Affinitea Wellbeing customer privacy notice
Contact Details
Post:Liverpool Business Centre, 23 Goodlass Road, Liverpool, L24 9HJ, GB
Telephone: 07887 889606
Email:hello@AffinityWellbeing.co.uk
What information we collect, use, and why
We collect or use the following information to
provide services and goods, including delivery:
Names and contact details
Date of birth
Payment details (including card or bank information for transfers and direct debits)
Health information (including dietary requirements, allergies and health conditions)
Website user information (including user journeys and cookie tracking)
Information relating to compliments or complaints
We also collect or use the following information to
provide services and goods, including delivery:
Health information
We collect or use the following information to
comply with legal requirements:
Name
Contact information
Criminal offence data (including Disclosure Barring Service (DBS), Access NI or Disclosure Scotland checks)
Health and safety information
Lawful Basis
Our lawful bases for collecting or using personal information to provide services and goods are:
Consent
Contract
Legal obligation
Vital interests
Our lawful bases for collecting or using personal information for
legal requirements are:
Consent
Legal obligation
Vital interests
Where we get personal information from
People directly
How long we keep information
Retention Schedule for a Affinitea Wellbeing
1. Client Records
Client Intake Forms: 7 years from the date of the last treatment or consultation.
Session Notes and Treatment Records: 7 years from the date of the last treatment or consultation.
Consent Forms: 7 years from the date of the last treatment or consultation.
Correspondence with Clients: 7 years from the date of the last communication.
2. Financial Records
Invoices and Receipts: 6 years from the end of the financial year they relate to, as required by HMRC.
Payroll Records: 3 years after the end of the tax year to which they relate, as required by HMRC.
Tax Returns and Supporting Documentation: 6 years from the end of the financial year they relate to, in accordance with HMRC guidelines.
Expense Records: 6 years from the end of the financial year they relate to.
3. Business Records
Shareholder/Partnership Agreements: Permanently.
Contracts with Suppliers: 6 years after the end of the contract.
Health and Safety Records: 3 years from the date the records were made, but accident reports should be retained for 40 years if they relate to potential industrial injuries.
Insurance Policies: 6 years after the policy has lapsed, though if claims are made, retain until 6 years after the resolution of the claim.
Business Correspondence (General): 6 years from the date of the correspondence.
4. Staff Records
Personnel Files (including employment contracts): 6 years after the employee has left the organisation.
Disciplinary and Grievance Records: 6 years after the employee has left the organisation.
Training Records: 6 years after the employee has left the organisation.
Accident Records (Employees): 3 years from the date of the incident (or 40 years if related to potential industrial injuries).
Pension Records: 12 years after the end of any benefit payable under the policy, in line with The Pensions Regulator's recommendations.
5. Marketing and Communication
Email Marketing Lists: Retain until the individual opts out or withdraws consent.
Marketing Campaign Records: 6 years from the end of the campaign.
Social Media Communication: As per the platform's retention policy or until no longer needed for business purposes.
6. Legal and Compliance
Complaints and Incident Reports: 6 years after the last action.
Litigation Files: 6 years after the conclusion of the case, or longer if required by legal counsel.
Data Protection Records (including GDPR Compliance): 6 years after the record is superseded or updated.
7. Electronic Records
Client Emails and Digital Correspondence: 7 years from the last contact.
Electronic Financial Records: As per the retention periods for paper-based financial records.
Backups and System Logs: As required by business needs, but ensure compliance with retention periods for the data they contain.
Who we share information with
Emergency services (only where necessary)
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal data.
Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.
You don't usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.
The ICO's address:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
Last updated
01 September 2024