It’s where we tell you all the important stuff about what how we collect and process your personal data when you are using our websites www.serenwood.co.uk or www.rachelflower.co.uk or https://rachelflower.mykajabi.com (together our “Sites”).
We trade as Serenwood Limited and/ or Rachel Flower Coaching (“We” “our” or “us”) a company based in the United Kingdom. We are responsible as a “Data Controller” of your personal information for the purposes of the General Data Protection Regulation (GDPR) which applies across the European Union. We are currently exempt from registration with ICO on the Data Protection Register. We use, collect and are responsible for certain personal information about you and because of that we want and need to tell you about how we will act with integrity to comply with legal obligations in that regard.
Highlights: We only use your data to improve your experience with us and to help and benefit you.
Simples: We’ll do our very best to talk straight, answer your questions, take away your stress.
Junk-free: Aside from the fact we hate junk and crave a simpler world, we put the power in your hands to choose what and how we speak to you.
Safety first: We take privacy and data protection very seriously. Protected 24/7.
Age of consent: when you provide us with any information, you warrant to us that you are over 13 years of age.
Let’s start here.
“Personal data” – any information capable of identifying an individual. [So not anonymised data which is where all the bits which could identify you are removed]
The services we provide are all about YOU, your business and your life. We cherish and take very seriously our personal relationship with you. That absolutely includes the personal information that you share with us and the trust you place in that.
We collect and handle personal data every day, but with the key purpose of helping and serving you to have a more powerful business offering and a more meaningful life.
Here are the promises we make to you in that regard.
- We promise….to be open and honest about the information we collect, and why we may collect it. This policy is here to help you understand what information about you we collect, how we use it, how long we keep it for, and reassure you that we protect it.
- We promise….to only use it for the specific purposes we told you that we needed it for. We will not use it for any other purposes, unless we obtain your specific permission, or we are required by law or to fulfil a legal obligation. We won’t collect more information than we need for the service or product or information you ask us for.
- We promise….to check it and make sure its accurate and keep it up to date. If you spot a mistake, then you can write to us and tell us and we’ll update it. And obviously, if you change your details then let us know.
- We promise….that we won’t keep that information any longer than it is needed. The length of time varies depending the information and the reason we use or keep it. We’ll explained this below.
- We promise….to protect your information and your privacy. Honestly, we’re a really simple and small business but we’re full of integrity and head-girl behaviours. Safety and security is a priority for us in all areas, not just this one.
- We promise….to explain your Privacy Rights and how you can exercise them (this is the next bit of this policy because it’s super-important for you!)
- We promise….to respond quickly to any questions or concerns which you raise with us. Yes, indeed. We’re a small business but we’re responsive and available at all times.
Above all, we promise….to respect your privacy and your information and treat it as if it were our own. We will treat you and your information lawfully and fairly.
This is not like the twinkie pinky promises you made at school. We’re all grown-ups now and this stuff has to be taken seriously. So keep reading….
The clue’s in the word, right? – it’s “personal” information. So let’s be clear that any personal Information you share with us is just that – it’s personal. It’s yours, not ours – we know that. And we want to make sure that it’s easy for you to take control of it.
You have certain rights by law – legal rights that the Information Commissioning Office (www.ico.gov.uk) will help you to enforce if you need to at any time.
Here’s a list to help you understand what your specific rights are.
- Right to access your information at any time. Just write to us and we’ll respond quickly and efficiently.
- Right to stop receiving emails, correspondence, notifications or messages from us. We will always give you an “opt-out” option and you can unsubscribe at any time.
- Right not to be profiled for marketing purposes. So even though we love to find out more about you, get curious and ask questions so we can serve you better, connect and collaborate to get closer to you…you can ask at any time for us to stop doing this.
- Right to prevent processing of your information. By which we mean you can ask us to just hold onto your information in case you need it in the future, but not to process it in any way.
- Right to be forgotten. Oh, this sounds sad, doesn’t it? But it means that you can ask us to erase and delete permanently your information, and although there are some bits we need to keep by law we will honour this request happily. We’ll never erase you from our human memories though.
- Right to portability. This is not as exciting as it sounds, no free trips to the Maldives on offer (yet). In non-legalese it means you can ask us to transfer your information to another organisation. Just let us know what to include and who you want to send it to, and we can. It’s yours, remember, we’re here to help.
- Right to make a complaint. We hope you don't need to complain about us. But - the regulating body is the Information Commissioner’s Office (ico.gov.uk) and they are there to help you on all things data-related (and more – they’re a helpful bunch. Their IP information is awesome). You can find a complaint form on their website. They will probably ask you to give us an opportunity to sort it out for you first, and we would of course welcome that chance. We hope you know we would never have intentionally done anything bad (we’re made of love and sweet stuff and we’re committing to cleaning up any mess we make).
So know you know your rights. If you send us any requests to use those rights we promise to come back to you very quickly. It will definitely be no longer than a month because that’s what the law says we must do. It may be as quick as 5 minutes if we’re sat at our computers when it arrives or longer if we’re asleep or out enjoying the sunshine. If you feel it’s really urgent then simply email email@example.com who is our Data Protection Officer (she doesn’t like titles generally, but in this case it's an important role so she accepts the title and the responsibilities which the ICO have asked her to undertake).
QUESTION AND RESPONSE
We’re all about connection and conversation, as we're sure you know.
This section is to help you. You don’t have to read it if you don’t want to, of course. Your choice. But the law says that we must tell you these things, so you are informed as our customer or soon-to-be-hopefully customer. We’ve made it as simple and helpful as we can because that’s what we love to do in the every day.
YOU: “HOW DO YOU COLLECT PERSONAL INFORMATION FROM OR ABOUT ME?”
Us: We may collect information about you in the following ways:
- when you purchase a product or service from us you may have to provide the information (and if you choose not to, we may not be able to finalise the contract with you and of course we’ll tell you that and we can decide what to do);
- when you meet with us in the real world (shock!) at an event or a meeting or a park or a bar and we exchange details;
- when you contact us on the telephone, by email, or by filling in a form on our website or social media pages;
- if you are referred to us by a friendly advocate of our service;
- we may receive data from public sources such as Companies House or electoral records in the UK or EU;
- and obviously when you become a customer to us and we do great work with you, then we will collect more information than when you’re just browsing and enjoying hanging out in our world. This information may be collected during our meetings together or when you send us documents or share in our online resources.
YOU: “WHAT INFORMATION DO YOU COLLECT ABOUT ME?”
Us: The information we collect may include:
- Your name (and possibly job title, although we’re not a fan of titles);
- Contact information such as email address, phone number, correspondence address;
- Demographic information such as postcode, lifestyle interests, business pursuits. We’re trying to change the world here. So things we’re curious might include your needs, interests, preferences and you’ll always be invited to share this, not forced. It’s your choice. This will usually be through surveys, research projects, offers or questionnaires;
- Photographic evidence and video footage (this is only if you attend one of our events and you’ll have given specific consent for this);
- As a customer, we will need to collect financial information for the transaction, and sometimes your signature on contracts or other personal data in the context of our work together and as we safely operate our advisory business in accordance with the law.
YOU: AND HOW DO YOU USE THE INFORMATION?
Us: We may use information held about you in the following ways:
- To respond to you if you contact us for help or a query;
- To fulfil our contractual obligations to you when you’ve bought from us;
- To send you valuable information which we think you’ll enjoy and like relating to our services, events, what we’re up to, how you can connect with us. But ONLY if you consent to this and if you ask us to stop then we will.
- To make sure that our websites are helpful and attractive for you and working effectively for your computer and devices and so we can meet the preferences and interests that you’ve told us about;
- To allow you to play properly with our websites and online services, so you can be interactive with us when you choose to do so.
- To tell you if we make important changes to our service.
- Generally, we only use it for purposes which we need to - to protect ours and your interests and prevent illegal activity and make sure that what we offer and do in the world is safe and secure.
YOU: WHO DO YOU SHARE IT WITH AND WHO HAS ACCESS TO IT?
Us: We only share your personal data when there’s a real, actual need. This may be when you ask us to, or if we need to do so in line with a service we’re providing for you and you’ve given us express permission. We may have to share it with companies in our group who provide services to us, or to service providers who provide IT and system administration services in order to make sure all our technology is linked and working properly. This will always be done in accordance with the appropriate legal standards and requirements.
We will of course have to share personal information with law enforcement or other authorities if required by an applicable law.
But otherwise, we do not and will not share your personal information with any other third party for marketing purposes. We definitely won’t ever be selling your information on to any third parties because that’s just not what we do. We share lots of things like our advice, our love, our cake, but never personal information. That’s not cool and it’s a key reason why the GDPR regulations were brought in because people were not being cool. Yah boo hiss to them (that’s us being polite btw).
YOU: WHERE DO YOU STORE AND PROCESS MY PERSONAL INFORMATION?
Us: We use computer systems to help us to safely store and process all the personal data and information we collect. Because these are provided by third parties it is possible that some of your information is stored and processed overseas and in particular outside of the European Economic Area (EEA). But the agreements in place with these third-party providers are protected to the same high standards as required by the law here in the UK. We will not otherwise ever transfer your personal data outside of the EEA or to any organisation or third party without your specific consent.
YOU: HOW DO YOU PROTECT AND SECURE IT?
Us: We use up to date security measures in line with latest technology, which may include encryption, security certificates, access controls, procedures and policies within our business, and taking steps to mitigate any potential security risks and monitoring/testing our systems on a regular basis. We also anonymise data where we can so it’s not identifiable. We seek expert advice and help on this wherever necessary because we want to make sure we’re always doing the right thing.
YOU: HOW LONG DO YOU KEEP MY PERSONAL INFORMATION?
Us: The short answer to this is only as long as necessary or where relevant to your relationship with us or our obligations under the law. If you transact with us we have to keep certain information for 6 years (this includes Contract, Identity, Financial and Transaction Data) after you stop being a customer.
We respect your confidentiality and whilst you are engaged with us and are happy you want to be in contact with us. We won’t stay in touch where you don’t want us to (obviously) and so take a look back at the “Rights” we’ve set out above and remember they are there to help and protect you.
YOU: WHY DO YOU COLLECT AND USE MY INFORMATION IN THE WAYS YOU’VE DESCRIBED?
Us: In the main it’s because we’re here to help you and we believe you like us and want to be connected with us. We’re a small but growing business and so we rely on having a legitimate interest to be in contact with you to share our work in the world and let you choose whether to play with us, or not. It may be because:
- You specifically gave us your permission (your active “consent”)
- We had to seek your consent to add cookies to your device;
- We needed to use your information to run our business successfully (the law calls this “legitimate interests”) but we will only do this when we’re happy that there is little or no risk to you and your personal information. Of course, we want you to know about us and the services we provide because they may be exactly what you need! But we’ve also made it easy for you to stop receiving that type of information at any time (by unsubscribing or opting out)
- We had to collect the information to deliver the contract to you or to comply with a law or legal obligation. In this case, we are allowed to do so, as long as we only then use it for that purpose.
YOU: WHAT ABOUT SENSITIVE DATA?
Us: The legal definition of “sensitive data” refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.We do not collect any Sensitive Data about you.
Nor we do not collect any information about criminal convictions and offences.
We would require your explicit consent for processing sensitive data, so if our position on this changed in the future we would send you a further communicationasking for you to confirm your specific consent to this type of processing.
YOU: AND WHAT ABOUT COOKIES? WHAT ARE THEY AND WHY DO I CARE?
YOU: OK, I THINK YOU’VE ANSWERED ALL MY QUESTIONS
Us: GREAT! Thanks for reading and listening. You’re a star. Respect.
Was it fun? Maybe you love reading Privacy Policies? Or perhaps you’re just very sensible and wanted to make sure we’re doing the right thing with your personal information.
We hope that you’re reassured that we take our obligations around privacy, processing, storage and protection of information seriously. Any questions or feedback drop us a note firstname.lastname@example.org. We regularly review this policy and also the ways we collect information. We’d love to hear from you!
Categories of data and the lawful grounds for collection/use:
Communication data - Pretty much any communication that you send to us. For example, via the contact form on our website, an email, a text, any social media messaging, or any social media posting. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
Customer Data - This includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
User Data - This includes data about how you use our Sites and any online services together with any data that you post for publication on our Sites or through other online services. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our Site and our business. We process this data to operate our Site and ensure relevant content is provided to you, to ensure the security of our website, to maintain back- ups of our Site and/or databases and to enable publication and administration of our website, other online services and business.
Technical Data - This is data about your actual use of our Site and other online services. It might include your IP address, your login data, details about your browser, length of visit to pages on our Site, page views and navigation paths, details about the number of times you use our Site, time zone settings and other technology on the devices you use to access our Site. The source of this data is usually from our analytics tracking system. We process this data to analyse your use of our Site and other online services, to administer and protect our business and Site, to deliver relevant Site content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our Site and our business and to grow our business and to decide our marketing strategy.
Marketing Data - This could include data whether you agree to receive marketing from us (and our third parties) and your communication preferences. We process this data to enable you to partake in our promotions such as competitions, prize draws and free give-aways, to deliver relevant Site content and advertisements to you and measure or understand the effectiveness of our communications and advertising. Our lawful ground for this processing is our legitimate interests, for example in order to evolve and improve our services we like to study how customers use our products/services, and this helps us to expand and develop them, to grow our business and to decide our marketing and commercial strategy.
That's all for now, folks.
Now go on into the world and do great stuff today. And come back soon and tell us all about it. We give you our specific consent to do that.
Last updated: May 2018