Any personal data submitted by you on this Site is for the use of Purehealth Clinic only. Our aim is to keep your data secure, use only what we need to and for the relevant purpose for which it was given. This policy is regularly reviewed. Last updated May 18.
Within the health sector, we also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. We will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment and in cloud storage with strong passwords as a minimum and do not store hard copies of data anywhere.
Personal data use
Your personal data includes your name, address, date of birth where required for specific labs, order comments, order details, phone number and email address and IP address.
By giving your details on the shop or by email as a query, say, you are expressing legitimate consent for Purehealth to have that data, which is used to process and fulfil your order or request for help. The shop data is then held on Ecwid, the data controller, and Purehealth has access to it via a password-protected website. Neither Ecwid, nor Purehealth holds any payment card details; those are processed through secure Paypal and bank processors.
You data may be used by Paypal, who process your payments, Ecwid, who sends you your downloads and holds your data on secure servers, passed to secure labs who send your test kits out, or by Purehealth staff or allied secure therapists, to help us with your specific case or query. By giving us your data and accepting these terms, you are giving us explicit permission to do all this.
Purehealth may also store your data for the purpose of sending a regular newsletter, if you have given your explicit consent for that. This might be via Mailchimp or ConvertKit, or some other email management provider as necessary. These are secure data processors and Purehealth has access to the data only via a strong password-protected site. You can, of course, unsubscribe at any time using the unsubscribe link at the bottom of every newsletter email.
You give us your data mostly by purchasing something on the Ecwid shop, although you may also give it via emails, phone or social media conversations.
Any personal comments that you give in support of your order in the comments box on Checkout on Ecwid or via email, social media, via the phone or post are kept strictly confidential. In giving that info, you are enabling us to ensure the best service to you and is thus used under legitimate interest. We may use it to contact you to ask any questions we have either about your order or your case. It may also be seen by (very rarely) by any other Purehealth staff or allied therapists if I think they are the best person to help you. We will only pass information to secure data controllers.
Your lab test results are either accessed from a password-protected lab site or sent to my secure email address (G-Suite: Gmail for Business). Your results are forwarded to you with my comments via a safe portal such as StayPrivate as appropriate and then deleted or kept as an attachment within your emails thread for up to a year.
How long we hold data for
Your emails, live chat, private Facebook or social media conversations are deleted at the end of our contact session or within 12 months. This means you should keep copies of them in case of future queries as I will no longer have them.
Your personal data for marketing is held with your consent unless you ask for it to be deleted or changed as above.
Right to be forgotten
At any time, you can ask for a copy of the data held by emailing us at email@example.com. You can also cancel your shop account at any time, and/or ask for any data held by us to be deleted under your Right To Be Forgotten, amended or consent for it to be held revoked at any time by contacting us at the same address.
If there is ever a security breach where Ecwid, our email management system or Purehealth think your data may have been accessed by someone who shouldn’t have, we will let you know within 72 hours of becoming aware of it. We will do this by using the data we have saved to our email management system.
If you have any queries about this policy, please contact firstname.lastname@example.org.