Introduction
My name is Sarah Flower and my website is https://roseandbalm.co.uk.
This privacy policy explains how I use the personal data I collect from you.
I am the data controller and you can contact me at roseandbalm@gmail.com
What personal data I collect and why I collect it
Patients
I collect your name, address, email address, telephone number, date of birth and medical history. This information is not shared outside of this organisation in any way and is strictly confidential, accessible only by myself. The information is stored on paper and not electronically. I may share information via email between myself and you. This information is necessary to provide safe herbal treatment and to maintain contact with you when required.
With your consent I may write to your GP, or other medical professional, if we agree that it would benefit your overall medical care.
There may be occasion where I need to make a disclosure without your consent. This will only happen if I feel there is serious danger to yourself or others. I will always seek the advice of the National Institute of Medical Herbalists (NIMH), of whom I am member, first. For further information about NIMH please see their website here.
I keep your medical notes for 7 years from the last consultation. For minors I keep medical notes until they are 25 years old (7 years after they turn 18 years old). Paper medical notes are destroyed by shredding.
If you contact me by email I do not share your details outside of our organisation. I may keep emails for future reference but I do not keep them for longer then necessary.
Payments
Payments are currently taken electronically using Paypal. Please visit their privacy hub here.
Comments
When visitors leave comments on the site I collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
There is an online contact form on the website that you may choose to use. I collect your name and email address so that I may respond to your query.
Marketing
Facebook: I use Facebook advertising. Facebook’s own Data policy can be found here: https://www.facebook.com/policy.php. This data is used for targeted advertising to potential or existing customers based on similar demographics. We market products, services or offers based on previously viewed content. Facebook uses cookies to gather this data. Facebook has multiple opt-out options under your account settings to opt out of its advertising.
Instagram: I use Instagram to post marketing activity, and I may occasionally use the paid advertising service to target users based on demographics. I promote products, services and offers – this is all run through the Facebook Advertising platform.
Google Ads: I occasionally used paid advertising through Google ads to promote products, services and offers to target users based on demographics. Google Ads privacy policy can be found here: https://policies.google.com/privacy?hl=en-GB
Newsletter
If you sign up to my newsletter I collect your name and email address. You can unsubscribe at any time by clicking on the unsubcribe button at the bottom of the newsletter. I use Mailerlite to create my newsletter. Mailerlite’s privacy policy can be found here: Privacy Policy – MailerLite
Cookies
There are cookies in use on this website. To view the cookie policy please visit our cookie policy page
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
This website uses Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. We use this data to help use understand how people use our site. How Google uses data when you use our partners’ sites or apps https://www.google.com/policies/privacy/partners/
Who I share your data with
I do not share your data with anyone outside of this organisation that has not already been disclosed above.
How long I retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on this website (if any), I also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Please note that I keep medical notes for a minimum of 7 years.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to us. You can also request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.
If you wish to exercise these rights please contact Sarah Flower by email: roseandbalm@gmail.com. If you make a request, I have one month to respond to you
Where I send your data
Visitor comments may be checked through an automated spam detection service.
Additional information
How I protect your data
I am a qualified Medical Herbalist and I am fully trained in the General Data Protection Regulation (GDPR) and adhere to a strict confidentaility code of conduct. All medical disclosure is treated with the strictest confidence. For marketing and analytical purposes I only use companies that have full and robust data protection protocols in place.
What data breach procedures I have in place
In the event of a data breach I will notify you and the Information Commissioner’s Office (ICO). As data processors we are registered with the ICO. For further informaion on GDPR and the ICO please follow this link: https://ico.org.uk/your-data-matters/
What third parties I receive data from
I use anonymised analytical data from Google Analytics and Facebook
What automated decision making and/or profiling I do with user data
I use analytical data to help target our marketing and to improve website users experience