Privacy Policy & Cookies Policy

This page was last updated: 24th May 2018

House of Herbs Medical Herbalists (‘we’) are committed to protecting and respecting your privacy. House of Herbs Medical Herbalists is registered with the ICO (Information Commissioner’s Office). The Data Protection Act 2018 (‘DPA 2018’) and the General Data Protection Regulation (‘GDPR’) impose certain legal obligations related to how we process personal data.

House of Herbs Medical Herbalists is a data controller within the meaning of the GDPR and we process personal data. The contact details for the House of Herbs Medical Herbalists Data Controller are;

Data Controller
House of Herbs Medical Herbalists
12 Broad Street,
Stamford,
Lincolnshire,
PE9 1PG
Email info@houseofherbs.co.uk

1. Information we may collect from you

1.1 We may collect and process the following data about you:

1.1.1 information that you provide by filling in forms on our website www.houseofherbs.co.uk (our "site"). This includes information provided at the time of registering an account, purchasing services from us or requesting further services. We may also ask you for information when you report a problem with our site or the services you have purchased;
1.1.2 if you contact us by email or similar electronic means, we may keep a record of that correspondence;
1.1.3 if you contact us by telephone, we may record our telephone conversation for training purposes and, if you are asking us to provide you with the use of a dedicated hosting server, for the purposes of proving your request;
1.1.4 we may ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
1.1.5 details of transactions you carry out through our site and of the fulfilment and administration of your orders; and
1.1.6 details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access and use. 
1.1.7 if you contact us by letter or similar correspondence that include, but are not limited to, physical documents / forms that we have requested to be completed and returned to us.

2. IP addresses and cookies

2.1 We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.

2.2 For the same reason, we may obtain information about your general Internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service.

They enable us:
2.2.1 to estimate our audience size and usage pattern;
2.2.2 to store information about your preferences, and so allow us to customise our site according to your individual interests;
2.2.3 to speed up your searches; and
2.2.4 to recognise you when you return to our site.
2.3 You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.

3. How we store your personal data

We will take all steps reasonably necessary to ensure that your personal data is treated in accordance with ‘DPA 2018’ and ‘GDPR’. Once we have received your personal data we will use strict procedures and policies to prevent unauthorised access to it.

3.1 The personal data that we collect from you will be stored on our servers inside the European Union ("EU"). Some of your personal data mayl be transferred to Paypal and/or Google Checkout for the purposes of processing your payment information. By submitting your personal data, you agree to this transfer, storing or processing.

3.2 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

3.3 Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

3.4 If your personal data is held on computers or similar electronic devices, these devices are password protected. If your personal data is contained in physical letters, documents / forms or similar, these documents will be filed in lockable cabinets, in lockable rooms, in a building where public access is restricted. 

4. Uses made of your personal data

4.1 We use information held about you in the following ways:

4.1.1 to ensure that content from our site is presented in the most effective manner for you and for your computer;
4.1.2 to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
4.1.3 to carry out our obligations arising from any contracts entered into between you and us;
4.1.4 to allow you to participate in interactive features of our service, when you choose to do so;
4.1.5 to notify you about changes to our service.
4.1.6 to fulfil our obligations under relevant laws in force and comply with professional obligations to which we are subject to.
4.1.7 to enable us to invoice you for our services.
4.1.8 to use in the investigation and/or defence of potential complaints and legal proceedings.

4.2 If you have placed an order or enquired about our services, we may use the information we hold to send you our regular newsletter if requested. This newsletter is a method of communicating with you and will inform you of changes to our site, notify you of planned outages and updates to our services, and keep you informed about our services generally. To join our marketing database, go to this link: http://eepurl.com/dvLemz

4.3 If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale to you.

5. The legal basis for our intended processing of personal data

5.1 At the time you instructed us to act, you gave consent to us processing your personal data for the afore mentioned purposes listed.
5.2 The processing is necessary for the performance of any contracts we have with you.
5.3 The processing is necessary for compliance with legal and professional obligations to which we are subject to.
5.4 It is in our legitimate interests to do so.

6. Disclosure of your personal information

6.1 We may disclose your personal information to any medical herbalist that works at House of Herbs Medical Herbalists.  All medical herbalists working at House of Herbs are appropriately qualified, insured and registered with an appropriate professional associations. 

6.2 We may disclose your personal information to third parties whom you require or permit us to correspond, or we require for example in order to carry out an online transaction (eg Paypal). 

6.2.1 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or to protect our rights, property, or safety, or that of our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

6.3 Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

7. Retention of Personal Data

7.1 Where we have an ongoing client relationship data is retained throughout the period of the relationship, once this has ceased, the data will be deleted 7 years after the end of business.

7.2 In the event of the closure of the business, all personal data will be securely destroyed. 

8. Requesting data we hold about you.

8.1 You have the right to request access to your personal data held by us, this is known as a ‘subject access request’ (‘SAR’). Please provide all SARs in writing for the attention of the Data Controller. Further information is available at www.ico.org.uk

9. The right to rectification

9.1 You have the right to rectify any inaccurate or incomplete personal data we hold about you, should you become aware of this please contact the Data Controller so it can be made accurate or complete. Further information is available at www.ico.org.uk

10. The right to erasure

10.1 Some circumstances permit you the right to have your personal data held by us erased. If you would like your personal data erased please contact the Data Controller who will consider your request. Further information is available at www.ico.org.uk

11. The right to restrict processing and the right to object

11.1 Some circumstances permit you the right to block or object to the processing of your personal data. Please forward your request to the Data Controller who will consider your request. Further information is available at www.ico.org.uk

12. Withdrawal of your consent to process data

12.1 You have the right to withdraw your consent to us processing your data where you have previously given consent. Please forward your request to the Data Controller. Should you withdraw your consent we may not be not be able to continue providing services to you, it has no effect on the lawfulness of earlier processing and circumstances may be that it may remain lawful for us to continue to process your data on another legal basis.

13. Complaints Procedure

13.1 If you have a complaint about House of Herbs Medical Herbalists Data Protection Policies with reference to ‘DPA 2018’and ‘GDPR’, please contact the Data Controller.

14. Changes to our privacy policy

14.1 Any changes we may make to our privacy policy in the future will be posted on our website and, where appropriate, notified to you by e-mail.