Privacy and Cookies Notice
Who We Are
Jan Southern is the trading name of Janet Southern, a Somatic Trauma Therapist and advanced massage therapist. When I speak about ‘I’ or “we” this is who I mean. I am based in Edinburgh, Scotland, UK. The best way to get in touch with me is either via phone +44 0755 407 0770 or via email firstname.lastname@example.org
Please note that this policy applies only to our website and not to the web sites of other organisations to which we may provide links. We are not responsible for the privacy policies or practices of such third party sites and you should make your own enquiries in respect of them.
Data I Collect
I am glad that you have chosen to visit my website. I write and share information that I hope is both helpful and interesting for you. I write about who I am, what I do and how I can help you.
To help me improve my website and tailor it better meet the needs of both visitors and my clients, I use different tools such Google Analytics and Webmaster Tools Webmaster tools to monitor visitors to my website.
These cookies (see below) help me to understand things such as how you found out about me and which pages were viewed by people like yourself visiting my website. If you’d prefer me not to see this you can disable cookies in your internet browser
I’d like you to be safe in the knowledge that I do not collect personal data, such as your email, when you visit my website. As a visitor to my web, the only way I will have your email and First name is if you fill out my contact form or sign up for my newsletter.
I do collect personal data about you to help with the process of successfully booking your free consultation call, your appointments and your participation in my services, for example my 1-to-1 programmes, courses and workshops.
The type of data that is collected via web, email, telephone or in person may include name, contact information including email and postal address, demographic information such as postcode and interests, information on health and wellbeing relevant to the provision of appropriate treatment and/or advice, other information relevant to customer surveys and/or offers.
Special Category Data
We may also collect, store and use your “special category” personal data before engaging with you as a new client.
“Special Categories” of personal data comprise sensitive personal data which is more private in nature and therefore requires a higher level of protection, such as genetic data, biometric data, information about sex life or sexual orientation, race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and – in this case – health.
The lawful basis on which we may process special category personal data is so we can be informed about any health issues and general medical condition before you join any of our classes, programs or one-to-one sessions.
If you sign up for my newsletter list I will collect your first name, surname and email address. When you sign up you can also choose to opt-in to receive emails about spaces on my 1-to-1 programmes, workshops and courses.
I gather information around email opening and clicks using industry standard technologies. This helps me to monitor and improve my newsletters. You can easily unsubscribe at any time by simply clicking the unsubscribe button and the top and bottom of my newsletter emails. Or, you may contact me directly at email@example.com and ask me to remove you from my mailing list.
I never rent, sell or trade email lists with other organisations and businesses. I will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
Any information I hold from you is strictly confidential. Where I use software to store your data, I choose well respected and responsible companies such as MailChimp, Stripe and Freeagent.
Clients’ intake forms and session notes from my 1-to-1 programmes are stored securely offline. These are not shared and are viewed only by myself.
In accordance with my Insurers requirements, I hold client information, including session notes, for seven years after we have finished working together. After this time, and if we have not begun working together again, this information is securely destroyed.
In accordance with HMRC and Insurers requirements, I keep client data, including invoices and receipts, for 7 years after we have finished working together. After this time this information is securely destroyed.
Like many other website operators I use ‘cookies’ and other tracking technologies such as ‘pixels’ and ‘beacons’ on my website to improve the customer experience, deliver content tailored to your interests and serve relevant online targeted advertising, as well as learn more about how you interact with the site.
Cookies are small data files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use and navigation of the website and to compile statistical reports on website activity.
If you want to opt-out of interest-based advertising, please visit http://www.youronlinechoices.eu for more information.
In common with many other websites when you visit www.livebeyondmigraine.com I use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. I do this not to identify you personally but to analyse your use of our website in order to deliver relevant website content and advertisements to you and to understand the effectiveness of our marketing and advertising activities.
By visiting my website I may have access to your *IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
This data may be processed for the purposes of analysing the use of my website and my services. The legal basis for this processing is Legitimate Interest, namely monitoring and improving our website and services.
If you would like information on how to refuse or delete cookies (i.e. prevent Google Analytics from using your browsing behaviour as part of its analysis), or just to find out more about them please visit www.aboutcookies.org.
*An IP Address is a globally unique identifier of your computer. In most cases your ISP (or network server if a business user) will allocate an IP address for the duration of your online session.
From time to time I may use Facebook’s ‘Customer File Custom Audience’ service. This service enables Jan Southern to display personalised ads to you when you visit Facebook, or Audience Network.
It works by hashing (converting) a list of email addresses at source, before the data is sent to Facebook and used to match the people on the list to people on Facebook.
Where I use Customer File Custom Audiences, I will only include you if you have consented to receive marketing from me. If you have given us your consent, you can change your mind at any time by clicking on an unsubscribe link at the bottom of any newsletter email from us, or by contacting Jan Southern at firstname.lastname@example.org.
This website also uses the Facebook tracking pixel to collect data on visitor behaviour, such as:
which pages are visited
which device was used to view the website
what actions were taken.
This information may be used to serve website traffic Custom Audience ads in future.
You can also opt out of collection of information and third party adverts by using the following services:
Digital Alliance Advertising Opt Out at www.aboutads.info/choices
Your Online Choices at www.youronlinechoices.eu
Links to Other Websites
My website may contain links to other websites of interest. However, once you have used these links to leave our site, you should not that we do not have control over that other website.
You should review the Privacy Notice of each website that you visit to check that you agree with the personal data that they collect from you.
My clients have the option to pay me by BACs, Credit Card or Debit Card. Paying by BACs, the only information I see if what the bank shares with me: name of the person, name of company (if applicable), how much has been paid and preferably the reference number on the invoice.
I use Stripe to allow my clients to pay by either credit card or debit card, if they prefer.
In some cases I may use Eventbrite to promote and collect payment for events, courses and workshops.
We are committed to protecting the privacy of your personal data. We use appropriate standards of technology and operational security to protect personal information including a secure server and network firewall connection. Operationally, access to personal information is restricted to authorised personnel who are under a duty to maintain the confidentiality and security of such information.
Transmission of Data Overseas
In certain circumstances, we may transfer your personal information to countries outside the European Economic Area (meaning the EU 27 member states, the UK, Norway, Iceland and Liechtenstein) (EEA). This may include circumstances where we use service providers who are based outside the EEA or who use “cloud” infrastructure which means that their servers are based all over the world. Where we transfer your information to companies outside the EEA, we will make sure it’s protected in a manner that is consistent with how your information will be protected by us.
This can be done in a number of different ways for instance:
• The country that we send the information to might be approved by the European Commission.
• The recipient company might have signed up a contract obliging them to protect your information.
• The recipient is located in the US and is a certified member of the EU-US Privacy Shield scheme.
In other circumstances the law may permit us to otherwise transfer your information outside the EEA. In all cases however, we will ensure that any transfer of your information is compliant with the Data Protection Legislation.
You have a number of legal rights in relation to the information that we hold about you, including:
• Right to access: You have the right to request access to your personal data held by us. Requests are to be made in writing, electronically and information will be provided in a commonly used electronic format. Requests will be handled within one month of receipt of the request, and free of charge with the exception of where requests are manifestly unfounded or excessive we hold the right to charge a reasonable fee taking into account the administrative costs of providing the information. More information can be found at https://ico.org.uk/for-the-public/personal-information/.
• Right to rectification: You have the right to have personal data rectified if inaccurate or incomplete. Where the personal data in question has been disclosed to a third party, they will be made aware of the rectification where possible. Requests are to be made in writing, electronically, and will be handled within one month of receipt of the request.
• Right to erasure: You have the right to request the deletion or removal of personal data in the following circumstances:
o Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
o When you withdraw consent.
o When you object to the processing and there is no overriding legitimate interest for continuing the processing.
o The personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
o The personal data has to be erased in order to comply with a legal obligation.
This does not provide an absolute “Right to be forgotten”. Where the personal data in question has been disclosed to a third party, we will inform them about the erasure of the personal data, unless it is impossible or involves disproportionate effort to do so. Personal data will be erased by removal from our internal and cloud servers.
• Right to restrict processing: You have a right to ‘block’ or suppress processing of personal data if you contest its accuracy; have objected to the processing; processing is unlawful and you oppose erasure; we no longer need the personal data but you require the data to establish, exercise or defend a legal claim. Where the personal data in question has been disclosed to a third party, we will inform them about the restriction on processing of the data, unless it is impossible or involves disproportionate effort to do so.
• Right to data portability: You have the right to obtain and reuse your personal data for your own purposes. Requests are to be made in writing, electronically, and will be handled within one month of receipt of the request.
• Right to object: You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics. Requests will be dealt with and have immediate effect with no right for refusal.
You can also contact us to exercise your right to request that:-
• We stop using your personal information for certain purposes
• Your information is provided to you in a portable format
• Decisions about you are not made by wholly automated means
Many of the rights listed above are limited to certain defined circumstances and we may not be able to comply with your request. We will tell you if this is the case.
If you choose to make a request to us, we will aim to respond to you within one month. We will not charge a fee for dealing with your request.
You also have the right to make a complaint with the Information Commissioner at www.ico.org.uk if you think that any of your rights have been infringed by us.
All requests will be dealt with in your own merit, and in accordance with the Data Protection Legislation guidance.
Should a data breach occur, we have compliant procedures in place to investigate and report the matter to the Individual. In the event of a breach, it will be reported to you within 72 hours of discovery. A record of any breaches will be kept by the company.
You can exercise your rights by contacting us using the details set out in the “Contact Details” section below.
Access to your Personal Information
If you want to find out what data I hold on you please get in touch with me via email email@example.com, and include your name and email address. I will take a look through my data and provide you an OVERVIEW. You have the right to view, amend or delete your personal data that I hold*
*Please refer to Data Retention above to check what information and the period of time I am obliged to hold with regards to HMRC and my Insurers.
I am registered with UK Information Commissioner’s Office (ICO). My registration number is Z1907965
Changes to this Privacy Notice
I may make changes to this Privacy Notice from time to time by updating this page. Last updated April 2021.
Telephone: +44 0755 407 0770