Diana Excell is responsible for collecting, processing, storing and safe-keeping personal and other information as part of providing a service and carrying out regular business activities. I am registered as a data controller with the Information Commissioner’s Office (Reference Number ZC088359).

Information Collection

The information I collect about you includes (but may not be limited to):

• Name and contact details
• Address
• Date of birth
• Emergency contact information (such as family members or other relevant parties)
• Usage data (including information about how you interact with and use our website, products and services)
• Health information (such as medical records or health conditions)
• IP addresses
• Website user information
• Marketing preferences

I will collect information from you when:

• You access my website 
• You contact me for information via my website or social media channels, by phone or email
• You complete an intake form via Google Forms
• You work with me in a commercial capacity

Purpose of Processing

I may use the information collected to:

1. Allow you to process a booking for a service, product or course
2. Create a profile for you on my site
3. Send you my newsletters or provide you with information, products or services that you request from me or which I feel may interest you, where you have consented to be contacted for such purposes 
4. Ensure that content from my site is presented to you in the most effective manner for you and your computer
5. Allow you to participate in the service you have chosen
6. Notify you about changes to my services

Third Party Sharing

Data is shared with the following third party processors:

• IONOS acts as a data processor for hosting my website and will use cookies and Google Analytics to track user behaviour, browser data and session information.
• Google acts as a data processor for collecting your contact details, medical information, when you complete an intake form using Google Forms.
• Stripe acts as an independent data processor for secure processing of payments. I will provide Stripe with your contact details to generate invoices and payment links. I do not have access to or store full payment card information.

It is very unlikely that I will share your data with any other third parties. I will not sell it on or use it for unethical reasons. I may have to share it if my notes are subpoenaed by court, or if you or anyone you tell me about is at harm or risk of harm. If I was worried that you were at risk, I may need to contact your next of kin or medical professional. I will let you know if/when I am going to do this.

Legal Basis

Under UK data protection law, I must have a “lawful basis” for collecting and using your personal information. You can find out more about lawful bases on the ICO’s website.

I collect data for the purposes set out below:

1. You have consented
2. For the performance of a contract
3. For compliance with a legal obligation which I must perform
4. To protect vital interests of your or another person
5. It is in the public interest
6. It is in the legitimate interests pursued by us or a third party

Data Security

Client intake forms are completed via Google Forms and the details are stored on my Google Drive. Emails are saved on my password protected computer. Details of session discussions are stored as hard copy in a locked filing cabinet. Your phone number(s) may be kept in my business mobile phone with your first name and last initial. My mobile phone is secured with a password and biometrics and my computer is protected with Microsoft Defender. 

Data Retention

I will keep your details and session notes for the time required by my insurer (currently 10 years). After this time, I will securely dispose of any documents containing your personal information and will delete your details from my mobile phone.

International Transfers

The data processors below may transfer data outside of the UK. When doing so, they comply with the International Data Transfer Agreement (IDTA), making sure appropriate safeguards are in place.

• IONOS – Please see IONOS’s privacy policy at https://www.ionos.com/terms-gtc/privacy-policy/
• Google – Please see Google’s privacy policy at https://policies.google.com/privacy
• Stripe – Please see Stripe’s privacy policy at https://stripe.com/gb/privacy

Policy Updates 

From time to time, I may need to change my privacy policy because of changes in my organisation, legislation or in attempts to serve your needs better. I will use reasonable efforts to publish any changes to our privacy statement.

User Rights

If you are concerned about how I am collecting, using and/or sharing your personal information, or you would like to make a data protection rights request, please contact me using the details below.

Contact Information

Telephone: 07787 109824

Email: hello@dianaexcell.co.uk