For the purposes of the Data Protection Act 1998, Mill Acupuncture (‘we’ or ‘us’) are the ‘data controller’ (i.e. the company who is responsible for, and controls the processing of, your personal data).
Personal data we may collect about you
We will obtain personal data about you (such as your name, address, contact telephone number, email address), whenever you complete an online form.
For example, we will obtain your personal data when you send us feedback, contact us for any reason, sign up to the newsletter, book appointments. We may also obtain sensitive personal data about you if you volunteer it during the completion of an online form. If you volunteer such information, you will be consenting to our processing it for the purpose of obtaining medical history for case history and treatment purposes.
Occasionally we may receive information about you from other sources, which we will add to the information we already hold about you in order to help us, improve and personalise our service to you.
How we use your personal data
We will use your personal data for the purposes described in the data protection notice that was given to you at the time your data were obtained. These purposes include:
• to help us identify you and any accounts you hold with us;
• research, statistical analysis and behavioural analysis;
• customer profiling and analysing your purchasing preferences;
• marketing—see ‘Marketing and opting out’, below;
• fraud prevention and detection;
• billing and order fulfilment;
• customising this website and its content to your particular preferences;
• to notify you of any changes to this website or to our services that may affect you;
• security vetting;
• improving our services;
Marketing and opting out
If you have given permission, we may contact you by email, SMS, email, telephone, about hints and tips, blogs, special offers, updates, new services that may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time. See ‘Your rights’, below for further information.
Disclosure of your personal data
We may disclose your personal data to:
• our agents and service providers;
• law enforcement agencies in connection with any investigation to help prevent unlawful activity
• our business partners in accordance with the ‘Marketing and opting out’ section above; and
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
• access to your account is controlled by a password and username that are unique to you;
• we store your personal data on secure servers; and
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.
We may monitor and record communications with you (such as emails) for the purpose of quality assurance, training, and compliance.
Information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
• give consent on his/her behalf to the processing of his/her personal data;
• receive on his/her behalf any data protection notices;
• give consent to the transfer of his/her personal data abroad; and
• give consent to the processing of his/her [insert category or categories of sensitive personal data, eg health information].
Transfers of data out of the EEA
When you signed up for the newsletter you agreed that we may transfer your personal data to countries outside the European Economic Area such as the USA for email marketing services. Rest assured that we will always ensure any transfer is subject to appropriate security measures to safeguard your personal data.
You have the right, subject to the payment of a small fee (currently [£20]), to request access to personal data that we may process about you. If you wish to exercise this right, you should:
• put your request in writing;
• include proof of your identity and address (eg a copy of your driving licence or passport, and a recent utility or credit card bill);
• Specify the personal data you want access to, including any account or reference numbers where applicable.
You have the right to require us to correct any inaccuracies in your data free of charge. If you wish to exercise this right, you should:
• put your request in writing;
• provide us with enough information to identify you (eg full name, phone number)
• Specify the information that is incorrect and what it should be replaced with.
You also have the right to ask us to stop processing your personal data for direct marketing purposes. If you wish to exercise this right, you should:
• put your request in writing (an email sent to email@example.com) with a header that says ‘Unsubscribe’ is acceptable);
• provide us with enough information to identify you (e.g. full name, phone number)
• If your objection is not to direct marketing in general, but to direct marketing by a particular channel (e.g. email), please specify the channel you are objecting to.
Our contact details
We welcome your feedback and questions. If you wish to contact us, please send an email to firstname.lastname@example.org