PRIVACY POLICY

VERSION JAN 2021

ABOUT US

MariaNinoles.com is a sole-proprietorship of MariaNinoles (“We/Us”) whose registered office is London E17 6GR United Kingdom operates the website www.marianinoles.com and provide educational information, documentation, videos and training sessions of holistic practices from Ayurveda, Yoga and Breathwork for clients (together “services”). We are committed to providing quality services to you and this Privacy Policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.
We are the controller of any personal information gathered by your use of our website and services. Our website is a general audience website, intended for users of all ages. Where we use third parties to process your data, these parties are known as processors of your personal data.  We have a contract with these third parties for the provision of these services.
We have adopted the Data Protection Act (GDPR) contained in the Data protection act 2018 (Cth) (the Protection Act). The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). Under the Data Protection Act 2018, you have the right to find out what information we store about you. These include the right to find out the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. For the purposes of meeting the Data protection act territorial scope requirements, London, UK is identified as the named territory where the processing of personal data takes place. Find out more here

We have also identified that we have European clients and recognise the General Data Privacy Regulations (“GDPR”). The UK is identified as the named territory where the processing of personal information takes place.
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal information.
A data ‘processor’ means the individual or organisation which processes personal information on behalf of the controller.

THE PURPOSE OF THIS PRIVACY POLICY

This Privacy Policy does the following:

1.     describes how we collect, use, share, retain and safeguard Personal Data,

2.     Policy sets out your individual rights; we explain these later in the Policy but in summary, these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data,

3.     outlines our ongoing obligations to you respecting how we manage your Personal Data, and 

 4.     explains what kind of information we collect in connection with our services, the purposes for which we use the information and how we may share this information. 

This Policy applies when you may share personal data in contact with us via our website, online forms, email, social media accounts, the telephone, when writing to us directly or where we provide you with paper-based forms for completion, or we complete a form with you. 

To provide a high standard to our client’s personal data and privacy, we adopted an aim to comply with the Data Protection Act 2018 (UK).

The Data Acts govern the way that we collect, use, disclose, store, secure and dispose of your Personal Data. A copy of the Data Acts may be seen at the URLs linked with each Data Act.  

 A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.

A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller. 

We are the controller of any personal data gathered by your use of our website and services. Where we use third parties to process your data.  We have a contract with these third parties for the provision of these services. 

MariaNinoles, United Kingdom is identified as the named territory where the processing of personal data takes place. 

You can learn more about your privacy rights at UK Information Commissioner Office here.

WHAT IS PERSONAL DATA?

Personal Information is information or an opinion that identifies a natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.
Sensitive information is defined in the Data protection act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
We are legally required to comply with specific data processing requirements for Personal Information.

WHAT PERSONAL DATA IS COLLECTED BY US?

As a provider of educational holistic services, we will process the following categories of data:

  • Personal Data including individual’s name, address, date of birth, gender, and contact details, registered business details and tax identification numbers.

  • Special categories of personal data including: as spiritual, social, religious, beliefs, associations or memberships, and aspects of your social interactions that may affect your participation or our provision of services to you. 

If you object to the collection, sharing and use of your personal data we may be unable to provide you with our services.

LIVESTREAM ONLINE CLASS OR FILMING CLASSES: We may record your communications with us when contacting our team. We may collect information about your visits to us to help us personalize your experience with us. By providing this information to us you are consenting to our use in the manner set out in this policy.  

ADULT ONLY SERVICES: We do not knowingly accept information or attendance of anyone under the age of 18 years old.

MINORS IN SERVICES If you are under 18 years of age you will need your parent or guardian to agree to this Privacy Policy and terms for you. They are responsible to ensure that you fully understand what you are sharing with us and why. 

WHAT PERSONAL DATA IS COLLECTED BY US?

OUR SERVICES

We will collect your Personal Data where you request information about our services, via our website, provide information in communications with us via in-person, telephone, texts, social media, events, promotions, campaigns, from cookies and third parties. We may collect information about your visits to us to help us personalize your experience with us. By providing this information to us you are consenting to our use in the manner set out in this Policy.  

Our primary purpose for collecting and processing this Personal Data about you is to provide and administer our services to you, our clients and marketing. If you object to the collection, sharing and use of your personal data we may be unable to provide you with our services.

When we collect Personal Data we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it. Please ask if you do not understand.

THIRD PARTIES SUPPLIERS

Where reasonable and practicable to do so, we will collect your Personal Data only from you. However, in some circumstances, we may be provided with information by third parties. We may use third-party suppliers for management of specific services e.g. payment processing, and they may store some of your Personal Data to provide such service to you. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party or that you can access your account to check this information directly yourself.

We use third-party software to securely store your data to perform specific functions to support our services (“third party suppliers”). Third-party suppliers have access to personal information needed to perform their functions but may not use it for other purposes. Their privacy policy is linked below as to how they handle data as part of the service we use. With all of the third-party suppliers, you can ask us to review your stored data to ensure that it is accurate and best serves you.

We do not sell or pass your personal information onto third parties.

DATA MANAGEMENT

We use the following third-party providers for our service to you. Their privacy policy is linked within as to how they handle data as part of the service we use. With all of the below suppliers, you can ask us to review your stored data to ensure that it is accurate and best serves you.  

LINKS TO OTHER WEBSITES

Our services may include links to third-party websites. When you click on this link you have left our website and services. We do not have control over what cookies or beacons or other technology these sites may use to track activity into their website, and do not have control over what data they may collect or their privacy policy. Use of their websites and clicking on those links is at your sole risk. We are not responsible for the protection and privacy of any information that you provide whilst visiting such sites and these sites are not governed by this Privacy Policy. We suggest that you read their privacy statement before using the website.
We do not provide any personally identifiable customer information to these sites.

WHY DO WE COLLECT PERSONAL INFORMATION?

Personal Information is obtained in many ways including interviews, online calls, text message, online chat, correspondence, by telephone, by email, via our website, from your website, from media and publications, from other publicly available sources, from cookies and from third parties, including but not limited to social media platforms such as Facebook, Instagram, and LinkedIn. We don’t guarantee website links or policy of authorised third parties.
We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing or email as below.
When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
Sensitive information will be used by us only:

  • For the primary purpose for which it was obtained,

  • For a secondary purpose that is directly related to the primary purpose,

  • With your consent; or where required or authorised by law.

We do not sell or pass your personal information onto third parties.

DATA MANAGEMENT

We use third-party software to securely store your data to perform specific functions to support our services (“third party suppliers”). Third-party suppliers have access to personal information needed to perform their functions but may not use it for other purposes. Further, they must process the personal information as permitted by the UK’s implementation of the General Data Protection Regulation 2017 (EU Data Protection Directive 2016/680 ). Their privacy policy is linked within as to how they handle data as part of the service we use. With all of the third-party suppliers, you can ask us to review your stored data to ensure that it is accurate and best serves you. 

  • Client records about our appointments, documents and notes are stored as digital records only and saved in Google Drive and iCloud Drive. They provide TLS standard encryption to protect your Personal Information and a two-step authentication process. We may keep your records on remote digital devices that are encrypted and password protected. Storage of these files is necessary as a legal requirement by our insurer Ballens.  

  • Communications with us via email are stored in our account with Google and iCloud. Any telephone or online calls may be recorded with your permission and stored in your client’s records as a digital file. We have followed Google’s security check-list for security on all our files, communications and calendars.

  • To schedule appointments, we use Google Calendars and email Gmail to book appointments with clients. We only use your email for this booking to provide the Service.

  • Service provision for consultations and some webinars is via Zoom. You do not need an account for this, but it will require you to register a name when logging in.

  • Payments for our services can use third party payment facilitators StripeXero and Paypal. All are PCI DSS v 3.2.1 compliant to ensure your financial data is secure and we can never access your full payment details.

  • Our website is hosted by Square Space. While using our website, we may ask you to provide us with certain personally identifiable information that might be collected through our website provider Squarespace. This includes a collection of your unique online electronic identifier; this is commonly known as an IP address, browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages and other statistics. Mailchimp uses cookies to provide the website and ensure the necessary function of our services. To learn more about the cookies on our website, please read our Cookie Policy here.

  • If you contact us via our website, you may provide us with personal data when completing online health or contact forms. These forms are hosted by Square space and Google Drive.

MARKETING

We may promote our services to you using the information you provide to us, including email or text. If you wish to receive promotional offers please opt-in by completing the form on our website, on social media to ‘@marianinoles or by emailing manijonc@gmail.com to request to be added.  
If you opt-in to receive our emails you will receive service updates and offers occasionally. You can unsubscribe from this at any time from within one of these emails or contacting us at  manijonct@gmail.com. Our email marketing supplier, Mailchimp, will store information that you have submitted in your sign up. You can unsubscribe at any time by clicking on the unsubscribe button in the emails sent.
If you follow us on any social media platforms, your privacy settings in your social media account to control what you share with others. Please be aware that our settings are to ‘Public’ where you leave reviews, comments, and we will tag you where appropriate. Please check this if you are concerned about your privacy on any social media platform. Please let us know if you do not wish to be tagged in any of our posts or wish a tag to be removed.
We may conduct surveys using third parties to collect information in the survey to get an idea of the market. You do not have to participate, and you can choose to complete your name and email address or leave it anonymized.

QUOTES

If you contact us for a quote or request details on the services we provide, we consider ourselves as having a legitimate business interest to provide you with further information about our products and services. You may request that we stop this at any time with the contact details below. 

DEVELOPMENT

We will also use your personal data to manage our account, perform statistical analysis on the data we collect, for business forecasting purposes and to develop new and market existing products and services. 

Data Retention/ Disclosure of Information

We may release personal information where we believe that it is appropriate in a number of circumstances, including the following:

  • Third parties where you consent to the use or disclosure;

  • Where required or authorized by law;

  • To enforce or apply our agreements with you;

  • To protect the rights, property or safety of us, our clients or others; and

  • With your consent following specific notice or request from us.

This includes fraud protection, but not selling, sharing or otherwise disclosing personally identifiable information from clients for commercial purposes in a way that is contrary to this Privacy Policy.

SECURITY OF PERSONAL INFORMATION

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for the Duration Period.

DURATION PERIOD

If you have received Services with us we will store your data for seven (7) years from your last appointment with us (“Duration Period”), as required by our insurers (Ballens) for any potential claims.
You may have access to this information stored, but this falls under the circumstances where your Right to Request Erasure may be denied. Please see the ICO guidance on this exception: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/ 

YOUR RIGHTS

You have legal rights to your personal data. You grant use of your data under the contract and terms herein through your active conduct and use of our services. At any time you have the right to know what personal data relates to you that is held by us, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to make copies of the data and to place restrictions on its processing. You can also request the deletion of their personal data, but this may be denied on the exception for the establishment, exercise or defence of legal claims. Please see the Information Commissioners Office in Europe guidance on this exception: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protectionregulation-gdpr/individual-rights/right-toerasure/#:~:text=The%20GDPR%20introduces%20a%20right,erasure%20verbally%20or%20in%20writing.%20&text=The%20right%20is%20not%20absolute%20and%20only%20applies%20in%20certain%20circumsta%20nces.

You may request the following at any time about your data held by us with regards to the services that we provide:

  • The right to be informed about the personal data being processed;

  • The right to rectification of your personal data

  • The right to the erasure of your personal data

  • The right to restrict processing of your personal data

  • The right to data portability (to receive an electronic copy of your personal data)

  • The right to object to the processing of your personal data

  • The right to access your personal data

In accordance with the General Data Protection Regulations (“GDPR”), you may request a copy of all data that we store about you at no cost at manijonc@gmail.com. In order to protect your Personal Data, we may require identification from you before releasing the requested information. Repeated, unfounded or excessive requests may be challenged by us. 
There are some limited circumstances that may limit the information that we can provide to you in a request, for example, public interest, law enforcement, legal and or health-related matters. 
Please also bear in mind that we rely on third parties for some of your information in the flow of data. It may take us the full calendar month permitted to provide a full response to your request.  
If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact manijonc@gmail.com.

MAINTAINING THE QUALITY OF YOUR PERSONAL INFORMATION

It is important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

INTERNATIONAL DATA TRANSFERS

Our services are available internationally. We control and manage Personal Information in the United Kingdom. We may transfer data outside of the United Kingdom to our suppliers to provide the service to you.
If you are European, we transfer your data outside the European Economic Area to fulfil our services to you as we are based in the United Kingdom. We do so in accordance with this Privacy Policy.
Where we require consent, your rights and what you are consenting to will be clearly communicated to you. Where you provide consent, you can withdraw this at any time by contacting our Data Privacy Representative at manijonc@gmail.com.
Such parties are not permitted to use your personal data for any other purpose than for what has been agreed with us. These parties are also required to safeguard your personal data through the use of appropriate technical and organisational data security measures and are prohibited from disclosing or sharing your data with other third parties without our prior authorisation, or unless as required by law. Please contact our data privacy representative for further information on the measures undertaken to safeguard your data.

DATA PRIVACY REPRESENTATIVE

To ensure data privacy and protection has appropriate focus within our organisation we have a Data Privacy Officer who is the sole trader of Maria Ninoles. The Data Privacy Officer is Maria Ninoles, who may be contacted at: manijonc@gmail.com.

POLICY UPDATES

We reserve the right to update and amend this Privacy Policy at any time, effective upon posting an updated version on the Website. We will publish such updates on our website and may email notifications to you. Continued use of the Website after any such changes shall constitute your consent to such changes.

ENQUIRIES AND COMPLAINTS

If you have any queries or complaints about our Privacy Policy please contact us at:
Maria Ninoles
London E17 6GR, United Kingdom
manijonc@gmail.com
+44754123859
If you are dissatisfied with how our Data Privacy Officer handles your matter. You have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.

Version: JANUARY 2021