PRIVACY POLICY
PRIVACY POLICY
By visiting www.workwellnessboutique.com, or soliciting services provided by Liz Ellan, you are consenting to our privacy policy.
OVERVIEW
Liz Ellan is committed to protecting your privacy online. This Privacy Policy describes the personal information we collect through this website, and how we collect and use that information.
The terms “we,” “us,” and “our” refers to Liz Ellan. The terms “user,” “you,” and “your” refer to site visitors, customers, and any other users of the site.
The term “personal information” is defined as information that you voluntarily provide to us that personally identifies you and/or your contact information, such as your name, phone number, and email address.
CONSULTING & COACHING SERVICES BY LIZ ELLAN (THE “SERVICE”)
Use of www.workwellnessboutique.com, including all materials presented herein and all online services provided by Liz Ellan, is subject to the following Privacy Policy.
This Privacy Policy applies to all site visitors, customers, and all other users of the site. By using the Site or Service, you agree to this Privacy Policy, without modification, and acknowledge reading it.
CONTACT DETAILS
Legal name of entity:
Elizabeth Ellan. Email address: workwellnessboutique@gmail.com.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at workwellnessboutique@gmail.com
INFORMATION WE COLLECT
This Site only collects the personal information you voluntarily provide to us, which may include:
* Your first name
* Your email address
Used in order to subscribe visitors to our newsletter.
The information you provide is used to process transactions, send periodic emails, and improve the service we provide. We do share your information with trusted third parties who assist us in operating our website, conducting our business and servicing clients and visitors.
These trusted third parties agree to keep this information confidential. Your personal information will never be shared with unrelated third parties.
ACTIVITY
WHAT DATA DO WE COLLECT ABOUT YOU, FOR WHAT PURPOSE AND ON WHAT GROUND WE PROCESS IT
Personal data means any information capable of identifying an individual. It does not include anonymized data.
We may process the following categories of personal data about you:
* Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defense of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
* Customer Data that includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
* User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back- ups of our website and/or databases and to enable publication and administration of our website, other online services and business. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business.
* Technical Data that includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyze your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.
* Marketing Data that includes data about your preferences in receiving marketing from us and our third parties and your communication preferences. We process this data to enable you to partake in our promotions such as competitions, prize draws and free give-aways, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising. Our lawful ground for this processing is our legitimate interests which in this case are to study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.
* We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. Our lawful ground for this processing is legitimate interests which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is either consent or legitimate interests (namely to grow our business).
SENSITIVE DATA
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at workwellnessboutique@gmail.com In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
We do not carry out automated decision making or any type of automated profiling.
HOW WE COLLECT YOUR PERSONAL DATA
We may collect data about you when you have provided the data directly to us (for example by filling in forms on our site or by sending us emails). We may automatically collect certain data from you as you use our website by using cookies and similar technologies.
We may receive data from third parties such as analytics providers such as Google based outside the EU, advertising networks such as Facebook based outside the EU, such as search information providers such as Google based outside the EU, providers of technical, payment and delivery services, such as data brokers or aggregators.
MARKETING COMMUNICATIONS
Our lawful ground of processing your personal data to send you marketing communications should always be consented to. If you are receiving this information without consent (or wish to unsubscribe) please email workwellnessboutique@gmail.com
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since.
You can ask us or third parties to stop sending you marketing messages at any time [by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences] OR [by following the opt-out links on any marketing message sent to you or] OR by emailing us at workwellnessboutique@gmail.com at any time.
If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.
DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below:
* Service providers who provide IT and system administration services.
* Professional advisers including lawyers, bankers, auditors and insurers.
* Government bodies that require us to report processing activities.
* Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
INTERNATIONAL TRANSFERS
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:
* We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
* Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
* If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
DATA SECURITY
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorization. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential, limiting data use to only when it is relevant and necessary to complete the required services, maintaining anonymity when possible or using the least amount of identifiers (i.e., referring to individuals by first name only when possible).
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorized use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
In some circumstances we may anonymize your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
YOUR LEGAL RIGHTS
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
You can see more about these rights at:
https://ico.org.uk/for-the-public/
If you wish to exercise any of the rights set out above, please email us at consultingbyliz@gmail.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
COOKIES
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
THIRD PARTY LINKS
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
SECURITY
We maintain security measures to protect your personal information from unauthorized access, misuse, or disclosure. However, no exchange of data over the Internet can be guaranteed as 100% secure. While we make every effort to protect your personal information shared with us through our Site, you acknowledge that the personal information you voluntarily share with us through this Site could be accessed or tampered with by a third party. You agree that we are not responsible for any intercepted information shared through our Site without our knowledge or permission. Additionally, you release us from any and all claims arising out of or related to the use of such intercepted information in any unauthorized manner.
CHILDREN
To access or use the Site, you must be 18 years old or older and have the requisite power and authority to enter into this Privacy Policy. Children under the age of 18 are prohibited from using the Site.
UPDATING YOUR INFORMATION
You may access and correct your personal information and privacy preferences by contacting us via email at workwellnessboutique@gmail.com
INFORMATION SECURITY POLICY
1. PERSONNEL SECURITY
This section identifies security responsibilities and management processes throughout the employment cycle.
(a) Prior to employment, employee security screening is done in accordance with standard security practices;
(b) During employment, employees are informed about the information security policies and procedures, information security roles and responsibilities;
(c) At termination of employment, employees are reminded of their ongoing confidentiality responsibilities;
(d) Potential or actual information security breaches are investigated and reported, and invoke incident management processes where necessary; and,
(e) Contractor responsibilities for information security are identified in contractual agreements.
2. MANAGEMENT OF INFORMATION SYSTEMS AND DEVICES
This section defines requirements for secure management of information systems and devices.
(a) Maintain an inventory of information systems and devices, including portable storage devices, and mobile devices;
(b) Validate the measures taken to protect information systems and devices as part of an enterprise risk management strategy. This includes maintaining, documenting, verifying and valuing asset inventories on a regular basis;
(c) Document the return of devices in the possession of employees upon termination of their employment;
(d) Remove information from devices that are no longer needed; and,
(e) Securely dispose of devices in a manner appropriate for the sensitivity of the information the device contained.
2.1. MOBILE DEVICE SECURITY
Controls are implemented to mitigate security risks associated with the use of mobile devices.
Mobile device users must lock and/or secure unattended mobile devices to prevent unauthorized use or theft.
3. ACCESS TO INFORMATION SYSTEMS AND DEVICES
This section identifies security roles, responsibilities and management processes relating to access and authorization controls for government information systems and devices.
Define, document, implement, communicate and maintain procedures to ensure access to information systems and devices are granted to individuals based on business requirements and the principles of “least privilege” and “need-to-know.”
(a) Ensure the assignment and revocation of access rights follow a formal and documented process; and,
(b) Regularly, and upon change of employment, review, and update where appropriate, employee access rights to ensure they are accurate and up-to-date.
4. INFORMATION ENCRYPTION
This section defines encryption methods for improving the protection of information and for reducing the likelihood of compromised sensitive information.
(a) Select information encryption controls during system design to provide appropriate protection commensurate to the information value and security classification; and,
(b) Register the use of encryption technology products and services.
5. PHYSICAL AND ENVIRONMENTAL SECURITY
This section identifies operational requirements for protecting facilities where information and information systems are located.
(a) Design, document and implement security controls for a facility based on an assessment of security risks to the facility;
(b) Review, and where appropriate test, physical security and environmental control requirements;
(c) Establish appropriate entry controls to restrict access to secure areas, and to prevent unauthorized physical access to government information and devices;
(d) Incorporate physical security controls to protect against natural disasters, malicious attacks or accidents; and
(e) Ensure security controls are maintained when computer equipment, information or software is used outside facilities.
6. OPERATIONS SECURITY
This section establishes a framework for identifying requirements to control, monitor, and manage information security changes to the delivery of services.
(a) Plan, document and implement change management processes to ensure changes to information systems and information processing facilities are applied correctly and do not compromise the security of information and information systems;
(b) Monitor and maintain information systems software throughout the software lifecycle;
(c) Define, document, assess, and test backup and recovery processes regularly;
(d) Implement processes for monitoring, reporting, logging, analyzing and correcting errors or failures in information systems reported by users and detection systems;
(e) Ensure operating procedures and responsibilities for managing information systems and information processing facilities are authorized, documented and reviewed on a regular basis;
(f) Establish controls to protect log files from unauthorized modification, access or disposal;
(g) Establish processes to identify, assess, and respond to vulnerabilities; and,
(h) Enable synchronization of computer clocks to ensure integrity of information system logs and accurate reporting.
7. COMPUTER NETWORK AND COMMUNICATION SECURITY
This section identifies requirements for the protection of sensitive or confidential information on computer networks.
(a) Document network security controls prior to commencement of service delivery;
(b) Ensure security features are implemented prior to commencement of service delivery;
(c) Document, implement and manage changes to network security controls and security management practices to protect information systems from security threats;
(d) Ensure segregation of services, information systems, and users to support business requirements based on the principles of least privilege, management of risk and segregation of duties;
(e) Ensure implementation of network controls to prevent unauthorized access or bypassing of security control;
(f) Ensure electronic messaging services are protected commensurate to the value and sensitivity of message content; and,
(g) Ensure information transfers between the company and external parties are protected.
7.1. WORKING REMOTELY
This section defines information security requirements that apply to employees when working remotely.
(a) Ensure that information and devices are protected regardless of the type of access or physical location of employees.
8. INFORMATION SYSTEM PROCUREMENT, DEVELOPMENT AND MAINTENANCE
This section defines requirements to ensure security controls are included in business and contract requirements for building and operating secure information systems, including commercial off the shelf and custom-built software.
(a) Develop, implement and manage the processes and procedures necessary to ensure that information security risks and privacy requirements are taken into account throughout the systems development lifecycle;
(b) Ensure sufficient resources and funding are allocated to complete the necessary information security tasks;
(c) Ensure that system development or acquisition activities are aligned with government information security requirements and standards; and,
(d) Apply vulnerability scanning, security testing, and system acceptance processes commensurate to the value and sensitivity of the information system.
9. SUPPLIER RELATIONSHIPS
This section defines requirements to ensure supplier agreements for information systems and cloud services align with company security policies, standards and processes.
(a) Ensure identified security requirements are agreed upon and documented prior to granting external parties access to information, information systems or information processing facilities;
(b) Ensure security controls, service definitions, and delivery levels are identified and included in agreements with external parties prior to using external information and technology services;
(c) Establish processes to manage and review the information security controls of services delivered by external parties, on a regular basis;
(d) Ensure that changes to the provision of services by suppliers of information system services take into account the criticality of the information and information systems involved and the assessment of risks;
(e) Assess business requirements and associated risks related to external party access to information and information systems; and,
(f) Ensure the risks of external party access to information and information systems are identified, assessed, mitigated and managed.
9.1. CLOUD SERVICES SECURITY
Ensure secure use of cloud services by:
(a) Establishing policy and providing strategic direction on the use of cloud services;
(b) Establishing roles and responsibilities; and,
(c) Establishing information security requirements for cloud services.
10. INFORMATION INCIDENT MANAGEMENT
This section addresses the response and management of information incidents, including privacy breaches, in order to take the appropriate steps to mitigate the risk of harm. Employees must immediately report suspected or actual information incidents.
Incident management policies and procedures must be established, as appropriate, to ensure quick, effective and orderly response to information incidents.
11. BUSINESS CONTINUITY MANAGEMENT
This section defines requirements to prepare, and re-establish, business or services as swiftly and smoothly as possible in adverse situations.
(a) Establish, document, implement, and maintain processes, procedures and controls to ensure the required level of information security for business continuity and disaster recovery during an adverse situation;
(b) Ensure that vital records and critical systems are identified in business continuity plans;
(c) Review business continuity and recovery plans annually to ensure they are current, valid, functional and readily accessible during a business interruption; and,
(d) Regularly conduct business continuity and recovery exercises and, where necessary, update business continuity and recovery plans.
12. ASSURANCE AND COMPLIANCE
This section defines requirements to ensure compliance with legislation, government policies and standards.
(a) Ensure the legislative, statutory, regulatory and contractual security requirements of information systems are identified, documented, addressed and maintained; and,
(b) Regularly review information systems and information security procedures to ensure compliance with security policies and standards.
CHANGES TO THIS POLICY
You acknowledge and agree that it is your responsibility to review this Site and this Policy periodically and to be aware of any modifications. We will notify you of any changes to this privacy policy by posting those changes on this page.
CONTACT
If you have questions about our privacy policy, please email us at workwellnessboutique@gmail.com
Updated: July 2024