Privacy Policy

Effective Date: 21.06.22

1. Definitions

a) Patricia Raven (The “sole trader”, “company” “us”, “we”, or “our”) operates the company/ service.

b) “Service” is the wellness support of each individual client and the provision of educational wellness information. This refers to any support, products, education or information you receive from Patricia Raven.

c) “Client”, “you”, “your”; this refers to the individual purchasing/using the service from Patricia Raven.

d) “Terms and Conditions”; this refers to the terms of usage and conditions under which all purchases are pursued.

e) “GDPR” means Regulation (EU) 2018 of the European Parliament and of the Council of 25 May 2018 on the protection of natural persons with regard to the processing of Personal Data and repealing Directive 95/46/EC (General Data Protection Regulation) OJ L 119/1.

f) “Personal Data” refers to data about a living individual who can be identified from that data (or from other information either in our possession or likely to come into our possession).

g) “Usage Data” is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit on the website).

h) “Special Category Data”; is personal information of data subjects that is especially sensitive; Personal Data revealing political opinions, Personal Data revealing religious or philosophical beliefs, Personal Data revealing trade union membership, genetic data, biometric data (where used for identification purposes), data concerning health, data concerning a person’s sex life and data concerning a person’s sexual orientation.

i) “Cookies”; cookies are small pieces of data stored on your device (computer or mobile device).

j) “Data Controller”; Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purposes of this Privacy Policy, we are a Data Controller of your Personal Data.

k) “Data Processors”; Data processors (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of other Service Providers in order to process your data more effectively. In these instances, we will ensure that the relevant agreements will be in place to ensure the security of your data to the best of our ability.

l) “Data Subject” or “User”; Data subject is any living individual who is using our Service (whether directly or through an authorised person) and is the subject of Personal Data.

2. This Privacy Policy

1. This document informs you of our policies regarding the collection, use and disclosure of Personal Data when you use our Service and the choices you have associated with that data.

2. This Privacy Policy overrides all previous or other Privacy Policies relating to service of Patricia Raven.

3. Patricia Raven takes data protection very seriously and abides by the United Kingdom Data protection Act of 1998, its 2018 revision and additions and the EU General Data Protection Regulation (GDPR).

4. We use your data to provide and improve the Service. By using this Service, and accepting that you have read and understood our Privacy Policy, you agree to the collection and use

of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Use.

5. We use administrative, technical and physical safeguards to protect your Personal Data, taking into account the nature of the Personal Data and the processing, and the threats posed.

6. In a situation where you are using the Service, but in aid of a third party, or when you are using Service on behalf of someone else, remember to obtain appropriate authorisation prior to providing this data.

7. In accordance with Article 14 of UK GDPR please ensure that they have read and understood how their data is used and shared before authorising the use of their data.

8. This document governs your use of this Service and you should cease using the Service if you do not agree with these provisions.

9. Patricia Raven will use reasonable efforts to include up-to-date and accurate information in its educational resources, but make no representations, warranties, or assurances as to the accuracy, currency, or completeness of the information provided. Patricia Raven shall not be liable for any damages or injury resulting from your access to, or inability to access, this Service, or from your reliance on any information provided on this Service.

10. The Service does not constitute in any way medical advice and should not be taken as such. If you have medical concerns contact your GP, Local Health Service or an accredited medical professional.

11. Where we need to collect Personal Data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

12. If any court or competent authority finds that any provision of this privacy policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.

13. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

14. This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

3. Copyright:

1. All content of the Service is owned or controlled by Patricia Raven and is protected by worldwide copyright laws. You may not download content for your personal or professional use and no modification or further reproduction of the content is permitted without prior written consent from Patricia Raven. The content may otherwise not be copied or used in any way.

2. The trademarks, service marks, trade names, trade dress and products in this service are

protected internationally. No use of any of these may be made without prior written authorisation of Patricia Raven, except to identify the products or services of the company. Information, products, processes and technologies described as a part of the service may be subject to other intellectual property rights.

4. Information Collection and Use

1. We collect several different types of information for various purposes to provide and improve our Service to you. These our outlined along with their legal basis below. We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:

2. Where we need to perform the contract we are about to enter into or have entered into with

you.

3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

4. Where we need to comply with a legal obligation.

What data do we collect?

Patricia Raven collects the following data:

5. Financial/Billing/Transaction data:

We collect data necessary billing information to process your payment if you make a purchase. We do not store or retain any payment details once the purchase is complete. Please be aware there may be a record of your personal details on a bank statement depending on how you make a purchase. This is not a record we are able to remove as legally we must maintain a record of it.

6. Identity and Contact Data:

1. When using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact, identify or verify you (“Personal Data”. Personally identifiable information may include, but is not limited to):

- Email address

- First and last name

- Phone number

- Address

- Age

7. We also store information from you when you communicate with us regarding the provision of services, including email, postal mail or telephone.

8. Whenever this information is collected we make every effort to file the data if hard-copy in protected files, and password-protect all company email accounts. Currently all data is held on a single computer with a passcode and VPN, or locked in hard copy.

9. Special Category Data:

1. Special Category Data we may process is data relating to health. However, we note that Patricia Raven is not professing to be a medical profession and the service in no way constitutes medical advice; it is designed for wellness support. If you have any concerns about your health or the health of someone who’s data you are processing, please contact your GP or an accredited medical body.

2. Special Category Data processed through communications with Patricia Raven are processed to provide detailed and tailored wellness support. Any Personal Data shared will be protected to the best of our ability and should not be shared without the consent of the data subject.

5. How do we collect data?

1. You directly provide Patricia Raven with the data we collect. We collect data and process data when you:

- Contact us through the website

- Provide information in a ‘session’

- Make a payment

- Provide information over telephone or email

- Health or personal data is provided to us through a third party with the approval/consent of the data subject

6. Use of Data

- Patricia Raven uses the collected data for:

6. To provide and maintain our Service

7. To notify you about changes to our Service or Website, or new products we offer.

8. To provide customer support

9. To gather analysis or valuable information so that we can improve our service and maintain a high standard of performance.

10. To monitor the usage of our Service

11. To detect, prevent and address technical issues

12. To respond to your queries efficiently

13. To meet our contractual commitments to you

14. To provide you with information you request from us

7. Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)

1. If you are from the European Economic Area (EEA), Patricia Raven’s legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which it is collected.

2. Patricia Raven may process your Personal Data:

- To perform a contract with you

- Because you have given us permission to do so

- The processing is in our legitimate interests and it’s not overridden by your rights

- For payment processing purposes

- To comply with the law

- See ‘Use of Data’ above for further information

3. Legitimate Interest:

1. Under UK GDPR, a sole trader may hold information for a foreseeable event that many never occur provided it is justifiable. Under this precedent, we maintain personal information in the event that past wellness support is queried in the future.

2. When using Personal Data, if used in ways that would reasonably be expected by the data subject, the legal basis is covered by Legitimate Interest.

3. In order to conduct the services of Patricia Raven the processing of Personal Data is fundamental and therefore covered as Legitimate Interest.

4. Consent:

1. By using our Service, or agreeing to do business with us, you consent to the collection and use of information as outlined within this document. The processing of Personal Data is essential for verification, contact purposes and to perform the Service, and so is fundamentally a prerequisite for service. If you do not wish for your Personal Data to be processed, please do not use the Service. For more information on your rights as a data subject, please see below.

2. If you are stating Consent on behalf of somebody else e.g. a child (under the age of 18) or sharing their data with us, you must ensure that they have been made fully aware of how their data will be collected, used, maintained, stored, shared (if relevant) and of their rights. This must be done in language that is easy to understand and age-appropriate.

3. Under the guidance of the ICO website, we consider a child over the age of 14 to be able to

give explicit consent, provided they have been given all information in an easy format to make an informed decision.

4. Please note that where applicable, you have the right to withdraw consent at any time,

although this will not affect the lawfulness of any processing carried out before the withdrawal (Article 7(3)).

5. If you are using our services on behalf of someone with some form of mental or physical

disability, please ensure they are able to give informed Consent, or that you have obtained consent from their Health Power of Attorney or carer with authorisation/the authority to do so.

6. If you have any concerns regarding your personal information that we may hold please

5. Contract:

1. In order for the provision of Services by Patricia Raven, and in order to uphold contractual obligations, certain personal data must be processed.

2. This includes, but is not limited to;

- Billing Data

- Client Data; this will need to be processed in order to provide our Service.

- Identity & Contact Data

- In some circumstances it may also include special category data. See below.

6. Lawful Basis for Processing Special Category Data:

Article 6 of UK GDPR:

1. Consent- by stating that you have read and understood this Privacy Policy you consent to the processing of personal and Special Category Data- you may also be asked to sign a document outlining your consent. If you are sharing personal or Special Category Data on behalf of someone else please ensure you gain consent from them prior to using our service or providing us with any information. This consent may be withdrawn at any time. For clarification, please see your rights below.

2. Legitimate Interest- the processing of Special Category Data is necessary for us to provide our Service and we do not process data beyond this scope

3. Contract- the processing of Special Category Data is necessary for us to perform our contract with our clients.

8. Transfer of Data:

1. Your information, including Personal Data, may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

2. If you are located outside the United Kingdom and choose to provide information to us,

please note that we transfer the data, including Personal Data, to the United Kingdom and processes it there.

3. Your consent to this Privacy Policy followed by your submission of such information

represents your agreement to that transfer.

4. In such circumstances as a transfer of data is necessary in order to fulfil our contractual obligations it is covered under Contract as legal basis.

5. Patricia Raven will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or country unless there are adequate controls in place including the security of your data and other personal information.

9. Disclosure of Data

1. Disclosure for Law Enforcement

Under certain circumstances, Patricia Raven may be required to disclosure your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

2. Legal Requirements:

Patricia Raven may disclose your Personal Data in the good faith belief that such action is necessary to:

- Comply with a legal obligation

- To protect and defend the rights or property of Patricia Raven

- To prevent or investigate possible wrongdoing in connection with the Service

- To protect the personal safety of users of the Service or public

- To protect against legal liability

10. Security of Data

The security of your data is important to us, but remember that no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

11. Storing, Managing, and Transferring Data:

1. The personal information that we collect is stored centrally on secure servers within the EU & UK.

2. Patricia Raven has a strict data retention policy, where it has a justifiable business or

legitimate legal reason to store data.

3. Your information, including Personal Data, may also be transferred to, and maintained on, computers located outside of the European Economic Area, where the data protection laws may differ from the GDPR. This will only be done for the prevision of services. If we provide the Personal Data beyond the European Economic Area, and in particular to any third countries, such provision will take place on the basis of appropriate legal mechanisms, such as Executive Decisions of the Commission (EU), standard contractual clauses applicable, or other similar legal instruments specified on the content of GDPR.

4. To ensure that you have adequate control over your Personal Data transferred outside the European Economic Area, you will have the right to obtain a copy of your Personal Data transferred to third countries at any time. If you wish to obtain a copy of your Personal Data held by a partner company, you will need to contact them directly.

5. The Company shall process data in accordance with the relevant provisions in your country, for example if you are located in the European Economic Area (EEA), the GDPR shall be adhered to and your data protected accordingly. If an international transfer of data must take place in order provide the service agreed, data shall only be transferred where:

- The applicable country meets the requirements and has therefore been granted a European Commission on Adequacy.

- A US-EU Privacy Shield Exists

- Appropriate safeguards have been applied, such as a EU Model Contract.

12. Data Sharing

1. Under certain circumstances we may share your personal data for the provision of services necessary to fulfil our contractual obligations to you, or aid in our Service. We do not share your data for financial gain, and will never sell your data.

2. Health data may be shared for the provision of analysis services with DNA Life. For more

information on their Privacy Policy and data handling, please visit their website: https:// www.dnalife.healthcare/privacy.

3. Personal data may be shared with third party companies for the provision of products such

as nutritional supplements- this will be done with your verbal consent.

4. Personal data may be shared with Ark Health Ltd for educational purposes and statistics. When this information is shared, it will be anonymised.

5. We may share your case history in an anonymised form with our peers for the purpose of professional development. We will seek your explicit consent before processing your data in this way.

6. We are not responsible for the way that companies handle your data, it is shared only for the provision of services and they maintain responsibility for their own data handling. For more information, please contact them directly.

13. Data Retention

1. Patricia Raven will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

2. To determine the appropriate retention period for Personal Data, we consider the amount,

nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

3. All essential contact information will be kept for a duration of 6 years under the legal basis of

accountancy records. After this point the information will be archived, unless a person exercises their right to removal. If this is exercised, it will be determined what, if any, information needs to be retained by Patricia Raven to comply with current laws.

4. All personal information that is collected and anonymised and shared as a statistical data set

will be retained as long as that statistical information is still relevant to Patricia Raven or any educational information/statistical analysis that it is needed for. Please note that once data has been added to a statistical data set, as it is anonymised, we would be unable to remove this data. However, once it is part of the data set it is no longer Personal Data as it would not be identifiable.

5. All personal information collected/processed will be kept for a period of 5 years as it is

unlikely that we have a direct relationship with our clients beyond this period. In the cases where a relationship is ongoing, data will be retained until such time that the relationship ceases, at which point the data will be archived, unless a person exercises their right to

removal. If this is exercised, it will be determined what, if any, information needs to be retained by Patricia Raven to comply with current laws.

6. In some circumstances you can ask us to delete your data: see your legal rights below for

further information.

7. In some circumstances we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

14. Service Providers

1. We may employ third party companies and individuals to facilitate our Service (“Service Provide”), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.

2. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

15. Analytics

1. We may use third-party Service providers to monitor and analyse the use and results of our Service.

2. When you use our Services, we may perform analytics on your actions in order to improve the Services, so that you receive a better user experience. Analytics is done for two purposes and on the following legal bases:

i. We analyse the data collected during your use of the Services in order to improve our services and products, and the legal basis is our legitimate interest (legal basis in Article 6(1)(f) of GDPR) understood as the need to provide services and products of the highest quality, corresponding to the needs of users, to develop software functionality, to improve its accuracy and correctness.

ii. The recipients of your Personal Data may include:

- Entities authorised by law on the basis of proper request (courts, authorities);

- Entities providing accounting, IT, Marketing, Communication, Analytical and legal services.

- Subcontractors with whom we cooperate.

16. Data Security:

1. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

2. We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

17. Protection against claims and recovery of claims

1. We may process your Personal Data in order to assert or defend against possible claims related to the contact or processing of your Personal Data and the processing is based on a legitimate interest (Article 6(1)(f) GDPR), understood as the possibility to assert or defend against claims.

2. The data will be processed until the statute of limitation for the respective claims has expired.

18. Anonymised/ Pseudonymised data

1. In the instances where personal data is collated as a part of a data-set for statistical analysis, educational resources or market research, the data will be anonymised.

19. Payment:

1. We may provide paid products and/or services within the Service. In that case, we use third- party services for payment processing (e.g. Payment Processors).

2. We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

20. Your Data Protection Rights

Your Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Patricia Raven aims to take reasonable steps to allow you to correct, amend delete, or limit the use of your Personal Data.

- If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

1. You have the following data protection rights:

i. The right to access, update or to delete the information we have on you.

ii. The right to rectification. You have the right to have your information rectifi ed if that information is inaccurate or incomplete.

iii. The right to object. You have the right to object to our processing of your Personal Data.

iv. The right of restriction. You have the right to request that we restrict the processing of your personal information.

v. The right to data portability. You have the right to be provided with a copy of the information we have on you in a structures, machine-readable and commonly used format.

vi. The right to withdraw consent. You also have the right to withdraw your consent at any time where Patricia Raven relied solely on your consent to process your personal information.

8. Please note we may ask you to verify your identity before responding to such requests.

9. Please note we may also ask for clarification/specification on which data it is you are requesting, in circumstances where certain data is anonymised or we hold large volumes of data or it required access to our archives in order to obtain or remove the desired data.

10. Please note we are obligated and will comply with your data protection rights to a reasonable extent.

11. In cases whereby a data request is deemed excessive or manifestly unfounded, we may charge a reasonable free to provide the data, taking into account the administrative costs of providing the information or communication.

12. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

13. You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

21. Children’s Privacy

1. Our Service does not directly address anyone under the age of 18 (“Children”).

2. We do not knowingly collect personally identifiable information from anyone under the age of 18 without parental consent. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

3. If you are providing Patricia Raven personal information relating to anyone under the age of 18, please ensure you have gained informed consent from a parent/guardian and have made them aware of their rights when doing so. It is also important before disclosing any personal information of anyone between the ages of 14 and 18 to Patricia Raven to ensure that they also understand how their data is being used and consent to it.

22. Personal Data and Your Duty to Inform Us of Changes

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

23. Changes to the Privacy Policy:

1. We keep our Privacy Policy under regular review. [This version was last updated on 21.06.2022].

2. We may update our Privacy Policy from time to time. We will notify you of any changes by

posting the new Privacy Policy on our Website.

3. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

4. Should Patricia Raven incorporate Remarkable Healers into a Ltd company from a Sole Trader, this Privacy Policy will continue to be applicable to the newly incorporated company and the way that data is handled will not alter.

24. How to contact the appropriate authority:

Should you wish to report a complaint or if you feel that Patricia Raven has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.

Telephone: 03031231113

Website: https://ico.org.uk/global/contact-us/email/

If you have any questions about this Privacy Policy, please contact us: By email: trish_raven@btinternet.com

I am registered with the Information Commissioner's Office (ICO). Notification number: ZB298257