Your data matters to us as much as it does to you. Here at Core Value Services we are committed to looking after your data & privacy in all areas – this document sets out how we do that and how to contact us with any issues or questions. We’ve also tried to keep the wording readable rather than lawyer-speak so hopefully your eyes won’t glaze over after the first sentence!
Bea Somer is the owner manager of the business, so she is also now known as the Data Controller AND Data Protection officer.
What this actually means is that Bea will make the decisions on how your data is used and for what reasons, as set out below. She is also your point of contact about the data she holds.
So firstly – let’s get this out there straightaway – we’re not in the business of selling/trading/giving away your data – we don’t believe that’s how business should be done. However, to run this business, we do need to hold details – otherwise known as personal data. Here’s how it all works.
Why do we need your data?
- To provide further information on services we provide, when requested
- To be in contact with you when it’s necessary in the client relationship & to comply with HMRC record-keeping
- To be in contact with you when you’ve let us know that’s OK to do so
- To make sure we can run our business brilliantly and efficiently and provide a great service.
- Massage clients; for insurance purpose and to maintain a case histories of the received treatment
Our legal basis for collecting this data is:
- You consent to providing it to us
- We need to use this to enter into a contract/business relationship with you or maintain an existing one
- For HMRC record-keeping purposes
What types of data do we collect?
We collect some or all of the following personal data about you, dependent on what services you’re accessing:
- Details of how we can contact you, such as your name, email address, postal address and phone number
- All records of when you contacted us or we contacted you on email or when you asked us to do something;
- Record of payments and invoices (kept in accordance with HMRC rules)
- Personal and medical case history for massage clients
For this small business to run efficiently, we do need to use other companies, some of whom need to also securely hold anonymised parts of your data. All of these businesses are now also GDPR compliant as well, so you can rest assured that your data is in as safe hands with them as it is with us.
- Our website is hosted by TSOHost (www.tsohost.com/legal/privacy-policy)
- We use MailChimp for our email newsletter (mailchimp.com/legal/privacy/)
How long will we keep your data for?
If we have invoiced you, we need to keep your details for 7 years in line with HMRC record-keeping obligations.
If you’re on the email marketing list, your details will remain unless you choose to unsubscribe or unless we contact you to let you know we are removing your details.
For massage clients, we need to keep your details for 7 years in line with HMRC record-keeping obligations and for insurance purposes.
Is your data held safely?
We have put in place lots of security measures to make sure your details don’t go missing or get used in a way they shouldn’t be.
What rights do I have regarding my personal data?
At any time, you can ask us:
- How we’re using your data
- Provide details of what data we hold for you
- To correct data details that are incorrect
- To delete the data we hold (unless there’s clear reasons for us not to)
- To stop using your details in a certain way
- To send your details to someone/somewhere else of your choice
There are exceptions to these rights (such as legally required record-keeping). We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests.
Who can I contact if I have concerns about the use of my personal data?
Basically, we’d hate for you to be unhappy with anything to do with your personal data – we’re all about a great customer experience after all, so please do just get in touch if you need to with Bea Somer on email@example.com
The General Data Protection Regulation: GDPR
GPDR legislation stipulates that I have your consent to hold and use your personal data. I confirm that under the legislation I will ensure that such data is:
- Used fairly and lawfully
- Used for limited, specifically stated purposes
- Used in a way that is adequate, relevant and not excessive
- Kept for no longer than is absolutely necessary
- Handled according to people’s data protection rights
- Kept safe and secure
Should you no longer wish to receive email information from Core Value Services please “Unsubscribe” below and your details will be removed.
Unsubscribe by emailing firstname.lastname@example.org