1. Who I am

My name is Nicola, and my business is Nicola Crevis Homeopathy. My contact details are:

• Email: nicolacrevishomeopathy@gmail.com

I am the data controller and am responsible for your personal data.

2. The information I collect about you

I may collect, use, store, and transfer different kinds of personal data about you, such as:

• Identity Data: including your first name, last name, and title, date of birth and gender.
• Contact Data: including your billing address, email address, and telephone numbers.
• Special Category Health Data: As a homeopathy client, you will be sharing sensitive information about your health, medical history, and lifestyle. This is treated with the strictest confidence.
• Transaction Data: including details about payments to and from you and other details of services you have purchased from me.

3. How I collect your personal data

I use different methods to collect data from and about you, including through:

• Direct interactions: You may give me your Identity, Contact, Financial, and Health Data by filling in forms, during consultations, or by corresponding with me by phone, email, or otherwise.

4. How I use your personal data

I will only use your personal data when the law allows me to. Most commonly, I will use your personal data in the following circumstances:

• Where I need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for my legitimate interests and your interests and fundamental rights do not override those interests.
• Where I need to comply with a legal or regulatory obligation.

For Special Category Health Data, I will only process this information with your explicit consent, which will be obtained at our first consultation. This data is used solely for the purpose of providing you with homeopathic care.

5. Data Security

I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. This includes secure storage for both digital and paper records.

6. Data Retention

I will only retain your personal data for as long as necessary to fulfil the purposes I collected it for. By law, I am required to keep client records, which include personal and health data, for 7 years after your last consultation. In the case of children, their records will be kept 7 years after their 18th Birthday. After this period, your records will be securely destroyed.

7. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

• Request access to your personal data.
• Request correction of your personal data.
• Request erasure of your personal data.
• Object to processing of your personal data.
• Request restriction of processing your personal data.
• Request the transfer of your personal data.
• Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact me.

8. Sharing your data

I do not sell or rent your personal data to third parties. I may have to share your data with the following service providers to run my business:

• Resend & Gmail: For processing emails sent through my website's contact form and for general email communication.
• Cloudflare Turnstile: To protect my website from spam, I use Cloudflare Turnstile. This service checks if you are a human user to prevent automated abuse. Turnstile may collect some data to function, which is subject to Cloudflare's Privacy Policy.

I require all third parties to respect the security of your personal data and to treat it in accordance with the law. I do not allow my third-party service providers to use your personal data for their own purposes.

9. International Data Transfers

Some of my third-party service providers are based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK.

Whenever I transfer your personal data out of the UK, I ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• I will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK.
• Where I use certain service providers, I may use specific contracts approved by the UK which give personal data the same protection it has in the UK.

Please contact me if you want further information on the specific mechanism used by me when transferring your personal data out of the UK.

10. Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). I would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact me in the first instance.