1. Glossary of terms
- “We”, “our”, or “us”.
Throughout this policy, “we”, “our”, or “us” refer to Restore Control Ltd.
- “You”, “your”
Terms such as “you”, “your” refer to any person using our services, including (but not limited to) those attending therapy, using our website, or contacting us by other means.
- Personal data
“Personal data” or “personal information” refers to any information relating to an identified or identifiable natural person. This may be (but is not limited to) details such as your name or contact information.
- Sensitive personal data
“Sensitive personal data” refers to any personal data of genetic and biometric nature. This may be (but is not limited to): racial or ethnic origin, physical or mental health conditions, convictions, religious beliefs or other beliefs.
“Process” or “processing” refers to data processing, which involves any operation or set of operations conducted on any personal data. This may be (but is not limited to) collecting, recording, storing, organising, altering, using, transferring, disseminating, restricting, erasing, or otherwise acting on information.
- Data Controller
“Data Controller” or “Controller” is the person or organisation who determines the purposes for which, and the way in which, personal data is processed. In this instance the data controller is Restore Control Ltd.
- Data Processor
“Processor” or “Data Processor” is a person or organisation which processes personal data on behalf of the controller.
- This policy informs about all information that we record about you. It describes the conditions under which we may process any information that we collect from you, or that you provide to us. This includes information that could identify you (personal data and sensitive personal data) and information that could not.
- If there are one or more points with which you do not agree with or do not consent to, please leave our website immediately and refrain from using our services.
- We take seriously the protection of your privacy and confidentiality. We understand that all our clients and visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party.
- We undertake to preserve the confidentiality of all information you provide to us and hope that you reciprocate.
- Our policy complies with UK law. This includes fulfilling requirements of the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR).
- The law requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data. We do this now, by requesting that you read the information provided at www.knowyourprivacyrights.org
- We do not share, sell, or disclose any information we hold on you to any third parties except as set out below.
3. Information we process about you:
The law requires us to determine under which bases we process different categories of your personal information, and to notify you of the basis for each category.
1. Information we process because we have a contract with you
When you become our client, a contract is formed between you and us. The service we provide to you involves you providing us with personal data and sensitive personal data. We process this information on the basis that there is a contract between you and us, or on the basis that you have requested we use this information before we enter into a legal contract. We may use your data for other purposes such as to monitor the performance of a particular service we provide. In such instances you will not be personally identifiable. We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
2. Information we process with your consent
When there is no contract between you and us, and you take certain actions such as browsing our website, contacting us, or asking us for information, you provide us with a consent to process your data that may be personal data or sensitive personal data. Wherever possible, we aim to obtain your explicit consent to process your information. Actions such as browsing our website or contacting us mean you give your consent. Except where you have consented to our use of your information for a specific purpose, we do not use your information in any way that would identify you personally. We may aggregate it in a general way and use it to provide class information. If you have given us explicit permission to do so, we may from time to time pass your name and contact information to selected associates whom we consider may provide services or products you would find useful. We continue to process your information until you withdraw your consent or it can be reasonably assumed that your consent no longer exists. You may withdraw your consent at any time by writing to us at our registered office or via e-mail at [email protected] – If you do so, we shall not be able to provide our services further.
3. Information we process for the purposes of legitimate interests
We may process information on the basis there is a legitimate interest, either to you or to us, of doing so. This occurs after a careful consideration of whether we could achieve the same objective by other means, whether processing (or not processing) might cause you harm, whether you would expect us to process your data, and whether you would consider it reasonable to do so. This may for example (but is not limited to): record-keeping for the proper and necessary administration of our business; protecting and asserting your rights, our rights, or the rights of any other third party; insuring against or obtaining professional advice that is required to manage business risk; protecting your interests where we believe we have a duty to do so.
4. Information we process because we have a legal obligation
We are subject to the law. Sometimes, we must process your information in order to comply with a statutory obligation we are subject to as the controller. For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This may include your personal data. If we are processing on the basis of legal obligation, you have no right to erasure, right to data portability, or right to object.
5. Information relating to your method of payment
Depending on the chosen or agreed payment method, the data controller or the data processor may process information about your debit or credit card or other means of payment when you first provide it to us. We store this payment information in order both to make repeat purchasing of our services easier, and to help prevent fraud. We take the following measures to protect your payment information:
– We keep your payment information encrypted
– We do not keep all your payment information so as to prevent the possibility of duplicating a transaction by accident or to prevent any other third party from carrying out a transaction without your consent
– Access to your payment information is restricted to authorised staff only.
Payments by Direct Debit: If you pay us by Direct Debit, the information you give to us is passed to our own bank or the data processor for processing according to our instructions. We may keep a copy. We keep this information only for the duration of the Direct Debit arrangement. Under the Direct Debit guarantee scheme, you are entitled to refund disputed payments without question, pending further investigation. Direct Debits can only be set up for payments to beneficiaries that are approved originators. In order to be approved, these beneficiaries are subjected to careful vetting procedures. Once approved, they are required to give indemnity guarantees through their banks.
6. Information relating to job application and employment
If you send us information in relation to a job application, we may keep it for up to three years in case we decide to contact you at a later date. If we employ you, we may process information about you and your work throughout the period of your employment. This information will be used only for purposes directly relevant to your employment. After your employment has ended, we will keep your file for six years before destroying or deleting it.
7. Contacting us
When you contact us, whether by telephone, by post, through our website, by e-mail, or any other means, we collect the data you have given to us in order to reply with the information you need. We record your request and our reply in order to increase the efficiency of our business. We may keep any personal data associated with your message, such as your name and email address, to be able to track our communications with you and provide a high-quality service.
When we receive a complaint, we record all the information you have given to us. We use that information to resolve your complaint.If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is. We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person. If you complain about any of the content on our website or in any brochure, we shall investigate your complaint. If we feel it is justified or if we believe the law requires us to do so, we shall remove the content while we investigate. If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.
9. Using our website
10. Disclosure and sharing of your information
Although we do not disclose your personal information to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from your personal information from third parties whose services we use. Credit reference: To assist in combating fraud, we or the data processor, may share information with credit reference agencies, so far as it relates to clients or customers who instruct their credit card issuer to cancel payment to us without having first provided an acceptable reason to us and given us the opportunity to refund their money.
Access to your own information
At any time you may review or update or request that we remove personally identifiable information that we hold about you. To obtain a copy of any information that is not provided on our website you may send us a request at [email protected]; After receiving the request, we will tell you when we expect to provide you with the information, and whether we require any fee for providing it to you. When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
Retention period for personal data
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us: to provide you with the services you have requested, to comply with other law (including for the period demanded by our tax authorities), or to support a claim or defence in court. We will keep your data for six years before destroying or deleting it.
Compliance with the law