Shaolin Qigong Hampshire is trading as Energy Alchemy Ltd.
As a business, there are occasions when we collect and use your data. As such, we are subject to the General Data Protection Regulation and Data Protection Act 2018, and are responsible as ‘controller’ of that personal information for the purposes of those laws.
Our privacy notice will inform you how and why we process, store, and use your personal data, and explains your privacy rights and how the law protects you.
It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.
Our contact details
Name: Matthew Wood
Phone Number: +44 (0) 7720 414478
Information we hold
We may currently collect and process the following information:
- Personal identifiers (first and last name)
- Contact details (telephone number, email address, billing address)
- Financial details (payment card/bank account details)
- Sensitive information (such as personal health related data; data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs; data concerning a person’s sex life or sexual orientation)
- Profile data (if you create a profile this will record any purchases you have made)
- Usage Data (information about how you use our website, products and services)
- Technical Data (internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website)
How we get the information and why we have it
We use a range of methods to collect data from you. This can be through our website, at an event or course, at a one to one session, or through social media.
The majority of the personal information we process is provided to us directly by you for one of the following reasons:
- To purchase a product or service
- To provide you with updates and newsletters on our products and services
- We may receive technical personal data about you from analytics providers
- We may receive contact, financial and transaction data from providers of technical, payment and delivery services
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting us using the contact details above
(b) We have a contractual obligation
(c) You have a legitimate interest
What we do with the information we have
We use the information that you have given us in order to:
- Provide a service to you
- To contact you from time to time with updates or information about our products or services
- For marketing purposes
- To process any payments or recover any debt
- To notify you about any changes to our policies
- To make suggestions and recommendations to you about goods or services that may be of interest to you
How we store your information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Your information is securely stored within our digital database. Any information which is provided in hard copy format will be stored with appropriate security requirements.
We only retain your personal data for as long as necessary to fulfil the purposes we collect it for.
When determining the appropriate retention period for personal data, we assess the nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We keep your personal data for the time you are our client and for 3 years afterwards and will then dispose your information if it is no longer required. We will dispose of your data by deleting it from our database.
We will keep basic information about our customers for six years after they cease being customers for tax purposes.
Disclosure of your data
We respect your privacy and are committed to protecting your personal data. Subject to the exception below, we will not knowingly share your data with third parties.
There may, however, be exceptional occasions where we need to disclose your data to others where there is a requirement by law or where there is a threat to life.
Your data protection rights
Under data protection law, you have rights including:
- Your right of access — you have the right to ask us for copies of your personal information
- Your right to rectification — you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete
- Your right to erasure — you have the right to ask us to erase your personal information in certain circumstances
- Your right to restriction of processing — you have the right to ask us to restrict the processing of your information in certain circumstances
- Your right to object to processing — you have the right to object to the processing of your personal data in certain circumstances
- Your right to data portability — you have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances
- You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you
- Please contact us using the details above if you wish to make a request
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we suggest that you read the privacy notice of every website you visit.
We do not share your personal data with any third parties unless you have given your consent for us to do so.
Changes to this privacy notice
We may make changes to this privacy notice and if we make any changes we will inform you through our website.
How to complain
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Data Handling and Retention Policy
1. About this Policy
1.1 Energy Alchemy Ltd is committed to handling personal data in accordance with the requirements of the General Data Protection Regulation and Data Protection Act 2018. This policy sets out our handling arrangements for client personal data.
1.2 In this policy, personal data means any information identifying a living individual or information relating to a living individual that we can identify (directly or indirectly) from that data alone, or in combination with other identifiers we possess, or can reasonably access. This includes special categories of personal data such as health data and pseudonymised personal data, but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.
1.2 The use of client personal data is important to how we conduct business and is necessary for the provision of our services.
1.3 Whilst we retain client personal data, we do not retain data indefinitely and all data will be retained for a specified amount of time in accordance with this policy.
2. Scope of Policy
2.1 This policy covers all personal data relating to clients that we hold or have control over. This includes physical data such as hard copy documents, contracts, notebooks, letters and invoices. It also includes electronic data such as emails and all electronic documents.
3. Guiding Principles
3.1 Through this policy, and our data retention practices, we aim to meet the following commitments:
- We comply with legal and regulatory requirements to retain data.
- We comply with our data protection obligations, in particular to keep personal data no longer than is necessary for the purposes for which it is processed (storage limitation principle).
- We handle, store and dispose of data responsibly and securely.
- We create and retain data where we need this to operate our business effectively, but we do not create or retain data without good business reason.
- We allocate appropriate resources, roles and responsibilities to data retention.
- We regularly monitor and audit compliance with this policy and update this policy when required.
5. Methods of Data Collection
Clients may subscribe to receive information about our products or services. This may be collected using a third party provider and we may store details of mailing lists on a third party platform and also in an electronic format on the company database.
5.2 Website Contact Form
Clients may contact us using our website contact form. This data may be stored on the host platform and we will store a copy of this data on the company database. This will be for the purposes of updating client records and to ensure all queries have been adequately answered.
We may request completion of a survey or the provision of a testimonial. This data may be stored on the host platform and we will save details of this interaction on the company database.
5.4 Health/Client Application Questionnaire
Prior to conducting a session and during the course of a package, clients may be asked to complete a health questionnaire or a client application questionnaire which will contain sensitive information. This data will only be retained for the necessary period of time and will then be deleted from our database. This data will be stored on the company database.
5.5 Social Media/SMS/WhatsApp/Electronic Messaging Platforms
Clients may wish to communicate with us using alternative methods of contact. In all instances, the interaction will be stored by the service provider and any relevant communication will be stored electronically on the company database.
5.6 Physical/Virtual Events
Any personal data which is required to provide the client with access to the event will be stored electronically on the company database. Personal data may be stored on the host platform where a third party platform has been used to make a booking.
Any follow-up communication from Energy Alchemy Ltd will only be provided where the client has opted-in or where there is a legitimate interest.
5.7 Documents Relating to the Provision of Service (contracts/client notes/payment details/booking details)
All documents relating to the provision of service may be stored on the host platform and will also be stored on the company database.
5.8 Sharing with Third Parties
Where third parties require access to platforms where client personal data is stored, we will ensure appropriate handling arrangements are in place to avoid any data breaches.
We will only share data with third parties where the client has provided consent to do so.
6. Retention Period
6.1 Any data that is part of any of the categories listed in paragraph 5 of this policy, will only be retained for a maximum of 3 years. A record will not be retained beyond 3 years, unless a valid business reason (or notice to preserve documents for contemplated litigation or other special situation) calls for its continued retention.
7. Storage and Destruction of Data
7.1 Our data will be stored in a safe, secure, and accessible manner.
7.2 All personal data which is held in an electronic form will be stored in a password protected folder contained within the company database.
7.3 All personal data which is held in hard copy will be stored in a locked filing cabinet with restricted access.
7.4 Energy Alchemy Ltd is responsible for the continuing process of identifying the data that has met its required retention period and supervising its destruction. The destruction of hard copy data will be conducted by shredding if possible.