Nature of Data Held by Sharon Lunn Colon Hydrotherapy (Enquiries)
In order to respond to enquiries from this web site, we ask only for your email address. Optionally, you can add your name and your phone number, which gives us the opportunity to personalise your reply, or contact you by phone if you find that more convenient.
This information is kept solely for the purpose of answering your original question and once the enquiry has been satisfactorily dealt with, your personal data are deleted permanently from the online database.
If we are unable to contact you and your enquiry remains incomplete for one year, the information is deleted, regardless of there having been no satisfactory conclusion to the enquiry
Nature of Data Held by Sharon Lunn Colon Hydrotherapy (Customers)
Our legal obligation to HMRC is that we hold all VAT records and invoices for seven years. Once this term has passed, records are destroyed.
Data held relating to customers
Contact information is held for the purpose of:
- Responding to your enquiry
- Sending seasonal reminders relating to health and the time of year
- Treatment records are kept entirely separate to online communication and are paper based, stored securely and destroyed on expiry of our obligation to hold them
- Invoice details may or may not contain personally identifiable data. These will be retained for the period laid down in our legal obligation to the tax authorities.
Sharon Lunn Colon Hydrotherapy Legal Basis for Processing Data -Consent (Web Enquiries)
Making the reasonable assumption that having asked a question via our web site enquiry page, that you are entitled to and expect an answer, we claim your consent to reply by your chosen means, e.g. email or phone. Once your enquiry has been dealt with, we assume no further consent to use your personal data, which are then removed from the online database. The due date for deleting data is one year from receipt of an enquiry. When this due date approaches, we will contact the originator to ascertain whether they need more time to complete the enquiry process.
Invoice details will be retained in accordance with our legal obligation in respect of tax regulations.
Sharon Lunn Colon Hydrotherapy Data Protection Policy
This document defines the policy for managing data throughout Sharon Lunn Colon Hydrotherapy web site, hosted by the Village Websmith on dedicated servers located in the data centre belonging to Easyspace Ltd.
Data submitted through the web site is only stored on the server for a maximum of one year, being deleted either as soon as the enquiry is dealt with, or at the end of the period. Data storage for longer term processing, such as our obligation to retain VAT records for seven years is on the servers of Sharon Lunn Colon Hydrotherapy.
Data held by the organisation for the purposes of carrying on its day to day business may be at risk of leakage or loss through the following means:
- Data Theft through hacking (Cyber Crime)
- Data Theft from the Cloud
- Data Theft through embezzlement
- Data Theft through hardware loss
- Physical damage to equipment
- End of equipment life risks
In order to minimise risks, the number of copies of data held is minimised, commensurate with protection against data loss. In this case, this means that no portable device is ever used as a data repository. All data relating to customers, prospects and enquirers is held on one of the dedicated web servers in the Easyspace data centre in Glasgow. For day to day use, this is accessed via a single account that does not have root privileges. Only one person has the login credentials for this account. Only one person has login credentials for the root account on any of our servers.
The data on the remote server is backed up to a NAS unit in our main office in Tintern, This can be accessed via a personal cloud for the purpose of remote disaster recovery. Only one person has login credentials for this unit. Other than those backup files, the only data on the NAS unit that could identify a person is the folder of invoice copies. By default, our invoice copies carry no personal names, being addressed solely to the organisation. However, in a small number of cases where the client is a sole trader without a business name, their name does appear in the business name field. As part of our contract with self employed people trading in their own name, we will be seeking permission to retain invoice records for the length of time required by tax authorities.
The servers that we use are all protected by firewalls, and all security patches or updates are applied as soon as they become available by the one person responsible for security.
Root and account passwords are changed twice a year, with only one person being aware of what they are. That person commits them to memory and no physical record of the root password is kept anywhere in the organisation. The account password is recorded for the sake of business continuity, should the main keeper become ill or injured.
When changed, passwords are generated at random between 8 and 16 characters, drawn from a list of upper case, lower case, numerals and punctuation marks/symbols.
Data Theft Through Hacking
All personally identifiable data are held on a web server based in the Easyspace data centre in Glasgow. This is protected by a firewall, which is updated regularly as is the OS kernel. Furthermore, root access to the server is achieved via two-stage authentication, with a unique code being transmitted to the Data Protection Officer, via mobile phone at each login attempt.
Access to the database that holds such data is also restricted by a separate login with different credentials to the root user, connection being made via https web pages. See General Considerations for the policy regarding password generation, which is applied to all systems used by Sharon Lunn Colon Hydrotherapy, both on line and internally.
For disaster recovery purposes, the contents of the web server are backed up to a NAS unit in the main office. The backup is a snapshot of only the latest data and only the most recent backup file is retained in between weekly backup sessions, so that no obsolete data can be accessed or restored once removed from the main database (allowing a week of latency added to our regular data review cycle, as laid out in our Data Retention Term document).
Data Theft Through The Cloud
As a matter of policy, Sharon Lunn Colon Hydrotherapy does not entrust any data to the Cloud. This has always been viewed by us as inherently secure with the faceless owners and uncertain location of data being too risky to contemplate.
All data held by Sharon Lunn Colon Hydrotherapy is housed on dedicated servers rented from out hosting provider, or on machines that we have control over at all times.
Data Theft Through Embezzlement
To protect data from theft by trusted individuals, nobody outside the organisation is entrusted with any of the data held for the purposes of carrying on the business of Sharon Lunn Colon Hydrotherapy. Neither are login credentials granted to anyone outside the organisation.
Data access for employees is granted at a level where they can carry out the necessary procedures for their work through https web pages. These pages do not allow download of the database contents and nobody other than the responsible person has access to the database as root user.
Access to backup files on the local NAS unit is restricted to the responsible person.
Data Theft Through Equipment Loss
To prevent loss of data with equipment, no device that is used outside the office carries any sensitive data relating to the business or to the people that it deals with. No mobile phone, tablet or computer belonging to Sharon Lunn Colon Hydrotherapy holds such data, all information is secure on the web server, with access being restricted to staff alone.
Damaged and End of Life Equipment
In the event of damage to equipment rendering it no longer serviceable, the hard drive will be removed and physically destroyed before disposal of the remaining hardware.
Where equipment has reached the end of its service life and is to be sold as used, the internal hard drive will either be replaced before sale, or zero-filled seven times using military strength erasure option in Apple Disk Manager.
Sharon Lunn Colon Hydrotherapy Cookies Policy
Sharon Lunn Colon Hydrotherapy site uses only one cookie. It is a session cookie, which is deleted at the end of your browser session. It holds no personally identifiable data relating to our site visitors, other than the broad geographical location. This serves to ensure the site delivers the correct information in terms of local contacts, currency and taxes.
No personal data is ever held in a cookie on our web site.
Sharon Lunn Colon Hydrotherapy Right to be Forgotten Policy
Your Right to be Forgotten
Under the provisions of the General Data Protection Regulation, you have the right for all data held relating to yourself to be completely and permanently erased.
In pursuance of this policy, Sharon Lunn Colon Hydrotherapy provides a link that will completely delete all information relating to an individual, identified by their email address from the current database. That request sends an email to the responsible individual informing that the records relating to a record, identified by sequential number have been removed.
To ensure that only you can remove your records, your RTBF request will generate an email to the address held on file for you, with a secure link back to this page, with the RTBF confirmation button showing. Confirming removal will delete all information held in association with your email address from Sharon Lunn Colon Hydrotherapy database. If you have made enquiries on more than one occasion, using different email addresses, you will need to repeat the process for each address used.
The Regulation also provides for this information being removed from all backup copies and other repositories in the organisation. To ensure that this requirement is followed, Sharon Lunn Colon Hydrotherapy adopts the following practices:
- Only one copy of the database exists, held on a remote server in a secure data centre
- For disaster recovery, a backup is held on a local NAS unit
- The backup is a snapshot of the most recent data and only the latest version is retained
- Every week that backup file is overwritten with the latest data
- In case of a backup being restored, the responsible individual is required to manually reconcile any RTBF requests that may have been overridden by the restoration
Please note that the server is backed up weekly, so there will be a latency of seven days between removal from the active database and removal from the backup copy.
For instant removal from the backup copy as well as the active database, contact the responsible individual who will manually destroy your record in the backup copy on the day of request.
Sharon Lunn Colon Hydrotherapy Complaints Procedure
Complaints about the management, security or handling of personal data should be addressed to the responsible individual using the link on this page. In the event of receiving a complaint, the responsible individual will:
- Investigate via the database within three working days
- Consult relevant customer or team member within five working days
- Respond with intial findings within seven working days
- Take appropriate remedial action within three working days of your reply
- Report on outcome of remedial action on the same day
- Follow up within a further three working days to ensure satisfaction
In the unlikely event of the outcome being unsuccessful or unsatisfactory, your rights as an individual allow for complaints to be escalated to the Office of the Information Commissioner, who may proceed on your behalf if a serious data breech is suspected. Their contact details are:
Web site: ico.org.uk
Phone: 0303 123 1113
Through the web site or phone line, you can express concerns to the ICO relating to:
- Nuisance Calls or messages
- Accessing or Re-using Information
- Information Handling
- Internet Search Results
- Web Site Cookies
- EU-US Privacy Shield
- Comments Relating to ICO Services
Sharon Lunn Colon Hydrotherapy Data Retention Policy
Until satisfactory conclusion of your enquiry, or one year or data removal by enquirer, whichever is the sooner.
Sharon Lunn Colon Hydrotherapy Automated Procedures Statement
No automated processing of data is carried out on the database holding your information, other than a regular check for expired data. To ensure compliance with our policies, every day, the database is queried for entries that are greater in age than the number of days laid out in our Data Retention Terms Policy.
If found, the record and all associated data are automatically deleted from the active database. The active database is backed up weekly as a snapshot, overwriting the previous copy, so there will be a latency between deleting from the active database and the backup version. This will mean a possible delay of a maximum of seven days before final eradication of over-age data.
In the case of long term enquiries, as is often the case in housebuilding, two weeks before the expiry of your consent to keep in touch, you will receive an automated email asking if you still need information. Only if you reply in the positive will your data be retained for a further period.