Who we are
The company is known as The High Weald Herbalist. Our website address is: https://thehighwealdherbalist.com. The High Weald Herbalist is run by Julie Padgham and she is the Data Controller. Julie can be contacted on 07796 580435, via the contact page on our website or at the following address: Cliffe Osteopath Clinic, 23 Cliffe High Street, Lewes, BN7 2AH.
GDPR (General Date Protection Regulation) brought in new legal protection for personal information from May 2018. This tells you what personal information we hold and why, personal information we gather via our website and what your rights are.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Customers & Contact forms
We collect information that you provide to us by filling in forms on our website. This includes information provided at the time of registering to use our website (where applicable), subscribing to our services (where applicable), ordering products through our website, personalising our website with your preferences, posting material or requesting further services.
If you choose to contact us via our website’s contact form, we will require your name, email and query, so we can reply to you quickly and effectively. We will keep contact form submissions for customer service purposes, but we do not use the information submitted through these forms for marketing purposes. Some details and correspondence may be stored in Yahoo Mail.
What are cookies?
If you leave a comment on our website you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Performance Cookies or analytical Cookies allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that you find the information or product that you are looking for.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Google Analytics – These cookies help us collect and analyse visitor information such as browser usage, new visitor numbers and response to marketing activity. This information helps us to improve the website and your shopping experience. Google Analytics stores information anonymously on its own servers.
If you choose to ‘share’ content from The High Weald Herbalist through social networks – such as Facebook and Twitter – you may be sent cookies from these websites. We don’t control the setting of these cookies, so please check the third-party websites for more information about their cookies and how to manage them.
Who we share your data with
We do not sell our customer lists and we will never pass your details on to third parties for any purpose without your consent, unless we have a legitimate business reason to do so.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this website, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
How we protect your data
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
What data breach procedures we have in place
We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
What third parties we receive data from
Our website may, from time to time, contain links to and from the websites of our affiliates. If you follow a link to any of these sites, please note that these sites have their own privacy and cookies policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these sites.
Information about ordering and payments for GDPR will be included here when the online shop is live.
Therapies: Herbal Medicine & Reflexology & GDPR
The purpose of processing client data
Julie Padgham is responsible for providing herbal medicine and reflexology treatments and has submitted the following information about the collection, processing and holding of client data:
In order to give professional herbal medicine and reflexology treatments, I will need to gather and retain potentially sensitive information about your health. I will only use this information for informing herbal medicine and reflexology treatments and associated recommendations concerning aspects of health and wellbeing which I will offer to you. I take basic contact information via my website to allow me to contact you and handle bookings.
Lawful basis for holding and using client information
The lawful basis under which I hold and use your information is my legitimate interests i.e my requirements to retain the information in order to provide you with the best possible treatment options and advice.
What information I hold and what I do with it
In order to give professional herbal medicine and reflexology treatments, I will need to ask for and keep information about your health. I will only use this for informing treatments and any advice I give as a result of your treatment. The information to be held is: Your contact details, medical history and other health related information (which I will take from you at first consultation), treatment details and related notes (which I will take after each consultation).
I will NOT share your information with anyone else (other than within my own practice, or as required for legal process) without explaining why it is necessary, and getting your explicit consent. Only the following people will have routine access to your data: 1. Me, so I can provide you with treatment. 2. Reception staff at Sussex Osteopath Clinic because they organise practitioners’ diaries and co-ordinate reminders. Reception staff do NOT have access to your medical notes or sensitive personal data.
How long I retain your information for
I have a legal obligation to retain your records for 8 years after your most recent appointment or age 25 (if this is longer). After this period you may ask me to delete your records, if you wish. Otherwise I will retain your records indefinitely in order for me to provide you with the best possible care should you need to see me at some future date.
Protecting your personal data
I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information I collect from you.
I will contact you using the contact preferences you give me in relation to: appointment times, information related to your health or therapy, special offers and promotions (you may unsubscribe from this at any time).
Medical notes are stored in hard copies in locked filing cabinets. Some contact details and correspondence may be stored in Yahoo Mail. A hard copy of email correspondence is printed and stored with your medical notes, it is then deleted from Yahoo Mail.
GDPR gives you the following rights:
- The right to be informed (to know how your information will be held and used (this notice).
- The right of access (to see your therapist’s records of your personal information, so you know what is held about you and can verify it).
- The right to rectification (to tell your therapist to make changes to your personal information if it is incorrect or incomplete).
- The right to erasure (also called “the right to be forgotten”). For you to request you therapist to erase any information they hold about you.
- The right to restrict processing of personal date (you have right to request limits on how your therapist uses your personal information).
- The right to data portability (under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems).
- The right to object (to be able to tell your therapist you don’t want them to use certain parts of your information, or only use it for certain purposes).
- Rights in relation to automated decision making and profiling.
- The right to lodge a complaint with the Information Commissioner’s Office (To be able to complain to ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be).
Full details of your rights can be found at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
I want you to be absolutely confident that I am treating your personal data responsibly. Of course if you feel that I am mishandling your personal data in some way you have the right to complain. Complaints need to be sent to the Data Controller (for contact details, please see above).
You also have the right to direct questions or lodge a complaint about the treatment of your personal information with the Information Commissioner’s Office: Information Governance department, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113.