Your privacy is critically important to us. At Heal & Flourish, we have a few fundamental principles:
- We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
- We store personal information for only as long as we have a reason to keep it.
- We help protect you from overreaching government demands for your personal information.
- We aim for full transparency on how we gather, use, and share your personal information.
1. Who we are and what we do?
Heal & Flourish Nutritional Therapy provides nutritional therapy, yoga, and healing therapy services to clients to improve their health through diet, lifestyle interventions. We focus on preventative healthcare, the optimisation of physical and mental health. Through nutritional therapy consultations, dietary and lifestyle analysis, we aim to understand the underlying root causes of your health issues which we will seek to address through personalised dietary therapy, lifestyle changes advice, yoga coaching, and healing therapy. In addition, we also incorporate other business services from our NES Health partner such as bioenergetic assessment (body-field scan), infoceuticals, and miHealth to optimise your energy for life.
2. What personal data do we collect and how do we use them?
|Data||Source||How do we collect your data?||How do we use your data?|
|Name, email address, other contact details||Heal & Flourish||By your booking of our services During the consultation||To supply and carry out our services to you. To communicate with you. This may include responding to emails or calls from you.|
|By signing a terms of engagement form||To supply and carry out our services to you. Your personal details are required in order for us to enter into a contract with you.|
|Name & email address||Mailchimp (Third party)||subscribe on our website||To provide you with extra health information at your interest. You may unsubscribe or opt-out at any time by clicking the button “unsubscribe”.|
|Name, contact details, health information including your previous medical history, dietary, lifestyle, supplement and medicine details, test results (if any), clinic notes and health improvement plans||NES Health (third party)||By completing an online intake/follow-up form or a nutritional therapy questionnaire, and customer communication. During a nutritional therapy consultation||We use NES Health platform to carry out our services and provide you with direct healthcare. The legitimate interests of us in entering into and performing contracts for providing and receiving requested services and interests in developing consultancy/therapy that better serve our customers|
|Name, email address, DOB, gender, telephone, post address, bioenergetic report||NES Health (Third party)||By completing information on NES Portal for a scan or placing order of NES’s products, payment processing, package delivery.||We use NES Health platform to carry out our services and provide you with direct healthcare. The legitimate interests of us and our partner (NES Health) in entering into and performing contracts for providing and receiving requested services and interests in developing products that better serve our customers|
|Name, email, personal details, time and date of appointment and type of service||Calendly (Third party)||By booking and confirming our services||Reservation system Calendly.com for making and managing appointments. To communicate with you.|
|Name, email, contact details, bank information||By taking online prepayment & payment processing||To supply and carry out our services to you.|
We incorporate NES Health’s service and products into our services to provide you with more choices and better service to optimise your health conditions. We use NES Health’s portal for body-field scan, collecting necessary information about your diet/lifestyle, supplement and medicine details, test results (if any), clinic notes through the intake/follow-up form and processing products order. Through this portal, we collect your information to provide you with direct healthcare. This means that the legal basis of our holding your personal data is for legitimate interest.
3. How do we use your personal data?
We act as a data controller for use of your personal data to provide direct healthcare. We also act as a controller and processor in regard to the processing of your data through the service platform of our third parties such as NES Health and other service providers for the processing of online booking, credit card and online payments.
We undertake at all times to protect your personal data, including any health and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data storage.
We may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime. Also where there is a legal requirement such as a formal court order. We may use your data for marketing purposes such as newsletters but this would be subject to you giving us your express consent.
4. How long will we keep your personal data?
We do not store your personal data for longer than is strictly necessary to realize the purposes for which your data are collected. Though there is no fixed period, the following factors will be used to determine how long your personal data will be kept:
- All data regarding your transactions with Heal & Flourish will be kept for 10 years.
- All NES Health scan and miHealth information will be kept for 10 years.
- Any other information will be kept for 5 years after your last login to the NES Portal.
5. Do we share your information with other organisations?
We will not share any of your personal data with any third parties for any purposes. We only do this with your explicit permission. We may only disclose your information with other third parties with your express consent with the exception of the following categories of third parties:
- We may share your personal data with the following third parties to supply products and services to you on our behalf. These may include platform using, delivery, payment processing. In some cases, those third parties may require access to some or all of your personal data that we hold. These parties include:
- NES Health – platform for body field scan and report, intake/follow-up forms, order processing, payment processing, and customer communication.
- Calendly – booking appointment / customer communication
- Mailchimp – customer communication
- Paypal– payment processing
If any of your personal data is required by a third party, as described above and it is necessary for the execution of the agreement, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
2. Anyone to whom we may transfer our rights and duties under any agreement we have with you.
3. Any legal or crime prevention agencies and/or to satisfy any regulatory request if we have a duty to do so or if the law allows us to do so.
6. How can you access your personal data? What are your rights?
Under the GDPR, you have the right to see, amend, delete, or have a copy, of data held that can identify you, with some exceptions. You do not need to give a reason to see your data.
If you want to access your data you must make a subject access request in writing to email@example.com or following postal address.
Lien van Gogh, Rijksstraatweg 280, 2025DN, Haarlem, The Netherlands.
Under special circumstances, some information may be withheld.
We shall respond your subject access request within 28 working days from the point of receiving the request and all necessary information from you.
Our response will include the details of the personal data we hold on you including:
- Sources from which we acquired the information
- The purposes of processing the information
- Persons or entities with whom we are sharing the information
You have the right, subject to exemptions, to ask to:
- Have your information deleted
- Have your information corrected or updated where it is no longer accurate
- Ask us to stop processing information about you where we are not required to do so by law.
- Receive a copy of your personal data, which you have provided to us, in a structured, commonly used and machine readable format and have the right to transmit that data to another controller, without hindrance from us.
- Object at any time to the processing of personal data concerning you
We do not carry out any automated processing, which may lead to automated decision based on your personal data.
7. Cookies and other website technical details
On your first visit to our website, we have already informed you about these cookies and have requested your permission to place them.
You can opt out of cookies by setting your internet browser so that it no longer stores cookies. In addition, you can also delete all information that was previously saved via the settings of your browser.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit our Cookies Policies.
8. How we protect personal data?
Heal & Flourish takes the protection of your data seriously and takes appropriate measures to prevent abuse, loss, unauthorized access, unwanted disclosure, and unauthorized changes. If you feel that your information is not properly protected or there are indications of abuse, please contact our customer service or via firstname.lastname@example.org.