Updated 12 December 2019
1. What we do
Your Healing Heart provides one-to-one consultations to support people in addressing issues affecting their emotional and spiritual wellbeing. We also offer sessions to provide the information and inspiration required for making transformative lifestyle changes. Your Healing Heart also offers educational products, both online (e.g. courses, programmes, videos, webinars, etc.) and offline (e.g. workshops, talks, group sessions, etc.), which are focused on sharing and delivering information relevant to health and healing of the body, mind and soul.
2. How we obtain your personal data
Information provided by you
You provide us with personal data in the following ways:
By completing a New Client Questionnaire about your health, nutrition, and lifestyle
By signing a Terms of Engagement form
During a therapy session
Through email, and over the phone
By making credit card and online payments
By signing up for online or offline events, products and activities
This may include the following information:
Basic details such as name, address, email address, contact details, and next of kin
Details of contact we have had with you such as referrals and appointment requests
Health information including your previous medical history, dietary, lifestyle, supplement and medicine details, biochemical test results, clinic notes and health improvement plans
GP contact information
Communication data, including any communication that you send to us, whether that be through the contact form on our website, through email, text, social media messaging, or social media posting
Marketing Data, including data about your preferences in receiving marketing from us and our third parties, and your communication preferences. We process this data to enable you to partake in our promotions, to deliver relevant website content to you, and measure or understand the effectiveness of any advertising.
Information we get from other sources
We may obtain sensitive medical information in the form of test results from biochemical testing companies. We use this information in order to provide support for your health. This means that the legal basis for us holding your personal data is legitimate interest. We may obtain sensitive information from other healthcare providers. The provision of this information is subject to you giving us your express consent. If we do not receive this consent from you, we will not be able to coordinate your healthcare with that provided by other providers, meaning the support we offer may be less effective.
3. How we use your personal data
We use your personal data in the following ways:
To provide you with direct support for your health through our consultations, and also to deliver educational activities and materials to you. This means that the legal basis for us holding your personal data is legitimate interest.
Following completion of services, we retain your personal data for the period defined by our professional association BANT and registrant body, CNHC. This enables us to process any complaint you may make. In this case the legal basis for us holding your personal data is contract administration.
For marketing purposes, such as newsletters, but this would be subject to you giving us your express consent (e.g. entering you name and email address to the online newsletter sign-up form).
We act as a data controller for use of your personal data to provide direct healthcare and educational activities. We also act as a controller and processor in regard to the processing of your data from third parties such as testing companies and other healthcare providers. We act as a data controller and processor in regard to the processing of credit card and online payments.
We undertake at all times to protect your personal data, including any health and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data storage. We may use your personal data where there is an overriding public interest in using the information, e.g. in order to safeguard an individual, or to prevent a serious crime. Also where there is a legal requirement such as a formal court order.
4. Marketing communications
Our lawful ground of processing your personal data to send you email communications is your consent, or, if you are a client, our legitimate interest to share with you information and updates about services of a similar nature to services we had previously provided for you (e.g. health consultations).
Under the Privacy and Electronic Communications Regulations (PECR), we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and, in each case, you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you communications without your consent. However, you can still opt out of receiving marketing emails from us at any time.
Before we share your personal data with any appropriate third party for their own marketing purposes we will get your express consent. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any communications sent to you. If you opt out of receiving marketing communications, this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, bookings, etc.
5. Sharing information with other organisations
We will keep information about you confidential. We will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties:
Any contractors and advisors that provide a service to us or act as our agents on the understanding that they keep the information confidential
Anyone to whom we may transfer our rights and duties under any agreement we have with you
Our registrant body, CNHC, and our professional association, BANT, for the processing of a complaint made by you
Any legal or crime prevention agencies and/or to satisfy any regulatory request (e.g. CNHC) if we have a duty to do so, or if the law allows us to do so.
With your consent, we may share your information with supplement companies and biochemical testing companies as part of providing you with direct support for your health. We will not include any sensitive information.
We will seek your express consent before sharing your information with your GP or other healthcare providers. However, if we believe that your life is in danger then we may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests.
We may share your case history in an anonymised form with our peers for the purpose of professional development. This may be at clinical supervision meetings, conferences, online forums, and through publishing in medical journals, trade magazines or online professional sites. We will seek your explicit consent before processing your data in this way.
6. International transfers
Some of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:
We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place.
7. Your rights
Every individual has the right to see, amend, delete or have a copy, of data held that can identify you, with some exceptions. You do not need to give a reason to see your data.
If you want to access your data you must make a subject access request in writing to
Under special circumstances, some information may be withheld. We shall respond within 20 working days from the point of receiving the request and all necessary information from you. Our response will include the details of the personal data we hold on you including:
Sources from which we acquired the information
The purposes of processing the information
Persons or entities with whom we are sharing the information
You have the right, subject to exemptions, to ask to:
Have your information deleted
Have your information corrected or updated where it is no longer accurate
Ask us to stop processing information about you where we are not required to do so by law or in accordance with the BANT and CNHC guidelines.
Receive a copy of your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller, without hindrance from us.
Object at any time to the processing of personal data concerning you
We do not carry out any automated processing, which may lead to automated decision based on your personal data. If you would like to invoke any of the above rights then please email info@yourhealing heart.co.uk
8. Third party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
9. Safeguards to ensure data that identifies you is secure
We only use information that may identify you in accordance with GDPR. This requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.
Within the health sector, we also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. We will protect your information, inform you of how your information will be used, and allow you to decide if, and how your information can be shared.
We also ensure the information we hold is kept in secure locations, we restrict access to information to authorised personnel only, and we protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it). We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
Your Healing Heart is registered with the Information Commissioner’s Office (ICO) as a data controller and collects data for a variety of purposes.
10. Length of time confidential information is kept
All records held by Your Healing Heart will be kept for the duration specified by guidance from our professional association BANT.
11. Website technical details
We use electronic forms on our website making use of an available ‘forms module’ which has a number of built-in features to help ensure privacy. We also aim to use secure forms where appropriate.
If you have a complaint regarding the use of your personal data then please contact us email to info@yourhealing heart.co.uk and we will do our best to help you.
Updated 24 November 2018
What are cookies?
Cookies contain random strings of characters alongside minimal information about the state and session of the website – which in no way collects or discloses any personal information about you as a visitor. Cookies are used by nearly all websites and do not harm your system.
If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings. You can block cookies at any time by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
Types of cookies
Cookies are either:
Session cookies: these are only stored on your computer during your web session and are automatically deleted when you close your browser – they usually store an anonymous session ID allowing you to browse a website without having to log in to each page but they do not collect any personal data from your computer; or
Persistent cookies: a persistent cookie is stored as a file on your computer and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again. [We use persistent cookies for Google Analytics.]
Cookies can also be categorised as follows:
Strictly necessary cookies: These cookies are essential to enable you to use the website effectively, such as when buying a product and / or service, and therefore cannot be turned off. Without these cookies, the services available to you on our website cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
Performance cookies: These cookies enable us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of the site are most popular.
Functionality cookies: These cookies allow our website to remember choices you make and provide enhanced features. For instance, we may be able to provide you with news or updates relevant to the services you use. They may also be used to provide services you have requested such as viewing a video or commenting on a blog. The information these cookies collect is usually anonymised.
In compliance with EU legislation, the following table lists cookies used on this web site:
Used to store whether you have agreed to receive cookies. Persistent for one year
These enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.
Google Analytics - 1P_JAR, APISID, HSID, NID, SAPISID, SID,
SIDCC, SSID, _utma,
_utmb, _utmc, _utmz
Used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Expiration time from 10 minutes to 2 years.
Used to make credit card payments. Stripe uses a cookie to remember who you are and to enable payments without storing any credit card information on its own servers.
Third party cookies