We collect information if you voluntarily provide it to us. For example, if you sign up for our Services, you might give us your name and email address. While browsing our website, you provide your data:

• By making an online booking.

• Registering on the mailing list.

• Providing feedback.

• Participating in interactive activities on the website, such as surveys.

• By signing the terms of engagement form.

• By taking credit cards and online payments.

This may include the following information:

• Personally identifiable information such as first and last name(s) and next of kin.

• Contact details such as mailing and email address.

• Demographic information.

• Financial information such as credit card or bank details.

We use this information to provide direct healthcare, goods and services. Our legal basis for holding your data is for legitimate interest.

Through browsing the website and subscribing to our mailing list, we may use your personal information to:

• Present our website and its contents to you.

• Provide you with information or services you request from us, such as sending you information through our newsletters.

• Fulfil the purpose for which you provide it.

• To comply with any court order or legal process, including to respond to any government or regulatory request.

It is always your choice whether or not to provide personal data. Only provide personal data if you are authorised to do so.

As you interact with our website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

• Internet connections.

• Computer equipment.

• Web browsers.

• Websites visited before and after entering the website.

• IP addresses and similar information about traffic and usage as you navigate to, through and away from the website.

• Cookies, Anonymous Identifiers, Web Beacons, and Other Internet Tracking Technology.

The technologies we use for this automatic data collection may include cookies. You may refuse to accept browser Cookies by activating the appropriate setting on your browser, but if you do, you may be unable to access certain parts of our website. Unless you have adjusted your browser setting to refuse cookies, our system will issue cookies when you direct your browser to us.

A ‘Cookie’ is a data file created and stored on your computer’s hard drive when you visit our site. An ‘Anonymous Identifier’ is a random string of characters used for similar reasons as Cookies. We do not use cookies to collect any private or personally identifiable information. The technical platform of this website uses Cookies solely to aid the proper technical functioning of the website. The Cookies used contain random strings of characters alongside minimal information about the state and session of the website – which in no way collects or discloses any personal information about you as a visitor.

Advanced areas of this site may use Cookies to store your presentation preferences purely technically with no individually identifiable information. Anonymous Identifiers can be used where Cookie technology is not available. Note also our statement on analytics software below – as analytics software also uses Cookies to function.

Most web browsers allow some control of most Cookies through the browser settings. To find out more about cookies, including how to see what Cookies have been set and how to manage and delete them, visit www.allaboutcookies.org

Unless you have adjusted your browser settings so that it will refuse Cookies, we will issue Cookies when you direct your browser to our site.

A “Web Beacon” is an object embedded into a web page or an email that collects data. A Web Beacon functions similarly to a Cookie, allowing us to learn more about your behaviours, actions and preferences. For example, when used within an email, a Web Beacon can track whether a user opens a message, clicks on a link within the email or other similar actions.

We use information that we collect about you or that you provide to us, including personal information, to present our Services to you; to provide you with information, products, or services that you request from us; to fulfil any other purpose for which you provide it; to provide you with notices about your account/subscription, including expiration and renewal notices; to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection; to comply with legal obligations; or for any other purpose with your consent. If you are an EU resident, we will collect and use your data only if we have one or more legal bases for doing so under the GDPR. This means we collect and use your data only where you have given your consent for one or more specific purposes; it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests; it is essential to protect the vital interests of you or another natural person; or it is necessary to comply with a legal obligation.

We routinely share personal and non-personal information with contractors, service providers and other third parties who support our business. We are bound by contractual obligations to keep such information confidential and use it only for the purposes it is disclosed. For example:

Google Analytics. Like most websites, we use analytics software to help us understand the trends in popularity of our website and of different sections. We will also use Google Analytics Cookies to understand your preferences and provide a tailored experience. We do not use personally identifiable information in any of the statistical reports we use from this package. Google Analytics gives details on their privacy policy on the Google website. To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

Payments. We use third-party services for payment processing (e.g. payment processors). We will not store or collect your payment card details. That information is provided directly to our third-party payment processors, whose use of your data is governed by their Privacy Policy. We are not responsible for these third-party payment processors.

The payment processors we work with are:

• Stripe. For more information on the privacy practices of Stripe, please visit their website.

• Paypal. For more information on the privacy practices of PayPal, please visit their website.

Every individual has the right to see, amend, delete or have a copy of data held that can identify you, with some exceptions. You do not need to give a reason to see your data.

If you want to access your data, you must make a subject access request in writing to emma@emmaschadestylli.com. We shall respond within 20 working days of receiving your request and all necessary information. Our response will include:

• Sources from which we acquired the information.

• The purpose of processing the information.

• Persons or entities with whom we are sharing the information.

You have the right, subject to exemptions, to ask to:

• Have your information deleted.

• Have your information corrected or updated where it is no longer accurate.

• Receive a copy of your data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from us.

• Object at any time to the processing of personal data concerning you.

We do not carry out automated processing, which may lead to automated decisions based on your data.

If you want to invoke any of the above rights, please email the Data Controller, Emma Schade-Stylli, at emma@emmaschadestylli.com.

We only use information that may identify you under GDPR. This requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.

Within the health sector, we also have to follow the standard law duty of confidence, which means that where identifiable information about you has been given in faith, it should be treated as confidential and only shared to provide direct healthcare. We will protect your information, inform you of how your information will be used, and allow you to decide if and how your data can be shared.

We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only, and protect personal and confidential information on equipment such as laptops with encryption (which masks data so unauthorised users cannot see or make sense of it). We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.

Emma Schade-Stylli is registered with the Information Commissioner’s Office (ICO) as a data controller and collects data for various purposes. A copy of the registration is available through the ICO website (search by business name).

All records held by Emma Schade-Stylli will be kept for the duration specified by guidance from our professional association, the Association of Master Herbalists.

If you have a complaint regarding using your data, please email emma@emmaschadestylli.com, and we will do our best to help you.

If your complaint is not resolved satisfactorily and you wish to formally complain to the Information Commissioner’s Office (ICO), please contact them.