Last updated: January 4, 2020
If at any point in time you have any questions in relation to this Policy, please address these in the first instance to:
Esther Apoussidis at MindBody Oasis on 07864 056919 or email firstname.lastname@example.org.
It is important that the data we collect about you is accurate and up to date. Therefore, please keep us informed of any changes to the data you have provided us during the course of our interactions and performance of treatments with you.
What Information is Collected and How
When you book an appointment with MindBody Oasis we collect personal details, such as your name, email and telephone. We do this by one or more of the following methods:
- online booking capture
- text, and
This information is used to identify you and contact you about the appointments and services you have booked.
To provide a safe and effective therapy treatment we also need to collect information, such as your medical background and lifestyle choices. This information is only used to make sure your treatment is as effective and safe as possible.
When you buy a gift voucher we collect personal details, such as your name, email, recipient’s name and possibly a postal address. This information is used to identify you and provide the service you have requested.
When providing us with personal information during the booking of your appointment with us, or on completing your consultation and treatment form, or in making a payment or contacting us in any way about our services, you are giving us your consent to collect and retain that information and use it for the specific purpose of carrying out a requested service or sale.
Our consultation form gives you the option to opt in to our e-mail newsletter subscriber list, which gives us the consent to send you our monthly or occasional biweekly newsletter, providing helpful advice on matters of health, updates on our treatments, special offers and promotions.
Retaining Your Information and Opting Out
For the purpose of legal protection, we are required to hold the personal information you have given to us in the course of providing our services and products for a minimum of seven years. Seven years after your last treatment or product purchase we will permanently delete all your personal information that we hold.
If you withdraw your consent during the seven-year retention period, we will archive your data until the seven-year period expires. Whilst your information is archived, we will not access or process it in any way except if required by law or for legal protection purposes.
Should you wish to withdraw your consent at any time, please email Esther Apoussidis at email@example.com with your request.
In terms of the newsletter, you may unsubscribe at any time by using the link provided in the newsletter or you may email us by using the firstname.lastname@example.org email address and writing unsubscribe in the Subject line. Please note that by opting out of receiving our marketing messages, this will not apply to our communications with you in direct relation to a product or service (treatment) purchase.
Reviewing and Updating Information
You have the right to review the personal information we store about you and your treatments at any time. These will be sent as an attachment by email to you. You also have the right to request that we update or amend your data if any of it is incorrect or out of date.
To action any of these rights at any time, please email Esther Apoussidis at email@example.com with your request.
We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.
These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
Links To Other Sites
Data Sharing and Disclosure
Unless required to do so by law or subpeona, we shall not otherwise share, lease, sell or distribute any of the information you provide to us without your prior consent. Our consultation form indicates a consent for GP, healthcare practitioner or other complementary therapist referrals should we deem this an appropriate course of action.
Our appointment booking service is provided by Fresha. Your data is stored through using their data storage facilities, databases and Web framework, on secure servers that are always encrypted when in storage and whilst being transmitted across the internet.
Our electronic correspondence and mailing service is provided by both Google and Mailchimp or Mailerlite, who similarly store and transmit client data using secure servers.
Our electronically completed consultation forms and client correspondence are held in a password-encrypted location on our computer. All client paper records are held in a lockable, fire-proof safe which is kept in an access-restricted location away from the eyes of the general public.
The Fresha system will enable you to pay for bookings online. We also allow you to make payment by cash, iZettle or Sumup (if paying in person on the day of the treatment) or BACS either in advance of the treatment or immediately after completion of the treatment. We will notify you of any change to this payment arrangement via e-mail.
All credit card detail storage is encrypted through the Payment Card Industry Security Standard (PCI-DSS). Our third party payment system providers adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
We make every possible effort to follow industry best practice in protecting and storing your data, such that it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If our business is acquired or merged with another similar business, your information may be transferred to the new owners for purposes of continuity of services to you.
Complaints or Queries
If, for any reason, you are unhappy with how we are handling your data, please raise your concerns with us first, so that we can seek a resolution. If you are still not satisfied, then you have the right to complain to the Information Commissioner’s Office (ICO).