Data Processing Privacy Policy (The Eternal Heart Centre Ltd)
This Privacy Policy describes how your personal information is collected, used, and shared when you visit the website, use the website or make a purchase from this website, as required by EU GDPR 2018 and the UK DPA 2018 (Data Protection) regulations
GDPR and Brexit
From the ICO page, the EU GDPR is an EU Regulation and it no longer applies to the UK (unless you are an EU client of The Eternal Heart Centre Ltd) in which case EU customers can use the GDPR procedure as you would be defined as a client of a UK business which is processing information about an EU data subject.
For UK clients and people submitting inquiries from the UK, the original Data Protection Act 2018 (UK DPA 2018) applies.
Under that act you have similar rights and you have the right to find out what information an organisation stores about you.
Should you submit a GDPR request as a UK citizen, the UK DPA 2018 will apply.
In practice the process is similar, in that you have rights of access, and exemptions also apply as with the GDPR.
To avoid confusion – when you make a legitimate data subject access request, you as a data subject will be informed which regulations apply to you which will depend on your ordinary country of permanent residence.
California Consumer Privacy Act (CCPA)
The Eternal Heart Centre Ltd respects the data privacy rights of all customers / clients and website users worldwide including in the United States – however – the California Consumer Privacy Act (CCPA) – by way of its legal definition regarding businesses overseas – does not apply to The Eternal Heart Centre Ltd – as the business does not buy, sell and share the personal information of 50,000 or more California consumers – and gross revenues of the business do not exceed USD $25million.
The Eternal Heart Centre Ltd does not buy and sell the personal information of any California (or other US residents, or indeed any residents in any country) and the personal data of US clients (and indeed the personal data about clients, customers and website users outside the EU and the UK) is processed solely to provide the website access and/or the customer and client service requested .
COOKIES
This website uses essential cookies to ensure the smooth functioning of the website, by clicking OK in the simple consent box you agree. Regular visitors will find when the box reappears once a month they will need to renew the consent.
This consent can be revoked at any time by simply clearing your browser cookies.
EU ePrivacy Regulations 2021 (ePR Compliance with Cookies Consent)
This website has been tested for compliance with the regulations regarding the use of cookies and online tracking in relation to the EU ePrivacy Regulations. The website is compliant with the regulations with regard to prior consent on the use of other than strictly necessary cookies (ePR) and compliant with the requirement to obtain prior consent from users to process personal data (GDPR).
CONTACT FORM DATA
This website collects data (the name and email address supplied, plus any message) from visitors who submit a contact form submission and the data provided is simply used to assist in customer service inquiries.
By submitting information through the contact forms on the website you agree by way of ticking the check-box underneath all contact forms marked GDPR (Data Processing) Consent that your name and email along with any other information submitted (the message text) is used for data processing purposes in order to process the inquiry and to communicate with you.
Visitors agree that geo-location data and IP addresses are saved from contact form submissions and website visitors.
Such data is automatically and routinely purged from the WordPress Statistics database every 7 days.
Contact Form submissions submitted via the contact form require a GDPR processing consent at the point of submission by way of a simple consent box. Once a contact form message has been received and dealt with, the data including email address and name will be either processed to assist in your enquiry or to confirm a retreat booking.
In instances where a response is not appropriate nor required, the data will be deleted immediately.
WEBSITE VISITORS (DATA PROCESSING FOR ANALYTICS PURPOSES)
Visits to the website are stored by a WordPress Statistics Plug in, this analytical data including country, IP address and pages viewed, is used to research and understand website visitor behaviour as well as to prevent nuisance and spam webform submissions, and to prevent fraudulent orders (GDPR legitimate processing citing the detection and prevention of fraud).
Such data is purged from the database every 7 days – except where legal justifications would preside over the right to deletion (for example if a particular IP address (or a group of IP addresses) is (or appears to be based on the preponderance of the evidence) behind repeated attempts at filing fraudulent orders, spamming the contact forms or behind the submission of malicious website form submissions – in which case that data will be saved for legal reference.
HOW IS YOUR PERSONAL INFORMATION USED?
The Eternal Heart Centre Ltd will use the Information supplied by clientele to fulfil contracts to provide spiritual retreats to clientele.
This information is respected and not shared for any other purpose.
SHARING YOUR PERSONAL INFORMATION
Personal Information is not shared with third parties under any circumstances, unless absolutely required by law.
YOUR RIGHTS
If you are a EU resident, under the provisions of the recent GDPR regulations, you have the right to access personal information held about you and to ask that your personal information be corrected, updated, or deleted.
No charge is made for such a request – in GDPR terms – known as a Subject Access Request.
If you would like to exercise this right, please use the contact form.
If data is held about you, information about the data held will be shared with you, free of charge and within 30 days as per the EU GDPR 2018 Data Regulations (unless any of the GDPR exemptions apply)
The data will be provided in digital form (scanned PDFs) to the email address used to request the data access.
Please note that it may be necessary to confirm your identity in order to ensure the safety of personal information and to ensure the data requester is who they say they are, for example a scan of a drivers licence or passport and/or a proof of address that matches the data on your government issued ID – such as a utility bill dated within the last 3 months.
Any such ID given to confirm your identity to facilitate a Data Disclosure Request / Subject Access Request will be immediately and permanently deleted after your identity is confirmed.
If data is not held about you (in many cases contact form submissions are deleted by default anyway) that fact will be confirmed with you, within the 30 day time limit for responding to Data Requests.
DATA ANONYMIZATION AND RETENTION PROCEDURES
When you book a retreat through the Site or submit any other enquiries, The Eternal Heart Centre Ltd will maintain your Personal Information for the records and to provide the service / responses – unless and until you ask to delete this information.
Spiritual Master Free Spirit retains the minimum amount of data necessary to further ensure a strong level of customer/client confidentiality and to ensure the safety of personal data
Note that for taxation purposes customer invoices may be kept on file for some time (a maximum of a 6 year retention period)
Personally identifiable data is anonymized from such invoice data 1 year after the tax year to which the invoice relates
Iin the unlikely event of any dispute, data and information may be kept for longer for legal reasons, if such justifications take precedence over the right of anonymization/deletion.
Once data is deemed unnecessary to retain further, it will be deleted automatically by default.
RETENTION PERIOD
The maximum retention period for customer and client data is 6 years after which such records are then permanently deleted.
CHANGES
The Eternal Heart Centre Ltd may update this privacy policy from time to time in order to reflect, for example, changes to practices or for other operational, legal or regulatory reasons.
RIGHT TO COMPLAIN
In the event of any GDPR or DPA 2018 related dispute, if the concerns are not remedied by way of using the GDPR or the Data Protection Act 2018 (DPA 2018) Data Subject Access Request Procedure outlined above, the data subject has the unequivocal right to take the matter to the Data Protection Authority.
The relevant GDPR regulatory body being the Information Commissioners Office, United Kingdom with whom The Eternal Heart Centre Ltd is formally registered as a data controller as required by the ICO. Registration number: ZA898411
PRIVACY QUESTIONS / DATA REQUESTS / DELETION REQUESTS / CONTACT
For more information about the privacy practices or for clarification on how customer data is used, or to access your data under the provisions of the GDPR, please use the contact form.
The Eternal Heart Centr Ltd is the trading name of the UK Limited Company named The Eternal Heart Centre Ltd, which was registered as a Private Limited Company in England and Wales with Companies House, Cardiff on June 29th 2020.
Company Registration Number 12704746
Director – Free Spirit
operating the business known as The Eternal Heart Centre Ltd ™
With its principal registered office(s) at
Lytchett House, 13 Freeland Park, Poole, BH16 6FA, UNITED KINGDOM
Business Email Address admin@eternalheartcentre.org
Companies House Listing https://beta.companieshouse.gov.uk/company/12704746