Pumpkin Holistics Privacy & Cookie Policy
Privacy policy
This privacy notice provides you with details of how we collect and process your personal data. Sarah Gillespie is the data controller and I am responsible for your personal data (referred to as “I”, “me” in this privacy notice).
This policy tells you what personal information is gathered, why and what your rights are.
Name and Contact Details:
Sarah Gillespie
Golden Cross Lane
Catshill
Bromsgrove
B61 0LE
(full address only to our customers)
Email: pumpkinholistics@gmail.com
Tel: 07950 271 692
The data I collect about you, for what purpose and on what grounds I process it
Personal data means any information capable of identifying an individual. It does not include anonymised data. I may process the following categories of personal data about you:
Communication Data that includes any communication that you send to me whether that be through our website, email, text, social media messaging, social media posting or any other communication that you send us. I process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests.
My website includes a separate page featuring a booking calendar, which allows you to book yourself in for treatments. This uses an embedded calendar from the company Calendly whose privacy policy and use of cookies is separate to our own. Calendly state that their are GDPR compliant and you can read more about their data privacy practices here: https://help.calendly.com/hc/en-us/articles/360007032633-GDPR-FAQs. You should familiarise yourself with their policies should you wish to use the calendar.
Customer Data that includes data relating to any purchases of services, such as your name, title, billing address, delivery address email address, phone number, contact details and purchase details. I process this data to supply the services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and me and/or taking steps at your request to enter into such a contract.
Special Category Data refers to data that includes information about your health. In order to be able to provide an effective treatment, Pumpkin Holistics may require medical information. However, I will only collect information that is relevant and necessary for your treatment. When you visit the practice, I will make notes which may include details concerning your medication, treatment and other issues affecting your health. This data is always held securely and is only stored in paper format. It is not shared with anyone else. To be able to process your personal data it is a condition of any treatment that you give your explicit consent to allow Pumpkin Holistics to document and process your personal medical data. This consent is given on the consultation form you will complete upon your first appointment with me.
Limitations
Where I am required to collect personal data by law, or under the terms of the contract between us and you do not provide me with that data when requested, I may not be able to perform the contract (for example, to deliver services to you). If you don’t provide me with the requested data, I may have to cancel a service you have booked but if I do, I will notify you at the time.
Purposes
I will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email me at pumpkinholistics@gmail.co.uk In case I need to use your details for an unrelated new purpose I will let you know and explain the legal rounds for processing.
I may process your personal data without your knowledge or consent where this is required by law. I do not carry out automated decision making or any type of automated profiling.
Marketing communications
I do not send out any regular marketing emails. I don’t spam, harass or annoy you. If we make any temporary offers they will be publicised on our social media pages only.
Disclosures of your personal data
I may have to share your personal data with the following third parties but only if required to by law or contractual agreements with our insurers.
- Professional advisers including lawyers, bankers, auditors and insurers (e.g financial and tax transactions or claims against us)
- Government bodies that require me to report processing activities (e.g. financial and tax transactions)
I require all third parties to whom I transfer your data to respect the security of your personal data and to treat it in accordance with the law. I only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
Data retention
I retain your personal data for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In most cases I follow the advice of the Federation of Holistic Therapists and the Association of Reflexologists. When deciding what the correct time is to keep the data for I look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
Contact details: If you make an enquiry by SMS text message, Whatsapp or email, I will keep your communications for 12 months.
Booking details: If you book a treatment session via our online booking calendar I will keep the associated messages for 12 months.
Consultation form and treatment plan: These are the records I gather and keep if you decide to have a treatment with us. These records include personal details relevant to your treatment, including health and medication info. In order to protect your personal information as much as possible, these forms only exist in paper format, are stored in a locked cabinet and are not stored on a computer system. They are kept for 7 years after your treatment is complete as required by our insurer and as advised by the FHT/AoR.
Records concerning children under the age of 18 are kept until the child reaches the age of 25 as per the UK law regarding children’s records.
Accounting data: For tax purposes the law requires me to keep basic information about our customers (including contact, identity, financial and transaction Data) for six years after they stop being customers.
In some circumstances I may anonymise your personal data for research or statistical purposes in which case I may use this information indefinitely without further notice to you.
Your legal rights
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data. These rights only apply while I are in possession of your data.
Right to be informed: you have the right to be informed about the collection and use of your personal data (ie this privacy policy)
Right to access: you have the right to request a copy of the information that is held about you through a subject access request (SAR).
Right to rectification: you have the right to correct data that I hold about you that is inaccurate or incomplete
Right to erasure: in some circumstances you can ask for the data I hold about you to be erased from our records
Right to restriction of processing: where certain conditions apply you have a right to restrict the processing of your data
Right of portability: you have the right to have the data I hold about you to be transferred to another organisation
Right to object: you have the right to object to data being used or used for certain purposes (ie marketing)
You can see more about these rights at:
https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/
If you wish to exercise any of the rights set out above, please email me at pumpkinholistics@gmail.co.uk.
I try to respond to all legitimate requests within one month. Occasionally it may take me longer than a month if your request is particularly complex or you have made a number of requests. In this case, I will notify you. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
I will request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request to speed up our response.
In the event that Pumpkin Holistics refuses your request under rights of access, I will provide you with a reason as to why, which you have the right to legally challenge. At your request I can confirm what information it holds about you and how it is processed.
If you are not happy with any aspect of how I collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). I should be grateful if you would contact me first if you do have a complaint so that I can try to resolve it for you.
Pumpkin Holistics’ Rights
Regarding personal data, Pumpkin Holistics have the following rights:
- I may not be able to provide treatment if you do not agree to me keeping records about you and your treatments, or if you refuse me the ability to use the information in the way I need to provide treatment.
- You may request that I erase info and records I hold about for you however I may be legally or contractually bound to keep them until a period of time as passed, as defined by the government or the FHT/AoR.
- I can move your records between computers and IT systems, as long as your details are protected from being seen by others without your permission.
Data security
I have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. All information collected regarding your health status and ongoing treatments is stored only in paper format and in a locked cabinet. I have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
Third party links from this website
This website includes links to third-party websites, such those for the Association of Reflexologists, the Federation of Holistics Therapists and the training company Cotswold Academy. It also includes a link to Google Maps for the purpose of showing our location. Clicking on those links may allow third parties to collect or share data about you. I do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, I encourage you to read the privacy notice of every website you visit.
Cookie Policy
What’s a cookie?
A “cookie” is a piece of information that is stored on your computer’s hard drive and which records how you move your way around a website so that, when you revisit that website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes.
Cookies are used by nearly all websites and do not harm your system.
If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings. You can block cookies at any time by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
How does this website use cookies?
I have minimised our use of cookies as much as possible. At times I use them to track use of our website for testing purposes, but they are set to do so anonymously. This enables me to understand how visitors are finding our site and using it. This helps me to develop and improve our website as well as products and / or services in response to what you might need or want.
Cookies are nearly always absent from the majority of my website, however if using the booking page then cookies will be implemented as required for functional reasons by the Calendly system embedded on that page.
Cookies can also be categorised as follows:
Strictly necessary cookies: These cookies are essential to enable you to use the website effectively, such as when buying a product and / or service, and therefore cannot be turned off. Without these cookies, the services available to you on our website cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet. This type of cookie are used by the embedded Calendly booking calendar found on my booking page.
Performance cookies: These cookies enable me to monitor and improve the performance of our website. For example, they allow me to count visits, identify traffic sources and see which parts of the site are most popular. These cookies are used occasionally for testing purposes and have been ‘anonymised’ so use cannot be tracked back to an individual computer or device.
Functionality cookies: These cookies allow our website to remember choices you make and provide enhanced features. For instance, I may be able to provide you with news or updates relevant to the services you use. They may also be used to provide services you have requested such as viewing a video or commenting on a blog. The information these cookies collect is usually anonymised. As of March 2025 no such functionality cookies are in use on my website.