Kinesiology, Naturopathy & Nutrition
PRICES & BOOKING

Effective Date: 16.08.22

  1. Definitions

    1. Jan Davidson (The “sole trader”, “I”, or “my”, “me”, “we”) operates the company/service.

    2. Service” is the wellness support of each individual client and the provision of educational wellness information, and Kinesiology. This refers to any support, products, education or information you receive from Jan Davidson.

    3. Client”, “you”, “your”; this refers to the individual purchasing/using the Service from.

    4. Terms and Conditions”; this refers to the terms of usage and conditions under which all purchases are pursued.

    5. GDPR” means Regulation (EU) 2018 of the European Parliament and of the Council of 25 May 2018 on the protection of natural persons with regard to the processing of Personal Data and repealing Directive 95/46/EC (General Data Protection Regulation) OJ L 119/1.

    6. Personal Data” refers to data about a living individual who can be identified from that data (or from other information either in our possession or likely to come into our possession).

    7. Usage Data” is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit on the website).

    8. Special Category Data”; is personal information of data subjects that is especially sensitive; Personal Data revealing political opinions, Personal Data revealing religious or philosophical beliefs, Personal Data revealing trade union membership, genetic data, biometric data (where used for identification purposes), data concerning health, data concerning a person’s sex life and data concerning a person’s sexual orientation.

    9. Cookies”; cookies are small pieces of data stored on your device (computer or mobile device).

    10. Data Controller”; Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purposes of this Privacy Policy, Jan Davidson is a Data Controller of your Personal Data.

    11. Data Processors”; Data processors (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. Jan Davidson may use the services of other Service Providers in order to process your data more effectively. In these instances, it will be ensured that the relevant agreements will be in place to ensure the security of your data to the best of our ability.

    12. Data Subject” or “User”; Data subject is any living individual who is using the Service (whether directly or through an authorised person) and is the subject of Personal Data.

2. This Privacy Policy

    1. This document informs you of my policies regarding the collection, use and disclosure of Personal Data when you use the Service and the choices you have associated with that data.

    2. This Privacy Policy overrides all previous or other Privacy Policies relating to the Service of Jan Davidson.

    3. I take data protection very seriously and abides by the United Kingdom Data Protection Act of 1998, its 2018 revision and additions and the EU General Data Protection Regulation (GDPR).

    4. I use your data to provide and improve the Service. By using this Service, and accepting that you have read and understood the Privacy Policy, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in my Terms of Use.

    5. I use administrative, technical, and physical safeguards to protect your Personal Data, taking into account the nature of the Personal Data and the processing, and the threats posed.

    6. In a situation where you are using the Service, but in aid of a third party, or when you are using Service on behalf of someone else, remember to obtain appropriate authorisation prior to providing this data.

    7. In accordance with Article 14 of UK GDPR please ensure that they have read and understood how their data is used and shared before authorising the use of their data.

    8. This document governs your use of this Service, and you should cease using the Service if you do not agree with these provisions.

    9. I will use reasonable efforts to include up-to-date and accurate information in educational resources, but make no representations, warranties, or assurances as to the accuracy, currency, or completeness of the information provided. I shall not be liable for any damages or injury resulting from your access to, or inability to access, this Service, or from your reliance on any information provided on this Service.

    10. The Service does not constitute in any way medical advice and should not be taken as such if you have medical concerns contact your GP, Local Health Service or an accredited medical professional.

    11. Where it is needed to collect Personal Data by law, or under the terms of a contract in place with you, and you fail to provide that data when requested, I may not be able to perform the contract I have or are trying to enter into with you (for example, to provide you with goods or services). In this case, I may have to cancel a product or service you have with me but I will notify you if this is the case at the time.

    12. If any court or competent authority finds that any provision of this privacy policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.

    13. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

    14. This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

3. Copyright:

    1. All content of the Service is owned, controlled by, or licensed to Jan Davidson and is protected by worldwide copyright laws. You may not download content for your personal or professional use and no modification or further reproduction of the content is permitted without prior written consent from Jan Davidson. The content may otherwise not be copied or used in any way.

    2. The trademarks, service marks, trade names, trade dress and products in this Service are protected internationally. No use of any of these may be made without the prior written authorisation of Jan Davidson, except to identify the products or services of the company/individual. Information, products, processes and technologies described as a part of the Service may be subject to other intellectual property rights.

4. Information Collection and Use

    1. I collect several different types of information for various purposes to provide and improve the Service to you. These are outlined along with their legal basis below. I will only use your Personal Data when the law allows me to. Most commonly, I will use your Personal Data in the following circumstances:

    2. Where I need to perform the contract we are about to enter into or have entered into with you.

    3. Where it is necessary for my work’s legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

    4. Where I need to comply with a legal obligation.

What data do I collect?

I collect the following data:

  1. Financial/Billing/Transaction data:

I collect data necessary billing information to process your payment if you make a purchase. I do not store or retain any payment details once the purchase is complete. Please be aware there may be a record of your personal details on a bank statement depending on how you make a purchase. This is not a record I am able to remove as legally I must maintain a record of it.

  1. Identity and Contact Data:

    1. When using the Service, I may ask you to provide me with certain personally identifiable information that can be used to contact, identify or verify you (“Personal Data”. Personally identifiable information may include, but is not limited to):

      • Email address

      • First and last name

      • Phone number

      • Address

      • Age

      1. I also store information from you when you communicate with me regarding the provision of services, including email, postal mail or telephone.

      2. Whenever this information is collected, I make every effort to file the data if hard-copy in protected files, and password-protect all company email accounts. Currently all data is held on a single computer with a passcode and VPN, or locked in hard copy.

      1. Special Category Data:

    1. Special Category Data I may process is data relating to health. However, please note that I am not professing to be a medical professional and the Service in no way constitutes medical advice; it is designed for wellness support. If you have any concerns about your health or the health of someone who’s data you are processing, please contact your GP or an accredited medical body.

    2. Special Category Data processed through communications with me are processed to provide detailed and tailored wellness support. Any Personal Data shared will be protected to the best of my ability and should not be shared without the consent of the data subject.

 

5. How do I collect data?

  1. You directly provide me with the data collected. I collect data and process data when you:

    • Contact me through the website

    • Provide information in a ‘session’

    • Make a payment

    • Provide information over telephone or email

    • Health or personal data is provided to me through a third party with the approval/consent of the data subject

6. Use of Data

  • I use the collected data for:

  1. To provide and maintain the Service

  2. To notify you about changes to the Service or Website, or new products on offer.

  3. To provide customer support

  4. To gather analysis or valuable information so that the Service can be improved and maintain a high standard of performance.

  5. To monitor the usage of the Service

  6. To detect, prevent and address technical issues

  7. To respond to your queries efficiently

  8. To meet any contractual commitments to you

  9. To provide you with information you request from me

7. Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)

  1. If you are from the European Economic Area (EEA), my legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data I collect and the specific context in which it is collected.

  2. I may process your Personal Data:

    • To perform a contract with you

    • Because you have given me permission to do so

    • The processing is in my work’s legitimate interests and it’s not overridden by your rights

    • For payment processing purposes

    • To comply with the law

    • See ‘Use of Data’ above for further information

  1. Legitimate Interest:

    1. Under UK GDPR, a sole trader may hold information for a foreseeable event that may never occur, provided it is justifiable. Under this precedent, I maintain personal information in the event that past wellness support is queried in the future.

    2. When using Personal Data, if used in ways that would reasonably be expected by the data subject, the legal basis is covered by Legitimate Interest.

    3. In order to conduct the Service, the processing of Personal Data is fundamental and therefore covered as Legitimate Interest.

  1. Consent:

    1. By using the Service, or agreeing to do business with me, you consent to the collection and use of information as outlined within this document. The processing of Personal Data is essential for verification, contact purposes and to perform the Service, and so is fundamentally a prerequisite for Service. If you do not wish for your Personal Data to be processed, please do not use the Service. For more information on your rights as a data subject, please see below.

    2. If you are stating Consent on behalf of somebody else e.g. a child (under the age of 18) or sharing their data with me, you must ensure that they have been made fully aware of how their data will be collected, used, maintained, stored, shared (if relevant) and of their rights. This must be done in language that is easy to understand and age-appropriate.

    3. Under the guidance of the ICO website, I consider a child over the age of 14 to be able to give explicit consent, provided they have been given all information in an easy format to make an informed decision.

    4. Please note that where applicable, you have the right to withdraw consent at any time, although this will not affect the lawfulness of any processing carried out before the withdrawal (Article 7(3)).

    5. If you are using the Service on behalf of someone with some form of mental or physical disability, please ensure they are able to give informed Consent, or that you have obtained consent from their Health Power of Attorney or carer with authorisation/the authority to do so.

    6. If you have any concerns regarding your personal information that I may hold please contact me at jan@jandavidson.co.uk.

  1. Contract:

    1. In order for the provision of Services by Jan Davidson, and in order to uphold contractual obligations, certain personal data must be processed.

    2. This includes, but is not limited to;

      • Billing Data

      • Client Data; this will need to be processed in order to provide the Service.

      • Identity & Contact Data

      • In some circumstances it may also include Special Category Data. See below.

  1. Lawful Basis for Processing Special Category Data:

Article 6 of UK GDPR:

    1. Consent- by stating that you have read and understood this Privacy Policy you consent to the processing of personal and Special Category Data- you may also be asked to sign a document outlining your consent. If you are sharing personal or Special Category Data on behalf of someone else please ensure you gain consent from them prior to using the Service or providing me with any information. This consent may be withdrawn at any time. For clarification, please see your rights below.

    2. Legitimate Interest- the processing of Special Category Data is necessary for me to provide the Service and I do not process data beyond this scope.

    3. Contract- the processing of Special Category Data is necessary for me to perform my contract with my clients.

8. Transfer of Data:

    1. Your information, including Personal Data, may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

    2. If you are located outside the United Kingdom and choose to provide information to me, please note that I transfer the data, including Personal Data, to the United Kingdom and processes it there.

    3. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

    4. In such circumstances as a transfer of data is necessary in order to fulfill my contractual obligations it is covered under Contract as legal basis.

    5. I will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or country unless there are adequate controls in place including the security of your data and other personal information.

9. Disclosure of Data

  1. Disclosure for Law Enforcement

Under certain circumstances, I may be required to disclosure your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

  1. Legal Requirements:

I may disclose your Personal Data in the good faith belief that such action is necessary to:

    • Comply with a legal obligation

    • To prevent or investigate possible wrongdoing in connection with the Service

    • To protect the personal safety of users of the Service or public

    • To protect against legal liability

10. Security of Data

The security of your data is important to me, but remember that no method of transmission over the internet, or method of electronic storage is 100% secure. While I strive to use commercially acceptable means to protect your Personal Data I hold about you and if you want it to be removed from my systems, please contact me.

11. Storing, Managing, and Transferring Data:

    1. The personal information that I collect is stored centrally on secure servers within the EU & UK.

    2. I have a strict data retention policy, where I have a justifiable business or legitimate legal reason to store data.

    3. Your information, including Personal Data, may also be transferred to, and maintained on, computers located outside of the European Economic Area, where the data protection laws may differ from the GDPR. This will only be done for the provision of services. If I provide the Personal Data beyond the European Economic Area, and in particular to any third countries, such provision will take place on the basis of appropriate legal mechanisms, such as Executive Decisions of the Commission (EU), standard contractual clauses applicable, or other similar legal instruments specified on the content of GDPR.

    4. To ensure that you have adequate control over your Personal Data transferred outside the European Economic Area, you will have the right to obtain a copy of your Personal Data transferred to third countries at any time. If you wish to obtain a copy of your Personal Data held by a partner company, you will need to contact them directly.

    5. I will process data in accordance with the relevant provisions in your country, for example if you are located in the European Economic Area (EEA), the GDPR shall be adhered to and your data protected accordingly. If an international transfer of data must take place in order provide the Service agreed, data shall only be transferred where:

      • The applicable country meets the requirements and has therefore been granted a European Commission on Adequacy.

      • A US-EU Privacy Shield Exists

      • Appropriate safeguards have been applied, such as an EU Model Contract.

12. Data Sharing

    1. Under certain circumstances I may share your personal data for the provision of services necessary to fulfill my contractual obligations to you, or aid in the Service. I do not share your data for financial gain, and will never sell your data.

    2. Health data may be shared for the provision of analysis or information services. It may be shared under circumstances with DNA life. For more information on their Privacy Policy and data handling, please visit their website: https://www.dnalife.healthcare/privacy.

    3. Personal data may be shared with third party companies for the provision of products such as nutritional supplements- this will be done with your verbal consent.

    4. Personal data may be shared with Ark Health Ltd for educational purposes and statistics. When this information is shared, it will be anonymised.

    5. I may share your case history in an anonymised form with my peers for the purpose of professional development. I will seek your explicit consent before processing your data in this way.

    6. I am not responsible for the way that companies handle your data, it is shared only for the provision of services and they maintain responsibility for their own data handling. For more information, please contact them directly.

13. Data Retention

    1. I will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. I will retain and use your Personal Data to the extent necessary to comply with my legal obligations (for example, if I am required to retain your data to comply with applicable laws), resolve disputes, and enforce my legal agreements and policies. I may retain your Personal Data for a longer period in the event of a complaint or if I reasonably believe there is a prospect of litigation in respect to my relationship with you.

    2. To determine the appropriate retention period for Personal Data, I consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which I process your Personal Data and whether I can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

    3. All essential contact information will be kept for a duration of 6 years under the legal basis of accountancy records. After this point the information will be archived, unless a person exercises their right to removal. If this is exercised, it will be determined what, if any, information needs to be retained by me to comply with current laws.

    4. All personal information that is collected and anonymised and shared as a statistical data set will be retained as long as that statistical information is still relevant to me or any educational information/statistical analysis that it is needed for. Please note that once data has been added to a statistical data set, as it is anonymised, I would be unable to remove this data. However, once it is part of the data set it is no longer Personal Data as it would not be identifiable.

    5. All personal information collected/processed will be kept for a period of 7 years as recommended by the Kinesiology association.

    6. In the cases where a relationship is ongoing, data will be retained until such time that the relationship ceases, at which point the data will be archived, unless a person exercises their right to removal. If this is exercised, it will be determined what, if any, information needs to be retained by me to comply with current laws.

    7. In some circumstances you can ask me to delete your data: see your legal rights below for further information.

    8. In some circumstances I will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case I may use this information indefinitely without further notice to you as it will not longer be considered personal data.

14. Service Providers

  1. I may employ third party companies and individuals to facilitate the Service (“Service Provide”), to provide the Service on my behalf, to perform Service-related services or to assist me in analysing how the Service is used.

  2. These third parties have access to your Personal Data only to perform these tasks on my behalf and are obligated not to disclose or use it for any other purpose.

15. Analytics

  1. I may use third-party Service providers to monitor and analyse the use and results of the Service.

  2. When you use the Service, we may perform analytics on your actions in order to improve the Services, so that you receive a better user experience. Analytics is done for two purposes and on the following legal bases:

    1. We analyse the data collected during your use of the Services in order to improve the Service and products, and the legal basis is legitimate interest (legal basis in Article 6(1)(f) of GDPR) understood as the need to provide services and products of the highest quality, corresponding to the needs of users, to develop software functionality, to improve its accuracy and correctness.

    2. The recipients of your Personal Data may include:

        • Entities authorised by law on the basis of proper request (courts, authorities);

        • Entities providing accounting, IT, Marketing, Communication, Analytical and legal services.

        • Subcontractors with whom I cooperate.

16. Data Security:

  1. I have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, I limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on my instructions and they are subject to a duty of confidentiality.

  2. I have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where I am legally required to do so.

17. Protection against claims and recovery of claims

  1. I may process your Personal Data in order to assert or defend against possible claims related to the contact or processing of your Personal Data and the processing is based on a legitimate interest (Article 6(1)(f) GDPR), understood as the possibility to assert or defend against claims.

  2. The data will be processed until the statute of limitation for the respective claims has expired.

18. Anonymised/ Pseudonymised data

  1. In the instances where personal data is collated as a part of a data-set for statistical analysis, educational resources or market research, the data will be anonymised.

19. Payment:

  1. I may provide paid products and/or services within the Service. In that case, I use third-party services for payment processing (e.g. Payment Processors).

  2. I will not store or collect your payment card details. That information is provided directly to my third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

20. Your Data Protection Rights

Your Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. I aim to take reasonable steps to allow you to correct, amend delete, or limit the use of your Personal Data.

  • If you wish to be informed what Personal Data I hold about you and if you want it to be removed from my systems, please contact me.

  1. You have the following data protection rights:

      1. The right to access, update or to delete the information I have on you.

      2. The right to rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.

      3. The right to object. You have the right to object to my processing of your Personal Data.

      4. The right of restriction. You have the right to request that I restrict the processing of your personal information.

      5. The right to data portability. You have the right to be provided with a copy of the information I have on you in a structured, machine-readable and commonly used format.

      6. The right to withdraw consent. You also have the right to withdraw your consent at any time where I relied solely on your consent to process your personal information.

    1. Please note I may ask you to verify your identity before responding to such requests.

    2. Please note I may also ask for clarification/specification on which data it is you are requesting, in circumstances where certain data is anonymised or I hold large volumes of data or it required access to my archives in order to obtain or remove the desired data.

    3. Please note I am obligated and will comply with your data protection rights to a reasonable extent.

    4. In cases whereby a data request is deemed excessive or manifestly unfounded, I may charge a reasonable fee to provide the data, taking into account the administrative costs of providing the information or communication.

    5. I try to respond to all legitimate requests within one month. Occasionally it could take me longer than a month if your request is particularly complex or you have made a number of requests. In this case, I will notify you and keep you updated.

    6. You have the right to complain to a Data Protection Authority about my collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

21. Children’s Privacy

  1. The Service does not directly address anyone under the age of 18 (“Children”).

  2. I do not knowingly collect personally identifiable information from anyone under the age of 18 without parental consent. If you are a parent or guardian and you are aware that your child has provided me with Personal Data, please contact me. If I become aware that I have collected Personal Data from children without verification of parental consent, I take steps to remove that information from my servers.

  3. If you are providing me with personal information relating to anyone under the age of 18, please ensure you have gained informed consent from a parent/guardian and have made them aware of their rights when doing so. It is also important before disclosing any personal information of anyone between the ages of 14 and 18 to me to ensure that they also understand how their data is being used and consent to it.

22. Personal Data and Your Duty to Inform Me of Changes

It is important that the Personal Data I hold about you is accurate and current. Please keep me informed if your Personal Data changes during your relationship with me.

23. Changes to the Privacy Policy:

  1. I keep my Privacy Policy under regular review. [This version was last updated on 16.08.2022].

  2. I may update our Privacy Policy from time to time. I will notify you of any changes by posting the new Privacy Policy on my Website.

  3. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on the Website.

24. How to contact the appropriate authority:

Should you wish to report a complaint or if you feel that I have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.

Telephone: 03031231113

Website: https://ico.org.uk/global/contact-us/email/

Contact me:

If you have any questions about this Privacy Policy, please contact me:

By email: jan@jandavidson.co.uk