This privacy notice tells you what to expect when we collect personal information.
Who are we?
In this notice, whenever you see the words ‘we’, ‘us’ or ‘our’, it refers to Root Two.
Your acceptance of this notice
When using our website or providing us with your information we will collect and use the information in the ways set out in this policy. If you do not agree to this notice, please do not use our website or our services.
What is personal data?
‘Personal data’ means any information that identifies a living person. This can include name, address, phone number or any email address that identifies you, whether at home or at work. It also covers our use of any personal information you provide to us. This may be by phone, text message, email, letter, other correspondence, or in person. It can include IP addresses and other technical identifying information.
What is sensitive personal data?
Under the General Data Protection Regulation (‘GDPR’), ‘sensitive personal data’ means any information on racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.
What is data processing?
‘Data processing’ is any activity that involves use of personal data. It includes obtaining, recording or holding the data, organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties. Inklock Hairline falls under the definition of a ‘data controller’ because we are an organisation that processes data on our own behalf, for our own purposes.
- People we collect information about
- Why we hold your data
- How we collect data
- Processing and protecting your data
- Communication preferences
- Providing your data to others
- Sensitive data
- Use of media and consent
- Your data on our website
- Website hosting
- Accessing your information
- Asking for your data to be deleted
- The remit of this notice
- Updating this notice
- How to contact us
People we collect information about
We need to collect and use your personal data if you connect or correspond with us for any reason, including if you are a:
- Client or prospective client
- Visitor to our website
- Supplier or prospective supplier
Why we hold your data
We may hold your details to:
- Communicate with you as a client
- Communicate with you as a professional contact
- Respond to your enquiry or request for information
- Provide you with the service you have instructed us to carry out
- Analyse and improve the business function of our website
- Keep a record of any contact we have with you
How we collect data
We may collect and store information about you whenever you interact with us, for example, when you make an enquiry of any sort. Other examples include if you enter into a contract for our services or otherwise provide us with personal information.
We may also receive information about you from third parties for a specific purpose such a verification of certification or medical history. This is usually to give us necessary information relating to the matter on which you have instructed us. We may also share information with third parties for a specific purpose relating to the matter on which you have instructed us. However, this will only happen if you give us permission to share your information.
Processing and protecting your data
Data Protection Act and General Data Protection Regulation principles require us to process personal data fairly and lawfully. To comply, we will be clear about how we will use your information and ensure that our reason for collecting information is lawful.
We only hold data about you that is enough for our purpose, nothing more.
We work to make sure the data we hold is accurate and up to date.
We only hold personal data as long as necessary.
Following conclusion of the work we are retained to do, we will either electronically scan or retain both our papers on the matter and any documents that have been provided by you or others in relation to the matter. We will hold these in safekeeping or electronically for six years for the purpose of continuity should you require further assistance on the matter, after which they may be securely destroyed or deleted. We have systems in place to safeguard your personal data. Access to written and electronic personal data is restricted and has a level of security depending on the sensitivity of the data. All information and correspondence relating to clients is kept in locked offices accessible by staff only, and is password protected where stored digitally.
We may contact you by email or phone to remind you when your appointment is due or if there are any changes to a pre-booked appointment or if there is a change to a service which may affect you.
Providing your data to others
We will hold your personal information in the strictest confidence and in full compliance with the data protection legislation and the requirements of the HPCP, NHS and other relevant professional bodies relating to the therapists of the Westoe Practice.
We may need to share information with your GP or other practitioners or advisers this will be done so with your consent and only in relation to the service you have asked us to provide.
Special category (Sensitive) data
We process sensitive information by virtue of the nature of the work undertaken. This information remains confidential as set out above.
Your data on our website
If you use any email, gift voucher purchase facilities or any other forms on our website to make an enquiry, we will capture your name, email address and any other information you choose to provide. This means we can respond to your enquiry or request. Although we will temporarily retain any contact and other data that you provide in order to respond to you, if you subsequently choose not to instruct us we will not use it to contact you again unless information comes to our attention which we reasonably believe is in your best interests for us to provide you with.
We may use standard third-party web services such as Google Analytics to collect anonymous information about your computer, including your IP address, operating system and browser type. This includes for example the number of users viewing pages on the site, but it does not identify you individually. This means we can monitor and report on the effectiveness of the site and help us improve it.
Internal employees and our contractors may be given access to the types of information collected from our website for the reasons identified above. However, we will never disclose or sell this information to third parties.
We use third-party services to host our website. The site is hosted by www.gbdesignstudio.co.uk
Accessing your information
Root Two will assist you if you want to see the information we hold about you. A request should be made in writing, either by letter or by email. The request will be subject to the supply of reasonable evidence of your identity. In most cases, we will reply to a request within a month. We may need to extend this period for particularly complex requests. Incorrect data can be amended or destroyed.
If you have already requested and received information we hold about you, there will need to be a reasonable period of time before you can request the information again.
Asking for your data to be deleted ‘The right to be forgotten’
You can ask us to stop using your personal data at any time. A request should be made in writing, either by letter or by email. We will comply without delay and within a month at the latest.
The GDPR specifies two circumstances where the right to erasure will not apply to special category data:
- if the processing is necessary for public health purposes in the public interest (eg protecting against serious cross-border threats to health, or ensuring high standards of quality and safety of health care and of medicinal products or medical devices); or
- if the processing is necessary for the purposes of preventative or occupational medicine (eg where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This only applies where the data is being processed by or under the responsibility of a professional subject to a legal obligation of professional secrecy (eg a health professional).
The remit of this notice
- This privacy notice does not cover information gathered by others outside of our control.
If you are unhappy with the way that we have collected or processed your data, you can write to us on the address below. If you are still not satisfied, then you can complain to the Information Commissioner’s Office by contacting their telephone helpline on 0303 123 1113 or reporting your concern using their online form via https://ico.org.uk/concerns/
Updating this notice
How to contact us
Requests for further information about our privacy notice or for a copy of our full data protection policy can be made to firstname.lastname@example.org and by writing to:
Suite 11, 13 Beach Rd,