This privacy policy governs the collection, storage, and use of personal information collected by Earth Heart Therapies, which is the data controller of the personal data it collects.
Please read this privacy policy carefully – by using our services and our website, you confirm that you have read, understood, and agree to this privacy policy in its entirety. If you do not accept them, you should not use our services or website.
This policy provides details about the personal information we collect from you, how we use your personal information, and your rights regarding the personal information we hold about you.
Personal data means data that relate to a living individual who can be identified from that data, or from that data and other information which is in our possession, or is likely to come into our possession, and includes any expression of opinion about an individual and any indication of our intentions or the intentions of any other person in respect of the individual.
We will use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose if required, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Where we need to collect personal data by law or under the terms of a contract with you, and you fail to provide that data on request, we may not be able to perform the contract we have or are trying to enter into with you (e.g. to provide you with goods or services). In this case, we may have to cancel a product or service you have with us. We will tell you if this is the case.
You can set your browser to refuse all or some browser cookies which process your data or to alert you when websites set or access cookies. For more information about the cookies we use, see our Cookie Policy.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
With your explicit consent (which you may withdraw at any time)
Where we need to perform a contract, we are about to enter into or have entered into with you
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
Where we need to comply with a legal or regulatory obligation
Where it is in the public interest to do so
This may include things like:
Providing goods and services to you
Personalisation of content, business information, or user experience on our website
Account setup and administration
Delivering marketing and events communication
Carrying out polls and surveys
Internal research and development purposes
Meeting internal audit requirements
How is your personal data collected by us?
We use different methods to collect data from and about you, which may not always be collected directly from you.
You may give us your identity data, contact data, and financial data by filling in forms or by corresponding with us by post, telephone, email, or otherwise.
As you interact with our website, Squarespace may automatically collect technical data about your equipment, browsing actions, and patterns. This may also include your internet protocol (IP) address. We collect such personal data by using cookies, server logs, and other similar technologies. Please see our Cookie Policy for further details.
We may receive personal data about you indirectly, from various third parties and publicly available sources such as search engines, social media sites, Companies House, suppliers, and finance and compliance check services such as Dunn & Bradstreet.
What personal data may we be collecting about you?
We may collect, use, store, and transfer different kinds of personal data about you, including:
Identity data – first name, maiden name, last name, username or similar identifier, marital status, emergency contacts, title, date of birth, profession, and gender
Contact data – billing address, delivery address, email address, and telephone numbers
Financial data – bank account and payment card details
Transaction data – details about payments to and from you
Technical data – IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website
Profile data – your interests, preferences, feedback, and survey responses
Marketing and communications data – preferences in receiving marketing/newsletters and communication preferences
Aggregated data – statistical or demographic data derived from personal data but not identifying you
Usage data – information about how you use our website
Special categories of personal data – race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health, genetic and biometric data
Educational and biographical data – work history, job title, qualifications, professional licence numbers, progression, achievements, and extra-curricular activities
How does our website collect your data?
This website collects personal data to power our site analytics, including:
Information about your browser, network, and device
Web pages you visited prior to coming to this website
Your IP address
This may also include details about your use of this website, such as clicks, internal links, timestamps, scrolling, searches, and pages visited.
We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity.
External links & sharing
This website may include links to external websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow other parties to collect or share data about you. We do not control these external websites and are not responsible for their privacy statements.
This website includes share buttons that enable you to share pages or content to third-party services such as Facebook, Instagram, LinkedIn, Pinterest, Twitter, TikTok. If you click a share button, these third parties may receive personal data such as:
Browser, network, and device information
Details about the web page/content shared
Your IP address
Sharing your data with Third Parties
We may share your data with trusted third parties including:
Squarespace (web platform and hosting)
Microsoft (Teams and SharePoint)
Zoom (video conferencing and webinars)
Professional advisers (lawyers, bankers, auditors, insurers)
HMRC, regulators, and authorities where legally required
Contractors, suppliers, and service providers assisting us in delivering our services
Data retention
We will retain your data as long as necessary to provide services and for legal obligations (minimum 6 years for legal/tax reporting). After this, your data will be securely deleted or anonymised.
Data protection
We implement strong security measures (encryption, password protection, secure transfer protocols). Access is strictly limited to authorised personnel. Squarespace’s security measures: Squarespace Security.
Your rights
You have the right to:
Access your personal data
Rectify inaccurate/incomplete data
Withdraw consent at any time
Object to processing in our legitimate interests
Object to direct marketing (including profiling)
Restrict processing in certain cases
Request erasure ("right to be forgotten")
Request data portability
Not be subject to automated decision-making with significant effects
