Privacy Policy
Last updated: 27 January 2025
At Coriander Stone ("we", "our", or "us"), we are committed to protecting your privacy and ensuring your personal data is handled responsibly. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit our website, use our services, or contact us.
We comply with the UK General Data Protection Regulation (UK GDPR) and relevant UK data protection laws.
1. Who We Are
Business Name: Coriander Stone
Address: If you need a postal address, please email me with the request and I will get back to you.
Email: hello@corianderstone.com
Phone: +44 (0)7538 930 126
Website: corianderstone.com
If you have any questions about this Privacy Policy or how we handle your data, please contact us using the details above.
2. What Personal Data We Collect
We may collect the following types of personal data:
Contact Information: Your name, email address, phone number, and postal address.
Health Information: Information you provide regarding your health history, dietary habits, and lifestyle as part of our nutritional therapy services.
Website Usage Information: IP address, browser type, and activity on our website (e.g., pages visited).
Payment Information: Details necessary to process payments, such as card details (handled securely by payment providers).
Communication Records: Emails, messages, or other communications you send to us.
We only collect health-related information with your explicit consent and where necessary to provide our services.
3. How We Use Your Personal Data
We use your personal data for the following purposes:
To Provide Services: To deliver nutritional therapy consultations and personalised advice.
To Communicate With You: To respond to your enquiries, schedule appointments, and send updates.
To Process Payments: To manage billing and transactions for our services.
To Improve Our Website: To analyse how visitors use our website and improve its functionality.
To Comply With Legal Obligations: To fulfil legal and regulatory requirements.
4. Lawful Basis for Processing Your Data
Under the UK GDPR, we rely on the following lawful bases to process your personal data:
Consent: Where you have provided explicit consent (e.g., for health information).
Contractual Necessity: Where processing is necessary to deliver the services you have requested.
Legal Obligation: Where we are required to comply with a legal or regulatory obligation.
Legitimate Interests: For purposes such as improving our services and website (only where these interests do not override your rights).
5. Sharing Your Personal Data
We only share your personal data when necessary and in compliance with the law. This may include:
Service Providers: Third-party companies who assist with payment processing, email hosting, or website analytics.
Regulatory Bodies: If required by law, such as for tax, legal, or safeguarding purposes.
Professional Associates: Other healthcare professionals, but only with your explicit consent.
We do not sell or trade your personal data to third parties for marketing purposes.
6. How Long We Keep Your Data
We retain your personal data only for as long as necessary for the purposes outlined in this Privacy Policy. For example:
Health records are retained for 7 years in line with professional and legal requirements.
Financial records are retained for 6 years to comply with tax obligations.
Website analytics data is typically stored for 12 months.
When your data is no longer needed, it will be securely deleted or anonymised.
7. Your Data Protection Rights
Under the UK GDPR, you have the following rights:
Right to Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of any inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data where no longer necessary.
Right to Restrict Processing: Request limited use of your data in certain circumstances.
Right to Data Portability: Request transfer of your data to another provider.
Right to Object: Object to the processing of your data, particularly for direct marketing.
Right to Withdraw Consent: Where processing is based on your consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at [Your Contact Email].
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK’s data protection authority. Visit https://ico.org.uk for more information.
8. How We Protect Your Data
We take appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, or misuse. This includes:
Secure servers and encryption for sensitive data.
Access controls to limit data access to authorised personnel only.
Regular monitoring and updates to our security practices.
While we strive to protect your data, no method of transmission over the internet is entirely secure, so we cannot guarantee absolute security.
9. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these websites. Please review their privacy policies when visiting third-party sites.
10. Cookies
We use cookies and similar technologies to improve our website’s functionality and user experience. For detailed information on the cookies we use, please refer to our Cookies Policy.
11. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements or our data processing practices. Any updates will be posted on this page, and we encourage you to review it regularly.
12. Contact Us
If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please contact us:
Email: hello@corianderstone.com
Phone: +44 (0)7538 930 126
We are happy to assist you with any concerns about your data or privacy rights.