my website.
VM continues to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing VM at / or unsubscribing from VM newsletter. However, if you do so, you may not be able to use this website or VM services further.
3. Information VM process because we have a legal obligation
VM is subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation. For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This may include your personal information.
Specific uses of information you provide to me
4. Information provided on the understanding that it will be shared with a third party
This website allows you to post information with a view to that information being read, copied, downloaded, or used by other people.
tagging an image
clicking on an icon next to another visitor’s message to convey your agreement, disagreement or thanks
leaving comments on blog posts
In posting personal information, it is up to you to satisfy yourself about the privacy level of every person who might use it.
We do store it, and reserve a right to use it in the future in any way we decide.
Once your information enters the public domain, VM have no control over what any individual third party may do with it. We accept no responsibility for their actions at any time.
Provided your request is reasonable and there is no legal basis for US to retain it, then at VM discretion, we may agree to your request to delete personal information that you have posted. You can make a request by contacting VM at firstname.lastname@example.org.
5. Complaints regarding content on my website
If you complain about any of the content on this website, we shall investigate your complaint. If we feel it is justified or if we believe the law requires us to do so, we shall remove the content while we investigate.
Free speech is a fundamental right, so we have to make a judgment as to whose right will be obstructed: yours, or that of the person who posted the content that offends you. If VM think your complaint is vexatious or without any basis, VM shall not correspond with you about it.
6. Information relating to your method of payment
At the point of payment, you are transferred to a secure page on the website PayPal or if paying by credit/debit card payment is taken via Stripe payment gateway. No payment details are kept on our website or servers. All payment data is fully secure and safe and processed through stripe who is fully PCI compliant.
7. Sending a message to VM
When you contact VM, whether by telephone, through this website or by e-mail, we collect the data you have given to us in order to reply with the information you need.
We record your request and my reply in order to increase the efficiency of my business
We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high quality service.
Use of information we collect through automated systems when you visit this website
to track how you use this website
to record whether you have seen specific messages displayed on this website
to keep you signed in this site
to record your answers to surveys and questionnaires on this site while you complete them
9. Personal identifiers from your browsing activity
Requests by your web browser to our servers for web pages and other content on this website are recorded.
This website records information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.
This website uses this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.
If combined with other information VM knows about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.
10. Our use of re-marketing
Re-marketing involves placing a cookie on your computer when you browse our website in order to be able to serve to you an advert for VM products or services when you visit some other website.
Disclosure and sharing of your information
11. Information we obtain from third parties
Although VM do not disclose your personal information to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from your personal information from third parties whose services we use. No such information is personally identifiable to you.
In other cases, social media which VM uses for marketing purposes such as Facebook, will identify you as being connected to VM and suggest a “friendship” between us. You are welcome to “add VM as your “friend” and like my page. May VM invite you to “like VM page” or ask for your “friendship”, with your permission and without obligation, you have the right to refuse it. The same right applies to me.
12. Credit reference
To assist in combating fraud, we share information with credit reference agencies, so far as it relates to clients or customers who instruct their credit card issuer to cancel payment to us without having first provided an acceptable reason to us and given us the opportunity to refund their money.
13. All Data is held in the United Kingdom. VM do not store personal data outside the EEA.
Access to your own information
14. Access to your personal information
At any time you may review or update personally identifiable information that we hold about you, by signing in to your account on this website.
To obtain a copy of any information that is not provided on my website you may send u a request at email@example.com.
After receiving the request, we will tell you when we expect to provide you with the information, and whether we require any fee for providing it to you.
15. Removal of your information
If you wish VM to remove personally identifiable information from this website, you may contact us at firstname.lastname@example.org.
This may limit the service VM can provide to you.
16. Verification of your information
When we receive any request to access, edit or delete personal identifiable information, we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
To verify your identity, VM will accept the following forms of identification (ID) when information on your personal data is requested: a copy of your driving licence, passport or birth certificate, together with a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If VM is dissatisfied with the quality, further information may be sought before personal data can be released. All requests should be made to or by phoning +44 7878494322.
18. Use of site by children
VM do not sell products or provide services for purchase by children, nor do VM market to children.
If you are under 18, you may use this website only with consent from a parent or guardian.
19. How you can complain
In the event that you wish to make a complaint about how your personal data is being processed by us, you have the right to complain to mVM by email at email@example.com or writing to Veronica Massa, 46 Eastman House, Poynders Road, London SW4 8NQ or phoning +44 7878494322.
If a dispute is not settled then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.
If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office. This can be done at https://ico.org.uk/concerns/. ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF Telephone +44 (0) 303 123 1113
21. Retention period for personal data
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
to provide you with the services you have requested;
to comply with other law, including for the period demanded by tax authorities;
to support a claim or defence in court.
22. Compliance with the law
However, ultimately it is your choice as to whether you wish to use this website or VM services.
We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on this website on the day you use it. We advise you to print a copy for your records.