Privacy Policy

Sacred Rainbow is committed to protecting the privacy of our clients and members of the public. We have procedures in place based on the General Data Protection Regulations Regulation (GDPR) (EU) 2016/679 and we comply with all aspects of the UK’s data protection legislative framework. Sacred Rainbow is registered with the Information Commissioners Office (ICO) and our registration number is C1313455. 
This document outlines how information is used, who we may share the information with and how we keep it secure. This notice does not provide exhaustive detail. If you would like any additional information or explanation you should send a request to the deb@sacredrainbow.co.uk. This Privacy Notice is reviewed every year.

WHAT WE DO
Sacred Rainbow provides shamanic healing and Reiki to promote wellbeing and Deb Campbell is a member of the Reiki Association.

PERSONAL DATA
Information provided by you
You provide us with personal data in some of the following ways:
+ During a shamanic healing or Reiki consultation
+ Through email, over the telephone or by post
+ By taking credit card payment
This may include the following information:
+ Basic details such as name, address and contact details
+ Details of contact we have had with you such as appointments
+ Health information such as basic medical history
We use this information in order to provide you with shamanic healing or Reiki. This means that the legal basis of our holding your personal data is for legitimate interest.
For marketing purposes, we may also use the contact details provided by you to respond to your enquiries, including making telephone contact and emailing information to you that we believe may be of interest to you.
Sacred Rainbow’s website uses cookies, which is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Ionos.co.ukuses cookies to help us identify and track visitors and their website access preferences. Website visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using Sacred Rainbow’s website.

HOW WE USE YOUR PERSONAL DATA
We act as a data controller for use of your personal data to provide shamanic healing or Reiki. We also act as a data controller and processor in regard to the processing of credit card payments.
We undertake at all times to protect your personal data, including any health and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data storage.
We do not sell or broker your personal data, but we are obliged to use your personal data where there is an overriding public interest e.g. in order to safeguard an individual, or to prevent a serious crime, as well as where there is a legal requirement such as a formal court order.
We may use your data for marketing purposes such as newsletters but only where you have given us your consent.

LEGAL BASIS FOR PROCESSING ANY PERSONAL DATA
To meet our contractual obligations obtained from explicit Consent and legitimate interest to respond to enquiries concerning the services provided.

LEGITIMATE INTERESTS
To promote treatments for clients with all types of issues that may benefit from shamanic healing and Reiki.

CONSENT
Through agreeing to this privacy notice you are consenting to Sacred Rainbow processing your personal data for the purposes outlined. You can withdraw consent at any time by using the email address at the bottom of this Privacy Notice.

DISCLOSURE
We will keep your personal information safe and secure and only staff engaged in providing your treatment will have access to your client records. We will not disclose your Personal Information unless compelled to in order to meet legal obligations, regulations or valid governmental requests.

RETENTION POLICY
Sacred Rainbow will process personal data during the duration of any treatment and will continue to store only the personal data needed for seven years after your last session to meet any legal obligations. After seven years all personal data will be deleted, unless basic information needs to be retained by us to meet our future obligations to you, such as erasure details. Records concerning minors who have received treatment will be retained until the individual has reached the age of 25.

DATA STORAGE
All Data is held securely in the United Kingdom. We do not store personal data outside the EEA.

YOUR RIGHTS 
You have several rights under the GDPR regulations that can be better understood by reading the ICO’s guidance here: 
+ You have the right to correct or update your personal information processed by Sacred Rainbow
+ You have the right to request us to inform you what data we hold about you
+ You have the right to withdraw your consent for us to use your data (where relevant)
+ You have the right to lodge a complaint with the ICO if you feel your data has not been managed well
A minimum of one piece of photographic ID is required if you wish to request to see information on your personal data. The following forms of identification (ID) are accepted: a copy of your driving licence, passport or birth certificate, plus a utility bill not older than three months. If we are dissatisfied with the quality of the ID, further information may be sought before personal data can be released. We shall respond within 20 working days from the point of receiving the request and all necessary information from you.
If you would like to make a request please email deb@sacredrainbow.co.uk.