Effective 24th May 2018
1. The Basics
A. About Us
The activities of Helen Black include content publication, 1:1 therapeutic sessions and training course provision both online and in person. These “Services” are operated by Helen Black and company headquartered in the United Kingdom (“we,” “us,” “our,” and “Mirror Medicine“).
B. Key Terms
i. “Contact” is a person subscribed to our mailing list or a purchaser of our goods. In other words, a Contact is anyone who has volunteered their email address and confirmed their desire to be contacted by us using the provided information.
ii. “Receiver” is a person who receives private treatments from Helen Black in a 1:1 setting. The information they provide during sessions may include contact details, personal health history and recorded outcomes of treatment and self care practices.
iii. “Student” refers to any person or entity that is registered with us to attend a training course or affiliated with the International Academy of Italian Facial Reflexology and Mirror Medicine as an alumni and association member.
iv. “Visitor” means any person who visits any of our Websites or social pages.
v. “Website(s)” means any website(s) we own and operate (such as www.helen.black or www.mirrormedicine.com) or any web pages, interactive features, applications, widgets, blogs, social networks, social network “tabs,” or other online, mobile, or wireless offerings linked to these sites.
vi. “Personal Information” means any information that identifies or can be used to identify a Contact, a Receiver, a Student or a Visitor directly or indirectly. Examples of Personal Information include, but are not limited to, first and last name, date of birth, postal address, email address, gender, occupation, passport or license number, other demographic information, health history and treatment progress notes.
vii. “you” and “your” means, depending on the context, either a Contact, a Receiver, a Student or a Visitor.
2. Privacy for Contacts, Receivers, Students and Visitors
This section applies to the Personal Information we collect and process through the provision of the Services and via collection of cookies through our Websites and social network pages.
A. Information We Collect
The Personal Information that we may collect broadly falls into the following categories:
i. Information you provide to us: In the course of engaging with our Services, you may provide Personal Information about yourself. Personal Information is often, but not exclusively, provided to us when you sign up for and use the Services, send us an email, attend a treatment session, sign up and/or take a course with us or communicate in any other way.
B. Use of Personal Information
We may use the Personal Information we collect through the Services or other sources for a range of reasons, including:
- To bill and collect money owed to us by you.
- To send you subscription alert messages.
- To communicate with you about any contract between us and provide customer support.
- To provide, support and improve the Services.
- To provide suggestions for you.
- For our data analytics projects.
C. Data Protection Rights
You have the following data protection rights:
- To access, correct, update or request deletion of Personal Information. Helen Black (Mirror Medicine) takes reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete and up to date. As a Contact, you can manage your individual subscription settings by choosing to “update your preferences” upon receipt of our emails, or you may contact us directly by emailing us at firstname.lastname@example.org.
- In addition, individuals who are residents of the EEA can object to processing of their Personal Information, ask to restrict processing of their Personal Information or request portability of their Personal Information. You can exercise these rights by contacting us using the contact details provided above.
- Similarly, if Personal Information is collected or processed on the basis of consent, the data subject can withdraw their consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. If you receive these requests from Contacts, you can segment your lists within the MailChimp platform to ensure that you only market to Contacts who have not opted out of receiving such marketing.
- The right to complain to a data protection authority about the collection and use of Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection law. We may ask you to verify your identity in order to help us respond efficiently to your request.
3. General Information
A. How We Share Information
i. Our service providers: Sometimes, we share your information with our third-party service providers (such as course organisers or affiliated membership associations, eg AIRFI), who help us provide and support our Services and other business-related functions. We will never sell or profit from the distribution of your information.
ii. Any competent law enforcement body, regulatory body, government agency, court or other third party where we believe disclosure is necessary (a) as a matter of applicable law or regulation, (b) to exercise, establish, or defend our legal rights, or (c) to protect your vital interests or those of any other person.
iii. A potential buyer (and its agents and advisors) in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition.
iv. Any other person with your consent.
B. Legal Basis for Processing Personal Information (EEA Persons Only)
If you are from the European Economic Area, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.
However, we will normally collect and use Personal Information from you where the processing is in our legitimate interests and not overridden by your data-protection interests or fundamental rights and freedoms. Typically, our legitimate interests include improving, maintaining, providing, and enhancing our Services; ensuring the confidentiality of our Services and our Websites; and for our marketing activities.
If you are a Receiver or Student, we may need the Personal Information to perform a contract with you. In some limited cases, we may also have a legal obligation to collect Personal Information from you.
If we ask you to provide Personal Information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not, as well as of the possible consequences if you do not provide your Personal Information.
Where required by law, we will collect Personal Information only where we have your consent to do so.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided in the “Questions and Concerns” section below.
C. Your Choices and Opt-Outs
Contacts and Students who have opted in to our emails and association contact list can opt out of receiving content from us at any time by clicking the “unsubscribe” link at the bottom of all emailed messages.
Also, all opt-out requests can be made by emailing us using the contact details provided in the “Questions and Concerns” section below. Please note that some communications (such as service messages, account notifications, billing information) are considered transactional and necessary for account management, and Contacts and Students cannot opt out of these messages unless you cancel your transaction or terminate any contract you may have with us.
D. Our Security
We take appropriate and reasonable technical and organisational measures to protect Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information. If you have any questions about the security of your Personal Information, you may contact us at email@example.com.
MailChimp accounts require a username and password to log in. Members must keep their username and password secure, and never disclose it to a third party. Because the information in a Member’s MailChimp account is so sensitive, account passwords are hashed, which means we cannot see a Member’s password. We cannot resend forgotten passwords either. We will only provide Members with instructions on how to reset them.
E. Retention of Data
We retain Personal Information where we have an ongoing legitimate business or legal need to do so. Our retention periods will vary depending on the type of data involved, but, generally, we’ll refer to these criteria in order to determine retention period:
- Whether we have a legal or contractual need to retain the data.
- Whether the data is necessary to provide our Services.
- Whether our Contacts, Receivers and Students would reasonably expect that we would retain the data until they remove it or until their involvement with our association is closed or terminated.
When we have no ongoing legitimate business need to process your Personal Information we will either delete or anonymize it or, if this is not possible (for example, in the case of personal health data collected before and after treatment sessions – which must be retained for 5 years post-treatment; in the case of alumni basic information – which we hold records of for 10 years post-certification; or because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
F. Changes to this Policy
G. Questions & Concerns
If you have any questions or comments, or if you have a concern about the way in which we have handled any privacy matter, please send your message or request to firstname.lastname@example.org.