Updated: 8 October 2018
Omega is the controller of any personal information gathered by your use of our website and services. Our website is a general audience website, intended for users of all ages. Where we use third parties to process your data, these parties are known as processors of your personal data. We have a contract with these third parties for the provision of these services.
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.
This policy describes the type of information that we may collect, the purposes for which we use the information and how we may share that information. We appreciate your trust in us fas you use our website.
You may call us on: +44 33 0001 1030 or email us email@example.com with any queries about this Policy at any time.
THE PURPOSE OF THIS POLICY
This Notice is designed to help you understand what kind of information we collect in connection with our services and how we will process and use this information. In the course of providing you with our services we will collect and process information that is commonly known as Personal Data.
This Policy describes how we collect, use, share, retain and safeguard Personal Data.
This Policy sets out your individual rights; we explain these later in the Policy but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
This Policy applies when you may share personal data in contact with us via our website, online forms, email, social media accounts, the telephone, when writing to us directly or where we provide you with paper based forms for completion or we complete a form in conjunction with you.
WHAT IS PERSONAL DATA?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.
Personal data may contain information which is known as special categories of personal data. This may be information relating to and not limited to, an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation.
We are legally required to comply with specific data processing requirements for Personal Data.
WHAT PERSONAL DATA IS COLLECTED BY OMEGA?
In order for us to provide and administer our website and services for our clients, we will collect and process personal data about you. We will also collect your personal data where you request information about our services, customer events, promotions and campaigns.
As a provider of wellbeing services, we will process the following categories of data:
Personal data such as an individual’s name, address, date of birth, gender, and contact details.
Special categories of personal data such as health and details on historic injuries or illnesses (physical and physiological) and aspects of your health that may affect your participation or our provision of services to you.
If you object to the collection, sharing and use of your personal data we may be unable to provide you with our services.
We may record your communications with us when contacting our professionals and management team.
We may collect information about your visits to us to help us personalise your experience with us. By providing this information to us you are consenting our use in the manner set out in this policy.
We do not knowingly accept information or attendance of anyone under the age of 18 years old.
WHY DO WE NEED YOUR PERSONAL DATA?
We use this information for the performance of our contract with you, to quote for and provide you with wellbeing services, to respond to any requests from your about the services we provide, to facilitate our business administration, administration of your membership, bookings of sessions, retreats and appointments with Omega and other transactions. We may use this information to notify you of service changes, process payments and maintain account records.
If you contact us for a quote or request details on the services we provide, we consider ourselves as having a legitimate business interest to provide you with further information about our products and services. You may request to be withdrawn from all such marketing activities at any time.
We will also use your personal data to manage your account, perform statistical analysis on the data we collect, for business forecasting purposes and to develop new and market existing products and services.
We may promote Omega services to you using the information you provide to us, including email or text. If you wish to receive promotional offers please select the opt in button or use one of our website forms to sign up to receive emails.
We use third party software to securely store your data all as set out below in ‘Third Party Services’ to perform specific functions to support our services. Third party service providers have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process the personal information as permitted by the UK’s implementation of the General Data Protection Regulation 2017 (EU Data Protection Directive 2016/680 ). We do not sell or pass your personal information onto third parties.
You may request what data we have stored about you from firstname.lastname@example.org
In some situations we may request your consent to market our services to you, to share your data or to transfer your data outside the European Economic Area. Where we require consent, your rights and what you are consenting to will be clearly communicated to you. Where you provide consent, you can withdraw this at any time by contacting our Data Privacy Representative at email@example.com
SPECIFIC COLLECTION AND THIRD PARTIES
Information that you provide via a third party service is at your discretion and will be stored by that third party to provide the function required in our service. Below details the functions that we use these third parties in Omega’s business.
While using our Site, we may ask you to provide us with certain personally identifiable information that might be collected through our website provider Squarespace. This includes collection of your unique online electronic identifier; this is commonly known as an IP address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics. Squarespace provides basic cookies to monitor the function of their services to Omega Movement. Further, functional cookies for our website to function include URL redirects, shopping cart to purchase our services. Analytic cookies are placed to show us where our traffic comes from, what pages are looked at and for how long, and where our website is abandoned. Please check Squarespace’s cookie information in our website here.
We use Google Analytics to give us an idea of where our website traffic data comes from and how people use our website. In particular we link this to Google Ads which allows us to understand those interested in our services and how we can design adverts that will interest that audience and encourage them to purchase our services. We also use Google Signals that tracks your use across devices and platforms to better target to your interests if you have a Google account. You can opt out of seeing personalised ads here. Details on Google Analytics can be found here.
EMAILS & CLOUD DRIVE
Omega uses Google Mail for our emails and your email address will then be stored in our Google Mail account. We use Google Drive to store our notes and documents for services provided to our clients. This is a legal requirement by our insurer Balens.
If you wish to pay using an online transaction such as credit card we use Stripe, Xero and Paypal. These third party payment providers are PCI compliant to ensure your financial data is secure and we can never access your full payment details. Only information that you submit during payment such as email address is stored for us to match to our invoice records using Xero (our accounting software).
We use Acuity Scheduling to manage our client bookings and credits. You may book and pay using this software, and only the data you complete when booking is stored. If we book on your behalf, we enter your name and email to confirm the bookings and payment options to monitor your service credits. You may update the details in Acuity at any time by logging into the account or emailing us.
To deliver our services to you, we may use Zoom, Dropbox and WeTransfer to send you files of recordings from your sessions with us and these processors only use your email address. We do not keep further records in these services. If you have purchased a ‘Program’ or ‘pack’ with us you will be given access to your personalised training Google Drive folder as part of our service.
SURVEYS & MARKETING
We may ask you to complete surveys about Omega’s service. You do not have to participate and you can choose to complete your name and email address or leave it anonymised.
We mail email you from Mailchimp with promotions and offers once a month. You can unsubscribe from this at any time from within one of these emails or contacting us at firstname.lastname@example.org
If you follow us on any social media platforms, your privacy settings in your social media account control what you share with others. Please be aware that our settings are to ‘Public’ where you leave reviews, comments and we will tag you where appropriate. Where appropriate, on our retreats and during our services we may take photographs and/ or videos of you and may be used on social media and marketing of our services. Please contact us at any time should you wish to change or amend any posts on social media by us.
For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
If you require more information about how we collect personal data and with whom we share data with, please contact Nid our Data Privacy Representative by e-mailing email@example.com
THIRD PARTY LINKS
Our Website may include links to third party websites. We do not provides any personally identifiable customer information to these sites, e.g. Vimeo, YouTube and Podomatic.
We do not have any control or responsibility over the content of third party sites, nor do we validate any of their content or information provided. We fully disclaim any liability as a result of your use of their website, information, products or services that you obtain with such third party.
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive. Cookies are used to identify visitors and to simplify accessibility, and to monitor visitor behaviour when viewing website content, navigating our website and when using features.
Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
If you contact us via our website, you may provide us with personal data when completing online health or contact forms. We use Mailchimp for our mailing list. Both of these services store the data that you submit for our records of client management only.
Facebook shows you adverts from off Facebook using cookies. You can control what adverts Facebook shows you in your Facebook settings or selecting on the advert when it appears on your Facebook feed. We occasionally use Facebook to advertise our services and can only access the information that you provide to Facebook in your privacy settings. Facebook offers businesses two types of cookies (i) a first-party cookie that enables a business to dynamically target those shown the advert, and (ii) a third-party cookie that serves you more generic adverts. We use the Facebook third-party cookies for our business purposes and this only collects generic data about traffic from Facebook to our website and visits to our Facebook page(s).
Google Analytics may have cookies used to track traffic to and around our website. See above for how to change your settings in Google.
You have legal rights about your personal data. You grant use of your data under the contract and terms herein through your active conduct and use of Omega’s services. At any time you have the right to know what personal data relates to you that is held by Omega, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. You can also request the deletion of their personal data.
You may request the following at any time about your data held by us with regards to the services that we provide:
The right to be informed about the personal data being processed;
The right to rectification of your personal data
The right to erasure of your personal data
The right to restrict processing of your personal data
The right to data portability (to receive an electronic copy of your personal data)
The right to object to the processing of your personal data
The right to access your personal data
In accordance with the General Data Protection Regulations, you may request a copy of all data that Omega Movement stores about you for a £10 administration fee at firstname.lastname@example.org Repeated, unfounded or excessive requests may be challenged by Omega.
There are some limited circumstances that may limit the information that we can provide to you in a request, for example, public interest, law enforcement, legal and or health related matters.
Please also bear in mind that we rely on third parties for some of your information in the flow of data. It may take us the full calendar month permitted to provide a full response to your request.
If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact email@example.com
With your consent, other than as set out above, you will receive notice when your information may be sent to third parties and you will have an opportunity not to share the information. For example, when you book a retreat with us we may share some of your information with the retreat venue for them to fulfil their obligations in providing a service to you.
If you have received Services with Omega we will store your data for 7 years from your last appointment with Omega, as required by our insurers (Balens) for any potential claims. You may have access to this information stored, but this falls under the circumstances where your Right to Request Erasure may be denied: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/
DATA PRIVACY REPRESENTATIVE
To ensure data privacy and protection has appropriate focus within our organisation we have a Data Privacy Officer who is a director of Omega. The Data Privacy Officer is Nid, who may be contacted at: firstname.lastname@example.org
If you are dissatisfied with any aspect of the way in which we process your personal data please contact our Data Privacy Officer. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
REVISIONS AND QUERIES
You may email us at email@example.com
You may post to us at: 1 Marsh House, St Peters Road, Whitstable, Kent, CT5 1SU, UK
Version: 8 October 2018