Little Himalaya Ltd – Privacy Notice
In compliance with UK and European data protection regulations, this privacy policy explains what personal information we collect from you when you visit our website, when you apply or join us as an employee or are a recipient of our services.
Little Himalaya Ltd are committed to processing all personal information about our customers and staff in ways that comply with its legal and regulatory obligations, and to being clear about what it does with their personal information.
Data collection
The data we collect to fulfil these services is taken as a data controller. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
We may collect personal information when:
- you use our website and social media pages
- you enquire about, or are a recipient of, our services and goods
- you apply to join us
We may collect the following types of information:
- Name, Address, Email, Phone/mobile, Gender, Date of Birth, Signature, Spouse name & other details, Child details, Occupation, Job Title
- Your company’s name, your position in the company; the company’s address, company’s email address and telephone number
- Medical information such as respiratory health issues, Next of Kin, GP Name & Clinic, Pregnancy status, Cancer Treatment Status, other health issues.
- Prior experience of Salt Therapy, Appointment dates, opinions/feedback on our services
- Website password
- Your payment information such as credit or debit card details and bank account details.
- Any other information that is deemed relevant to suitability/ ongoing usage of salt therapy services that Little Himalaya Ltd provides.
Special Categories of data
During the course of delivering services to you, we also collect special category data, necessary for legal requirements and reporting.
Special categories of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information and we need to do this with either your consent or as permitted by UK and EU data protection legislation.
The special category information we collect includes:
- Learning difficulty/disabilities
- Ethnicity
- Religion
- Sexual Orientation
- Disability
- Medical
- Details of any Criminal convictions
If you provide us with this information then we will seek your consent to process it.
Why do we collect this information?
The personal data collected is needed in order to
- deliver our service to you
- form and maintain relationships with our customers
- process an application for employment
- respond to enquiries
- inform you of new products and offers
- fulfil our legal obligations
Information we may collect through our website is needed
- to help identify your computer
- to analyse data about web page traffic
- to process customer registrations and appointment bookings
- to help us tailor our website for your needs
How do we collect this information?
We collect personal information:
- directly from you when you enter a contract: e.g. you purchase a service
- directly from you when you make an enquiry: e.g. send us an email, telephone us
- from publicly available sources: networking, social media, internet services, exhibitions, direct referrals, other Corporate bodies
We are committed to keeping your information up to date as far as is reasonably possible. However, if you believe that we have made an error, then please contact us as we have outlined below and we will use reasonable endeavours to correct.
Website cookies
We also capture data using Cookies; a cookie consists of a piece of text sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We use Google Analytics to determine the number of people using our site and to better understand how they find and use our web pages. With this information we can continually improve the information that we provide on our site and the processes for actions such as contacting us and donating. We can also use it to increase the number of new people finding our site.
Google analytics stores the following data:
- Time of visit, pages visited, and time spent on each page of the web pages
- Interactions with site-specific widgets
- Referring site details (such as the URL a user came through to arrive at this site)
- Type of web browser
- Type of operating system (OS)
- Flash version, JavaScript support, screen resolution, and screen color processing ability
- Network location and IP address
- Document downloads
- Clicks on links leading to external websites
- Errors when users fill out forms
- Clicks on videos
- Scroll depth
Google also collects information about you from its Doubleclick tracking and profiling service, from ad-supported apps on your Android or iOS device, from your YouTube and Gmail activity and from your Google account. This data is put together and used to make inferences about your age, gender, interests, hobbies, shopping habits and living circumstances.
Your rights
If you already have GA cookies, they will be updated with the latest information about your visit to the site.
As we cannot access any personal data about you ourselves, we are not the Data Controller for your Google Analytics or Doubleclick profile data. You would need to contact Google directly for this information.
You have the right to object to this tracking and to stop it happening.
How do I prevent being tracked by Google Analytics?
If you are uncomfortable with this tracking, you can take the following actions:
- Use a tracking-blocker, such as Privacy Badger
- Clear cookies after every browsing session
- Install the Google Analytics opt-out extension
Facebook users
Occasionally you may see adverts from Little Himalaya on Facebook. We target ads at audiences that look like they have an interest in salt therapy. We do this to inform, educate and engage new potential supporters.
Please remember that Facebook is a commercial entity hence information that is shared on timelines, on our page or in private messages may be used or sold by Facebook for commercial purposes.
How do we use the data we collect?
We use the data that we collect to deliver services to you, to respond to enquiries, to process any applications for employment and appropriate marketing.
- Administer the website;
- Improve your browsing experience by personalising the website;
- Enable your use of the services available on the website;
- Send to you goods purchased via the website, and supply to you services purchased via the website;
- Send statements and invoices to you, and collect payments from you;
- Send you general (non-marketing) commercial communications;
- Send you email notifications which you have specifically requested
- Send to you our newsletter and other marketing communications relating to our business (or the businesses of carefully-selected third parties) which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
- Provide third parties with statistical information about our users, though this information will not be used to identify any individual user;
- Deal with enquiries and complaints made by or about you relating to the website.
Any processing activities we undertake are fully compliant with UK and European data protection regulations and PECR where needed for the marketing approaches we undertake
Keeping your information safe and secure
Little Himalaya Ltd are committed to keeping customers’ and staff personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Occasionally we need to share data outside the EEA but we take reasonable steps to ensure that the information is protected to a level which meets the requirements of UK and European data protection regulations.
Third party access
Access to your personal information is only allowed when required by law or is required as part our fulfilling our service obligations. We do not, and will never, sell or share your personal information with other third parties.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We use third party providers to:
- ensure our IT and security measures are sufficiently robust to protect your data
- to provide additional services
Our Service Providers
This includes external third-party service providers, such as accountants, auditors, experts, lawyers and other outside professional advisors; IT systems, support and hosting service providers; printing, advertising, marketing outsourced service providers that assist us in carrying out business activities. All our systems are located within the UK or EEA.
Links to other websites
Our website and email newsletters and bulletins may contain links to other websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.
How long do we keep personal information?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Marketing
Little Himalaya Ltd undertake limited marketing activity and only necessary to promote our services. This is completed for our legitimate interests and will include:
- Making known the details of new products and services that we offer
- Changes to our procedures such as opening times and sessions offered
- News relevant to the salt therapy industry
If you have consented to receive marketing information, you may opt out at a later date by writing to us at info at littlehimalaya.co.uk. You have a right at any time to stop us from contacting you for marketing purposes.
Any marketing we undertake is made in a fully complaint manner as governed by UK and European data protection regulations and PECR, with the contacts being given the option to opt out from such contact.
Controlling your personal information
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
If you want to review, verify, correct or question anything detailed in this policy or anything about your personal information, please contact Iain Simmons in writing at: Little Himalaya Ltd, 2 Alpha House, Farmer Ward Road, Kenilworth, CV8 2ED.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances to the extent permitted by law
Under certain circumstances, by law you have the right to:
- request details of personal information which we hold about you
- restrict the collection or use of your personal data
- to withdraw any permission you have given us to use your data
- or even to delete any records that we may hold
Data Protection focal point
We have appointed a data protection focal point to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the Data Protection Focal Point at :
info at littlehimalaya.co.uk, 2 Alpha House Farmer Ward Road, Kenilworth, CV8 2ED
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. As an individual whose personal data is processed by Little Himalaya you have the following rights:
- the right to be informed – which is what this privacy notice is for
- the right to access the data we hold about you the right to object to direct marketing – either use the ‘unsubscribe’ button on our emails or contact us directly
- the right to object to processing carried out on the basis of legitimate interests
- the right to erasure (in some circumstances)
- the right of data portability
- the right to have your data rectified if its inaccurate
- the right to have your data restricted or blocked from processing To exercise any of these rights, please use the Contact Us form to get in touch.
Changes to our Privacy Policy
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
This policy was updated in June 2018 to show that we are adhering to the new General Data Protection Regulation (GDPR), which came into force in May 2018.