Shelley Baker Aromatic Therapy is committed to protecting and respecting your privacy. We want you to understand how we collect and use information about you. We also value your comments in this regard.
who we are & how to contact us
what personal data we collect and store about you, and how we collect it
why we collect personal data and what we do with it
the categories of third parties with whom we share your personal data
how we retain your information and keep it secure
your rights and how to exercise them
Who we are & how to contact us
Policy key definitions:
"I", "our", "us", or "we" refer to the business, Shelley Baker Aromatic Therapy, "you", "the user" refer to the person(s) using this website.
GDPR means General Data Protection Act.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner's Office.
Cookies mean small files stored on a users computer or device.
We are registered with the ICO under the Data Protection Register, our registration number is: Z5223053
What information do we collect?
Personal information is any information that allows someone to identify you, including, for example, your name, address, telephone and mobile numbers, email address, as well as any information about you that is associated with or linked to, or could be linked to, any of the that information.
We collect information from you when you register on the website, place an order for products or book an appointment, subscribe to our newsletter, enter competitions, respond to a survey or fill out a form which maybe online, or in person either as part of your consultation for treatment or at an event.
When ordering or registering on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, and phone number. You may, however, visit our site anonymously.
We do not share customer details with any third party unless specified with an opt-in tick box.
Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.
Personal information that is provided by you will only be used for the purpose for which it is provided, unless you are informed otherwise at the time of giving the information.
What do we use your information for?
Any of the information we collect from you may be used in one of the following ways:
To provide you with safe therapeutic treatments & personalise your experience.
(Your Consultations provide us with the safe basis to treat you and develop your treatment plans and appropriate essential oil blends. They are an insurance requirement and without proper and adequate consultation or where we feel we do not have enough information from you to treat you safely, we reserve the right to refuse to treat you with Aromatherapy)
To process transactions
Your information, whether public or private, will never be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
To administer a contest, promotion, survey or other site feature
on occasion we run competitons and surveys and require our information in order to communicate results/winners.
To send emails
The email address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving our company newsletter, Aromaticity, which we send on occasion. This email contains product news, exclusive offers, content we think you will be interested in and occasionally offers and competition prizes from like-minded third-party brands.
Processing and dealing with any complaints or enquiries made by you or legally on your behalf.
Note: If at any time you would like to unsubscribe from receiving future emails, simply click on the unsubscribe link at the bottom of each email.
Processing of your personal data
Your personal information may be processed both in and outside the UK.
We may also process or transfer your personal information outside the UK (and possibly to places outside the European Economic Area, which is all EU member states plus Norway, Iceland and Liechtenstein).
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.
We will continue to process your information under you withdraw consent or it is determined your consent no longer exists.
These are the circumstances in which we may share some of your data with Third Parties
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We may also be required to disclose your personal information to authorities who can request this information by law that is binding, for instance for the prevention and detection of crime, the capture or prosecution of offenders and the assessment or collection of taxes.
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the "Processing of your personal date" above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can also unsubscribe from all MailChimp lists, by following this link, otherwise contact the EMS provider.
Our EMS provider is; Mailchimp. We hold the following information about you within our EMS system;
Subscription time & date
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in details here;
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Please help us to keep our records of your personal information up-to-date by notifying us of any changes or corrections to the personal information we hold about you.
Resources & further information
Overview of the GDPR - General Data Protection Regulation
Data Protection Act 1998
Privacy and Electronic Communications Regulations 2003
The Guide to the PECR 2003
Small business GDPR policy template