Your privacy is very important to me. I take necessary precautions to make sure that your personal information is kept and secure. It will only be used for the purpose it was given to me.
I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This privacy notice tells you what I will do with your personal information throughout our relationship, and after our sessions together end.
I am the data controller of Let’s Talk Tarot – Your Voice, Your Story, and I am registered with the Information Commissionerʼs Office, under registration number ZB047478.
I am always happy to chat through any questions you might have about my data protection policy.
My lawful basis for holding and using your information
The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have explained these below.
If you have undertaken one of my Guided Programmes or Intuitive Reading Sessions with me, I will use legitimate interest as my lawful basis for holding and using your personal information. If you are currently undertaking a programme/session or if you are in contact with me to consider a programme/session, I will process your personal data where it is necessary for the performance of our contract.
How I use your information
I ensure that the data I record is adequate, relevant and limited to what is necessary for the type of service being provided and for contacting you in relation appointments, newsletters, blog posts and special offers.
All information is held securely.
When you contact me with an enquiry about my services, I will collect information to help me satisfy your enquiry. This will include your name, email address and/or telephone number, depending on how you contact me. If we decide not to proceed with booking an appointment, I will ensure that all your personal data is deleted within 48 hours. If you would like me to delete this information sooner, just let me know. If we agree to add you to my waiting list, your information will be deleted after the agreed waiting period has passed. Again, please contact me if you would like your information deleted sooner.
I do not generally keep written notes, but in the event that I do, they will be kept securely, anonymised and only for the period of programme duration. They will not be shared with anyone.
Confidentiality and Risk Factors
As set out in my Client Agreement, everything that is said within our sessions will remain confidential, providing that:
– nothing said indicates there is a risk of serious harm to you, or to anyone around you
– the law does not require me to disclose anything said in our sessions
In the instance that any of these criteria are met, I may need to make a disclosure to a third party. This disclosure may include some of your personal details, as required by the circumstances of the risk. I will always try to speak to you about this first, unless there are safeguarding issues that prevent this, or unless we are unable to discuss the matter before it is necessary to take action to mitigate any risk.
After the programme has ended in line with any guidance from my insurer, I will securely store your records for the specified period. They will then be securely destroyed. If you want me to delete your records sooner than this, please tell me.
Third party recipients of personal data
I do not share any personal data with third parties as standard. If an instance were to occur in which this became necessary, I would inform you, and discuss with you whether you would be happy to proceed with sharing any information.
I try to be as open as possible in terms of giving people access to their personal information. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you, and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters. You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you. To make a request for any personal information I may hold about you, please put the request in writing and address it to email@example.com. If you have any complaint about how I handle your personal data, please do not hesitate to get in touch with me by email. I would welcome any suggestions for improving my data protection procedures. If, after that, you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.
Visitors to my website
When someone visits my website, the website platform (www.wordpress.com) collects standard internet log information and details of visitor behaviour patterns. This information is only processed in a way that does not identify anyone. I do not make, and do not allow wordpress.com to make any attempt to find out the identities of those visiting my website. No user-specific data is collected by me or any third party. If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me.