The Rehab Space: Privacy Policy

Effective date: 02/03/2023

 

To ensure GDPR compliance, on registration, you will have the options to consent to receiving emails and consent to our Terms of Use.  This will include agreement to use of your data as described below.

This policy will explain how we use your personal data and how we will keep it safe.

This policy and how we store you data will change from time to time and it is important you check for any updates.

 

Our contact details

Name: The Rehab Space

Email: [email protected]

Last updated: 2nd May 2023

 

 

Our Policies

You can find more information on our individual policies here: Terms of Use, Website Terms & Conditions, Cookie Policy.

 

 

The type of personal information we collect

We currently collect and process the following information:

  • Name
  • Age
  • Address
  • Email address
  • Payment details
  • Website user statistics
  • if appropriate
  • Personalised notes following applicable live classes and health coaching sessions
  • Correspondence
  • Details of any complaints received

 

 

How we get the personalised information and why we have it

Direct Interactions

Most of the personal information we process is provided to us directly by you for one of the following purposes:

  • To contact you via email: purchase and booking confirmations, payment confirmations, course access information, account instructions, blog, service updates, etc.
  • To enable you to create an account to access and watch your purchased courses
  • To process payments
  • To ensure that you are medically well enough to engage in our services
  • To maintain records of any live classes or coaching sessions you have attended and the content of these
  • To improve our own services and be able to create new material that will be appropriate for you

Automated technologies or interactions

As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy for further details.

Third parties or publicly available sources

We will receive personal data about you from various third parties as set out below:

  • Technical Data from the following parties:
    • analytics providers such as Google, based outside the UK
    • advertising networks such as Facebook, based outside the UK and
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Kajabi, based outside the UK.

 

We use the information provided in order to offer you our services, contact you and comply with our legal obligations.

Communications may include emails about your account, password, access, marketing, reminders, transactional and other information related to the services and your account.

We may share this information with third parties where appropriate in your best interests and we will ask for your consent for this.

We will share your personal information with third parties where we are required by law, with a regulator, with an insurer, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • Your consent. You are able to remove your consent at any time. You can do this by contacting [email protected] . If you remove your consent, you may no longer be able to access your purchased courses.
  • Legitimate interests. We may process personal data for the legitimate interests of our business, such as to improve our products and services, to maintain and protect our business and assets, and to promote our business. We believe that these legitimate interests are not overridden by the interests or fundamental rights and freedoms of the data subjects, as the processing is necessary for the proper functioning of our business and is carried out in a way that respects the data subjects' rights.

 

 

How we store your personal information and who can access it

Your information is securely stored.  The Rehab Space operates through Kajabi, an online course company which is GDPR compliant and stores data securely in accordance with GDPR regulations. 

You can read more about it here: https://kajabi.com/policies/privacy

Any notes, forms, or additional confidential information we require to store from our services such as classes or coaching, are stored on MS 365 OneDrive in compliance with GDPR.  They provide robust security features such as encryption, access controls, and auditing to ensure the confidentiality, integrity, and availability of personal data. Additionally, Microsoft offers GDPR-specific tools which you can read more about here:

https://www.microsoft.com/en-us/trust-center/privacy/gdpr-overview

Any additional required confidential forms or signatures required outside of our platform, for example additional coaching, classes, or medical questionnaires are collected through SignNow. SignNow ensures that all data provided by users is stored and processed confidentially, in accordance with GDPR regulations, to safeguard the privacy and security of user information. You can read more about their policies here:

https://www.signnow.com/privacy_notice

All of our payments are processed through Stripe.  If you wish to read more about their GDPR compliance you can do so here:

https://stripe.com/en-gb/guides#stripe-and-the-gdpr

We use Klaviyo to manage our mailing lists for newsletters and further details on their GDPR compliance is here:

https://www.klaviyo.com/legal/privacy/privacy-notice

 

Details of every purchase you make and payments made, will be kept on the relevant systems and payment processor.  For any classes or coaching sessions, this will also include individual notes if appropriate. As a new client undertaking classes or coaching, we will also ask and store any relevant medical history that we need to be aware of to ensure your own safety, and the best possible service – we request that you update us as and when this changes.

You can ask to see the information we hold for you at any time and access/ make changes to your own account through our platform at www.therehabspace.co.uk.

For classes and coaching sessions, your accounts will only be accessed by the staff member in charge of that class/ session and ensures we can contact you about your booking, handle payments and check your relevant history in advance.  We do not share any of this information with a third party, and request that you pass on any relevant information to any other provider or practitioner yourself, (e.g. a doctor or physiotherapist) unless you explicitly ask us to do this for you by written consent.

 

 

Your “Right to be Forgotten”

You have the right to remove consent at any time, please email us at [email protected] to do so and your details will be removed.  At your request The Rehab Space, as the controller of your information, will delete you both as a user and all of your data from its platform within 30 days.  This will remove all personally identifiable information from other relevant processors. If you request deletion, you will no longer be able to access your courses and we will not refund you in this instance, unless requested in line with our cancellation policy.

Please note, in line with health care standards in the UK, we will retain any personal notes we have taken about your service use for 7 years.

 

 

Your data protection rights

Under data protection law, you have the rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at [email protected] if you wish to make a request.

 

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, or it is not accurate/ correct, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

 

Third Parties

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Third-party marketing

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out

You can ask us or third parties to stop sending you marketing messages at any time by contacting us.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase.

Cookies

For more information about the cookies we use, please see our cookie policy.

External Third Parties

  • Service providers who provide IT and system administration services.
  • We may share your information with third-party marketers who have a legitimate interest in promoting products or services that may be of interest to you, based on your interactions with us. These marketers are required to comply with applicable privacy laws and regulations, and are only granted access to the minimum amount of information necessary to promote their products or services.
  • Professional advisers including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.

 

 

Changes to this notice

You will be updated of any changes we may make to our privacy notice in the future by email.

 

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected] .

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk