Health Balance respects your privacy. This Privacy Notice sets out how Health Balance collects, processes, and holds your personal data when you visit our site or otherwise provide personal data to us. This Privacy Notice also provides certain information that is legally required and lists certain of your rights in relation to your personal data under applicable law.
We may amend this Privacy Notice from time to time. We encourage you to check our Privacy Notice regularly to understand how we may process your Personal Data.
2 What We Do
Health Balance provides services to clients to support their wellbeing through compassion focused programmes and events and through individual support sessions.
3 How We Obtain Your Personal Data
3.1 Personal Data
3.2 Personal data we collect
We collect, process, store and use personal data when you book a place on an event including your name, address, and email address together with payment information. We may also collect personal data that you give to us about other people if you register them for an event on their behalf. You agree that you have notified any other person whose personal data that you provide to us of this privacy notice and, where necessary, obtained their consent so that we can lawfully process their personal data in accordance with this policy. Once you have registered for an event, we collect personal data from you as per the specific event you are registered, including background information forms.
You do not need to provide us with any personal data to view our event information. However, we may still collect the information set under the ‘Data we automatically collect’ section of this policy, and marketing communications in accordance with the Marketing Communications section of this policy.
When you contact us by phone, email or post, we may keep a record of the correspondence and we may also record any telephone calls we have with you.
We also collect data when you complete any forms associated with a one-to-one support session.
We use the information gathered during these sessions to provide you with direct support around your health and wellbeing. This means that the legal basis of our holding this personal data is for legitimate interest. Following completion of any one-to-one sessions, we retain your personal data for the period defined by our professional association, NTOI. This enables us to process any complaint you may make. In this case the legal basis of our holding your personal data is for contract administration.
3.3 Data we get from other sources
For one-to-one sessions, we may obtain sensitive medical information in the form of test results from biochemical testing companies. We use this information to provide you with direct wellbeing support. This means that the legal basis of our holding your personal data is for legitimate interest.
We may obtain sensitive information from other healthcare providers. The provision of this information is subject to you giving us your express consent. If we do not receive this consent from you, we will not be able to coordinate your healthcare with that provided by other providers which means the healthcare provided by us may be less effective.
3.4 Data we automatically collect
When you visit our events page, we, or third parties on our behalf, automatically collect and store information about your device and your activities. This information could include (a) your computer or other device’s unique ID number; (b) technical information about your device such as type of device, web browser or operating system; (c) your preferences and settings such as time zone and language; and (d) statistical data about your browsing actions and patterns. We collect this information using cookies in accordance with the Cookie section of this policy and we use the information we collect on an anonymous basis to improve our events and the services we provide, and for analytical and research purposes.
3.5 Marketing Communications
If you opt in to receive marketing communications from us you consent to the processing of your data to send you such communications, which may include newsletters, blog posts, surveys, special offers and information about new events. We retain a record of your consent.
You can choose to no longer receive marketing communications by contacting us at email@example.com or clicking unsubscribe from a marketing email. If you do unsubscribe to marketing communications, it may take up to 5 business days for your new preferences to take effect. We shall therefore retain your personal data in our records for marketing purposes until you notify us that you no longer wish to receive marketing emails from us.
4 How we use your personal data
We act as a data controller for use of your personal data to comply with our contractual obligation to supply you with tickets to an event that you have booked, including to contact you with any information relating to the event, to deliver the event to you in accordance with any requests you make and that we agree to, and to deal with any questions, comments, or complaints you have in relation to the event.
We also act as a controller and processor about the processing of your data from third parties such as testing companies and other healthcare providers. We act as a data controller and processor regarding the processing of credit card and online payments.
We may also use your personal data for our legitimate interests, including dealing with any customer services you require, enforcing the terms of any other agreement between us, for regulatory and legal purposes (for example anti-money laundering), for audit purposes and to contact you about changes to this policy.
We may use your data for marketing purposes such as newsletters, blog posts, but this would be subject to you giving us your express consent.
We always undertake to protect your personal data, including any health and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data storage.
We may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime. Also, where there is a legal requirement such as a formal court order.
5 Who do we share your information with?
We will keep information about you confidential. We will only disclose your information with other third parties with your express consent except for the following categories of third parties:
Our professional body NTOI, for the processing of a complaint made by you.
Any service providers, sub-contractors, advisors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including payment providers, event ticketing providers, email communication providers, IT service providers, accountants, auditors and lawyers on the understanding that they keep the information confidential.
Anyone to whom we may transfer our rights and duties under any agreement we have with you.
Under certain circumstances we may have to disclose your personal data under applicable laws and/or regulations, for example, as part of anti-money laundering processes or protect a third party’s rights, property, or safety.
For one-to-one sessions, we may share your information with supplement companies and biochemical testing companies as part of providing you with direct wellbeing support. We will not include any sensitive information.
We will seek your express consent before sharing your information with your GP or other healthcare providers. However, if we believe that your life is in danger then we may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests.
We may share your case history in an anonymised form with our peers for the purpose of professional development. This may be at clinical supervision meetings, conferences, online forums, and through publishing in medical journals, trade magazines or online professional sites. We will seek your explicit consent before processing your data in this way.
6 Where we hold and process your personal data
Some or all of your personal data may be stored or transferred outside of the European Union (the EU) for any reason, including for example, if our email server is located in a country outside the EU or if any of our service providers or their servers are based outside of the EU. We shall only transfer your personal data to organisations that have provided adequate safeguards in respect of your personal data.
7 Your Rights
Every individual has the right to see, amend, delete, or have a copy, of data held that can identify them, with some exceptions. You do not need to give a reason to see your data.
You have the right, subject to exemptions to:
Have your information deleted.
Have your information corrected or updated where it is no longer accurate.
Ask us to stop processing information about you where we are not required to do so by law or in accordance with the NTOI guidelines.
Receive the personal data concerning you that you provided to us and have the right to transmit such data to another controller.
Object at any time to the processing of personal data concerning you.
To exercise your rights with respect to your Personal Data, please make an access request, in writing, to firstname.lastname@example.org . Under special circumstances, as permitted by law, certain data elements may not be subject to access, modification, and/or deletion. We will respond to reasonable requests as soon as practicable and as required by law. Please note, we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.
We implement appropriate technical and organisational safeguards to protect against unauthorised or unlawful processing of Personal Data and against the accidental loss, destruction, or damage of Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.
Within the health sector, we also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. We will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
If you register with us, we shall retain your personal data until you close your account.
If you receive marketing communications from us, we shall retain your personal data until you opt out of receiving such communications.
If you have otherwise booked an event with us or contacted us with a question or comment, we shall retain your personal data for 12 months following such contact to respond to any further queries you might have.
For One-to-One sessions, all records held by us will be kept for the duration specified by guidance from our professional association NTOI.
10 Website technical details
We use electronic forms on our website making use of an available ‘forms module’ which has a number of built-in features to help ensure privacy. We also aim to use secure forms where appropriate.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
cookielawinfo – Cookie Consent plugin
_GRECAPTCHA – Google recaptcha
__stripe – Stripe
yt- – Youtube
_ga – Google Analytics.
mailchimp_landing_site – MailChimp
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout
The General Data Protection Regulation (GDPR) came into force on the 25th May 2018, replacing the previous data protection framework under the EU Data Protection Directive. The GDPR emphasises transparency, security and accountability by data controllers and processors, while at the same time standardising and strengthening the right of European citizens to data privacy.
Ireland’s Data Protection Commissioner has launched a GDPR-specific website www.GDPRandYou.ie with guidance to help individuals and organisations become more aware of their enhanced rights and responsibilities under the General Data Protection Regulations.
If you wish to raise a complaint regarding the use of your personal data, then please contact us by emailing email@example.com and we will do our best to help you.
If you are not satisfied with our response or if you believe that we are processing your personal data not in accordance with the law you can complain to the Office of the Data Protection Commissioner at firstname.lastname@example.org using the guidance specified at https://www.dataprotection.ie/docs/complaints/1592.htm