General Data Protection Regulation (GDPR) Policy
1. Introduction
Be Vibrant Physio ("we," "us," or "our") is committed to protecting the privacy and security of our customers, partners, and visitors in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This GDPR Policy outlines how we collect, use, store, and protect personal data. It also explains your rights regarding your personal information and how you can exercise them.
2. Scope
This policy applies to all personal data processed by us, whether collected through our website, mobile application, or other communication channels. It includes the personal data of customers, suppliers, employees, and any other individuals whose data we process.
3. Definitions
Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on personal data, whether or not by automated means, including collection, recording, organisation, storage, modification, or destruction.
Data Subject: Any individual whose personal data is being processed.
Data Controller: The entity that determines the purposes and means of processing personal data.
Data Processor: The entity that processes personal data on behalf of the Data Controller.
4. Data Collection
We are members of the Information Commissioners Office (ICO) who govern GDPR protocols for businesses.
We may collect personal data in the following ways:
Directly from you when you provide it, for example, when you contact us, sign up for an account, or subscribe to our services.
Automatically through cookies and similar technologies when you use our website or services.
From third parties, such as social media platforms or business partners.
Categories of Data Collected
Personal Identification Information: Name, email address, phone number, address, etc.
Technical Data: IP address, browser type, device information, etc.
Usage Data: Information on how you interact with our services.
5. Legal Basis for Processing
We process personal data under the following legal bases:
Consent: Where you have given explicit consent for processing (e.g., for marketing communications).
Contractual necessity: To fulfil our contractual obligations (e.g., delivering services you have requested).
Legal obligation: Where processing is necessary for compliance with legal obligations.
Legitimate interests: When it is necessary for our legitimate business interests, provided that such interests do not override your fundamental rights and freedoms.
6. Data Usage
We use your personal data for the following purposes:
To provide, maintain, and improve our services.
To process payments and manage billing.
To communicate with you, including responding to your enquiries and providing customer support.
To comply with legal requirements and protect our legal rights.
To send marketing and promotional communications, provided we have your consent.
7. Data Sharing
We may share your personal data with:
Service Providers: Third-party companies that help us operate our services (e.g., payment processors, cloud service providers).
Business Partners: Trusted partners with whom we collaborate on joint ventures or promotions.
Authorities: Law enforcement or government authorities if required by law or to protect legal rights.
Other Third Parties: In the event of a business transfer, such as a merger or acquisition.
8. International Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) that may not provide the same level of data protection as the EEA. In such cases, we will ensure that appropriate safeguards are in place, such as standard contractual clauses or other legally recognised mechanisms.
9. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Once the retention period has expired, we will securely delete or anonymise your personal data.
10. Data Security
We implement appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, and destruction. These measures include encryption, access controls, and secure storage systems.
11. Your Rights
Under the GDPR, you have the following rights:
Right to Access: You have the right to request access to the personal data we hold about you.
Right to Rectification: You can request that we correct any inaccurate or incomplete data.
Right to Erasure: You have the right to request the deletion of your personal data in certain circumstances.
Right to Restrict Processing: You can request that we limit the processing of your personal data in certain cases.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
Right to Object: You have the right to object to the processing of your personal data for direct marketing or based on our legitimate interests.
Right to Withdraw Consent: Where we rely on your consent to process your personal data, you can withdraw that consent at any time.
12. Exercising Your Rights
To exercise your rights, please contact us using the contact details provided below. We will respond to your request within one month, in compliance with GDPR requirements.
Contact Information
Be Vibrant Physio
394 Richmond Rd
East Twickenham
TW1 2DY
13. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, in accordance with GDPR requirements.
14. Changes to This Policy
We reserve the right to update this GDPR Policy from time to time. Any changes will be posted on our website, and we encourage you to review
the policy regularly.
15. Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority in your country.
This GDPR Policy was last updated on 13.09.2024. For any questions regarding this policy, please contact us at hello@bevibrantphysio.co.uk