Who we are
I am Sarah Flower and my website is https://roseandbalm.co.uk.
What personal data we collect and why we collect it
I collect your name, address, email address, telephone number, date of birth and medical history. This information is not shared outside of this organisation in any way and is strictly confidential, accessible only by myself. The information is stored on paper and not electronically. I may share information via email between myself and you. This information is necessary to provide safe herbal treatment and to maintain contact with you when required. I keep medical notes for a minimum of 10 years.
If you contact me by email I do not share your details outside of our organisation. I may keep emails for future reference.
When visitors leave comments on the site I collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
There is an online contact form on the website that you may choose to use. I collect your name and email address so that I may respond to your query.
Instagram: I use Instagram to post marketing activity, and I may occasionally use the paid advertising service to target users based on demographics. I promote products, services and offers – this is all run through the Facebook Advertising platform.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
This website uses Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. We use this data to help use understand how people use our site. How Google uses data when you use our partners’ sites or apps https://www.google.com/policies/privacy/partners/
Who I share your data with
I do not share your data with anyone outside of this organisation that has not already been disclosed above.
How long I retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on this website (if any), I also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Please note that I keep medical notes for a minimum of 10 years.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data I hold about you, including any data you have provided to us. You can also request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.
If you wish to exercise these rights please contact Sarah Flower by email: firstname.lastname@example.org. If you make a request, I have one month to respond to you
Where I send your data
Visitor comments may be checked through an automated spam detection service.
How I protect your data
I am a qualified Medical Herbalist and I am fully trained in the General Data Protection Regulation (GDPR) and adhere to a strict confidentaility code of conduct. All medical disclosure is treated with the strictest confidence. For marketing and analytical purposes I only use companies that have full and robust data protection protocols in place.
What data breach procedures I have in place
In the event of a data breach I will notify you and the Information Commissioner’s Office (ICO). As data processors we are registered with the ICO. For further informaion on GDPR and the ICO please follow this link: https://ico.org.uk/your-data-matters/
What third parties I receive data from
I use anonymised analytical data from Google Analytics and Facebook
What automated decision making and/or profiling I do with user data
I use analytical data to help target our marketing and to improve website users experience