Mindfulness Helps Privacy Policy

---

This privacy policy explains how I, Dr Louise Mercer of Mindfulness Helps, collect, store and use your personal data.

It has been drawn up in accordance with the EU GDPR and is effective from May 25th 2018.

It will explain

• why I collect your data
• what I do with your data 
• the rights you have over your data

I only collect data from individuals who have paid for services from Mindfulness Helps.

If prior to May 25th 2018 you subscribed to receive my Newsletter and updates but had not at any time purchased my services I can confirm your data is now deleted.

Using the Website Contact form or emailing me directly

If you have not previously paid for any of my services as detailed above and you contact me using the website contact form or by emailing me directly I will deal with your enquiry and once those actions are completed those emails are securely archived. I will not add your personal details to my data base or use your personal details in any further way.

I do not sell or distribute any data.

With your consent I collect your personal data to provide updates about dates, times and venues of future sessions, curated articles about the practice of Mindfulness and access to audio tracks on my website. 

If you attend and pay for Drop In session you are given the option to complete a consent form to receive by email any or all of the following

• Mindfulness Helps Newsletters
• Updates about Drop In sessions
• Members only access to guided meditations on the website

Your written consent is the lawful basis I have to store and use your personal data.

The only data stored is your full name and email address.

Your data is only used for the explicit purposes you have consented to.

I scan and store your consent forms electronically using iCloud Drive/Apple Inc. the data is encrypted in transit and on the servers.

The paper copy is stored under lock and key at my home address.

I use Go Daddy™ to host my website and provide email marketing, they securely store your personal data and deliver these emails.

Each GoDaddy™ email contains tracking technology that collects and sends me data. This data records that an email has been delivered, viewed or engaged with, and assists me in improving the quality of the content of my emails.

I do not sell or distribute any of your personal data.

All devices used to access your data are password protected

You can withdraw your consent and unsubscribe at anytime by using the UNSUBSCRIBE button on each email.

You can update your name, email and your preferences about what you receive, including disabling the tracking technology, using the PREFERENCES button on each email.

You have the right to be informed of what data I hold.

You have the right to access free of charge a copy of this data in paper or electronic form within 1 month of your request to do so.

You have the right to ask for correction of any inaccuracies.

You have the right to ask for erasure of your data unless I have a legal obligation to retain it.

To book a place on a Mindfulness Helps course you are required to complete an application form and you are issued with an invoice.

The data on this form and invoice is all necessary for me to deliver the course in a safe and effective manner and to fulfil the contractual obligations of the purchased course.

This contractual necessity is the legal basis I have to store and use your data.

At the first session of the course you will have the opportunity to view and check the accuracy of the data I hold about you.

I will use your data:

• To provide essential pre-course information
• To make sure all materials are accessible in view of any personal needs you might have
• To request your consent to share your email address with the Breathworks Research team
• To provide any details regarding change of venue, dates or cancellation of any part of the course
• To provide you with support between sessions
• To provide a summary of the content of a session in the event of your absence

In an emergency the data I hold may be shared to protect your vital interests.

Your data will be retained for the legally necessary time period determined by my insurance provider and HMRC

If you apply using the online website contact form your application data is securely collected and sent by email to me by GoDaddy™ who host my website

Your application form data is stored as an encrypted password protected document on iCloud Drive/Apple Inc.

The paper copy is stored securely under lock and key at my home address.

The invoices are stored as encrypted password protected documents on iCloud Drive/Apple Inc.

Paper copies are stored under lock and key at my home address

The invoice data is also stored securely by Paypal who is the Payment Service Provider

I have no access to any details of your payment method 

I do not sell or distribute any of your personal data.

All devices used to access your data are password protected

You have the right to be informed of what data I hold.

You have the right to access, free of charge, a copy of this data in paper or electronic form. This will be provided within 1 month of your request.

You have the right to ask for correction of any inaccuracies.

You have the right to ask for erasure of your data, unless I have a legal obligation to retain it.

With your consent I collect your personal data to provide updates about dates, times and venues of future sessions, curated articles about the practice of Mindfulness and access to audio tracks on my website.

If you have completed a Mindfulness Course you are given the option to complete a consent form to receive by email any or all of the following

•  Mindfulness Helps Newsletters
• Updates for Course Graduates
• Updates about Drop In Sessions
• Members only access to guided meditations on the website

Your written consent is the lawful basis I have to store and use your personal data.

The only data stored for this purpose is your full name and email address.

Your data is only used for the explicit purposes you have consented to.

I scan and store your consent forms electronically using iCloud/Apple Inc. the data is encrypted in transit and on the servers.

The paper copy is stored under lock and key at my home address.

I use Go Daddy™ to host my website and provide email marketing, they securely store your personal data and deliver these emails.

Each GoDaddy™ email contains tracking technology that collects and sends me data. This data records that an email has been delivered, viewed or engaged with, and assists me in improving the quality of the content of my emails.

All devices I use to process your data are password protected.

I do not sell or distribute any of your personal data.

You can withdraw your consent and unsubscribe at anytime by using the UNSUBSCRIBE button on each email.

You can update your name, email and your preferences about what you receive, including disabling the tracking technology, using the PREFERENCES button on each email.

You have the right to be informed of what data I hold.

You have the right to access, free of charge, a copy of this data in paper or electronic form. This will be provided within 1 month of your request.

You have the right to ask for correction of any inaccuracies.

You have the right to ask for erasure of your data, unless I have a legal obligation to retain it.

My website uses Cookies

This is my full Cookie policy

https://mindfulness-helps.com/cookie-policy

My website has an SSL certificate provided by GoDaddy™

A Secure Sockets Layer (SSL) certificate protects any information I collect on the website from being intercepted.

SSL encrypts information between your browser and my Web server, so personal information is disguised, stays secure, and goes directly to me. An SSL certificate adds the "https://" your browser bar when on the website site, so you know it's safe to submit your personal info.Your browser will also display a padlock icon (the location depends on the browser).

GoDaddy ™

GoDaddy ™ provide me with the following services 

• website hosting
• security (SSL)
• Email marketing
• Email accounts in partnership with Microsoft Office 365

They have updated their privacy policy to bring it in line with the EU GDPR and are compliant with the E.U-U.S and Swiss-U.S. Privacy Shield Frameworks.

https://uk.godaddy.com/agreements/showdoc.aspx?pageid=PRIVACY

iCloud/Apple Inc.

I use iCloud Drive to store data 

Application forms and invoices are individually encrypted and password protected

All data stored on iCloud Drive is encrypted in transit and encrypted on the server

Apple is compliant with the EU GDPR 

This is an overview of iCloud security provided by Apple

https://support.apple.com/en-gb/HT202303

PayPal 

Paypal is used as a Payment Services Provider

Paypal is compliant with the EU GDPR 

This is the Paypal privacy policy

https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev