In the context of the law and this notice, ‘process’ means collect, store, transfer, use or otherwise act on information.
We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website immediately and/or choose an alternative provider for any services or products.
We take seriously the protection of your privacy and confidentiality.
We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
The law requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data. Further information about your rights to your privacy can be found here at knowyourprivacyrights.org
Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website or in person.
Our Contact Details
Name: Amanda Norman
Address: Gemstone, Tarot and Healing, SU34 St John’s Market, Elliot Street, L1 1LR
Phone Number: 07916 543 785
The type of personal information we collect
We currently collect and process the following information: –
- When making enquiries about our services and/or products we collect the data you provided
- When ordering via our website, the information collected to fulfil your order
- For services such as hypnotherapy, Reiki and crystal healing, your personal data including sensitive information relating to your general health, and wellbeing
- For a Tarot reading, we collect your name and signature together with the current date
- For training workshops, we collect your name, together with the course information and date of attendance
Third party data collection
Our web site may contain links to other web sites and those third-party web sites may collect personal information about you. We are not responsible for the privacy practices of other businesses or the content of web sites that are linked to ours. Gemstone, Tarot and Healing encourages users to be aware when they leave the site and to read the privacy statements of each and every web site that collects personally identifiable information. A link is below to assist you further.
- We use third party payment providers to process transactions and as a result we don’t store full transaction details on our systems. We have included links below for further information on what data they store and use: –
- Stripe – https://stripe.com/gb/privacy-center/legal#controller-v-processor
- Zazzle – https://www.zettle.com/gb/legal/privacy-policy
- Sumup – https://help.sumup.com/en-GB/articles/2MrnASQDdzJMkFMUnK7BFL-gdpr-data-protection
- Cookies – Some cookies are essential for you to be able to experience the full functionality of our site. They allow us to maintain user sessions and prevent any security threats. They do not collect or store any personal information. For example, these cookies allow you to log-in to your account and add products to your basket, and checkout securely. Further information on cookies and how to control your cookie preferences can be found at https://learnreiki.co.uk/cookie-policy/
- hCaptcha to control spam on the website contact form. Other information collected from End-Users as part of the Service to that is required to determine whether they are human, such as mouse movements, scroll position, keypress events, touch events, and gyroscope / accelerometer information as applicable. Further information can be found here https://www.hcaptcha.com/privacy
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons: –
- Making an enquiry about a product or service
- Consultation prior to the delivery of a service
- When purchasing a product or service
- When visiting the website
- When visiting Gemstone and Tarot via CCTV
Some information provided to us by clients, customers, and other third parties might be considered private or personal. Without these details we would not be able to carry on our business and provide our services to you. We will only collect such personal information if it is necessary for one of our functions or activities.
- A paper consultation form with an initial disclaimer is completed at the time of your first appointment. Subsequent therapies are recorded on a paper treatment form along with your signature
- Email, SMS and messages are recorded to provide you with a product or service
- When making a purchase an electronic payment is made via a third party, a limited record of the transaction will be saved
- When creating an electronic account via the website to order a product/s
- Tarot reading – your name and signature is recorded on a paper form to show that you have read and understood the disclaimer
- CCTV – for crime prevention purposes
- Your personal data together with a date is recorded when attending a training workshop. This information is used for your certificate and for auditing purposes
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are: –
- We have a contractual obligation
When you create an account on our website, purchase a product or service from Gemstone, Tarot and Healing, or otherwise agree to our terms and conditions, a contract is formed between you and us. In order to carry out our obligations under that contract, we must process the information you gave us.
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.
Additionally, we may aggregate this information in a general way and use it to provide class information, for example to comply with external membership bodies such as: –
- General Hypnotherapy Register – https://www.general-hypnotherapy-register.com/
- Reiki Guild – https://www.thereikiguild.co.uk
If we use it for this purpose, you as an individual will not be personally identifiable.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
Sometimes you might give your consent implicitly, such as when you send us a message by social media, SMS or email, to which you would reasonably expect us to reply.
If you have given us explicit permission to do so, we may from time to time pass your name and contact information to selected associates whom we consider may provide services or products you would find useful.
We continue to process your information on this basis until you withdraw your consent, or it can be reasonably assumed that your consent no longer exists.
- We have a legal obligation.
Information about our customers is important to our business. We share your personal information for very limited reasons and in limited circumstances, as follows:
Compliance with laws. We may collect, use, retain, and share your information if we have a good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests; (b) enforce our agreements, terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of our customers, or others.
This may include your personal information.
How we store your personal information
Your information is securely stored.
We retain your personal information only for as long as necessary to provide you with our services. However, we may also be required to retain this information to comply with legal and regulatory obligations, to resolve disputes, and to enforce our agreements. We generally keep your data for the following time period: –
- A consultation form with an initial disclaimer is completed at the time of your first appointment. Subsequent therapies are recorded on a treatment form along with your signature to keep a record of the treatment provided. This is kept for a period of 7 years.
- Email, SMS and messages are recorded to provide you with a product or service. This is kept for as long as is required
- Accounting data for the HMRC including the online shopping cart database is saved for a period of 5 years.
- Tarot reading – your name and signature is recorded to show that you have read and understood the disclaimer. This is kept for a period of 7 years.
- CCTV – for crime prevention purposes. Your image will be stored for a period of 30 days prior to being overwritten. However, if an incident occurred that could result in legal action, the footage would be saved securely to support a claim or defence in court.
- Your personal data together with a date is recorded when attending a training workshop. This information is used for your certificate and for auditing purposes. This is kept for a period of 7 years.
- When visiting our website, we use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us. Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.
We will dispose of your information by shredding ensuring that no identifiable paper is left intact. Electronic data will also be removed from the computer, the recycle bin and any additional back up drive.
Your data protection rights
Under data protection law, you have rights including: –
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Withdrawing your consent
You may withdraw your consent at any time by instructing us using the contact details at the top of this policy. However, if you do so, you may not be able to use our website or our services further.
When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details at the top of this policy.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk