At Tosh Brittan Ltd (“The Company”) we are committed to protecting and respecting your privacy and we are fully compliant with the Data Protection Act (2018).
We collect information from you about you and any children you hold parental or delegated responsibility for, which is known as ‘personal data’.
This policy explains when and why we collect personal data and how we use it, the limited conditions under which we may transfer it to others and how we keep it secure.
We may update this policy from time to time in line with statutory changes. By using our website, you acknowledge that you have read and understood this policy.
Any questions regarding this policy and our privacy practices should be sent by email to firstname.lastname@example.org by writing to Tosh Brittan at the registered address below.
Who are we?
We are Tosh Brittan Ltd (“The Company”), comprising of Tosh Brittan, also known as the Divorce Goddess. The registered address is No. 11 Weysprings, Haslemere, Surrey GU27 1DF.
How do we collect information from you?
We obtain personal data about you when you use our website, when you contact us about products and services, when you register with us as a new client, when you attend Mindfulness Coaching sessions, workshops and other events and when you make a payment to the Company.
What type of information is collected from you?
The personal information we collect includes your full name, contact details including address, email address, and telephone numbers, age, IP address, and information regarding what pages are accessed and when (cookies). Additionally, in the course of your client relationship and coaching sessions with Tosh Brittan we will gather further personal data from you, some of which may be considered special categories (sensitive) of personal data and therefore needing additional protection. A Data Protection Policy is maintained by Tosh Brittan Ltd and details the handling of any special categories of data.
If you make a payment online or purchase a product from us, your card information is not held by us, it is collected by our third-party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.
How is your information used?
We may use your information to:
- process enquiries that you have submitted;
- process orders that you have submitted;
- to fulfil any contract between you and the Company,
- to manage our client relationship with you;
- to communicate with you in the legitimate interests of the Company,
- to manage entries into a competition;
- to seek your views or comments on the services we provide;
- to notify you of changes to our services;
- to send you communications that may be of interest to you;
- to process a job application.
We work closely with various third-party product providers to bring you a range of quality and reliable products and services designed to meet the needs of clients. In the legitimate interests of Tosh Brittan Ltd, from time to time we send to clients carefully curated information about retreats, courses and other relevant information. You can unsubscribe from these notifications at any time. A legitimate interest assessment has been carried out and is regularly reviewed.
For all special categories of personal data and all data relating to children who attend sessions and workshops we obtain specific, written consent from the individual if 18 or over or from their parent or guardian if under 18.
How long will we keep your personal data?
We review our retention periods for personal information on a regular basis.
For personal data where there is a legal obligation, we will retain the data for as long as we are required to in order to fulfil our legal obligation, for example financial information for HMRC we retain for 7 years and Health and Safety records we retain until age 21 for children or for 3 years after the incident for adults.
For personal data about clients where there is no legal obligation to keep the data, we retain for a period of one year after your last session
For job applications we retain data for a period of six months after receipt of the application.
For all general enquiries received by email we keep data for a period of six months after receipt.
Transfer of data to third parties
We transfer data to third parties such as HMRC and the Home Office to meet our legal obligations, in response to a court order or for the purposes of prevention of fraud or other crime.
In the legitimate interests of the company we may sometimes transfer limited personal data to professional advisers such as legal advisors, financial or other business advisors. In all cases we transfer only what is needed and always by the most secure method available to us.
When you are using our secure online payment pages, your donation is processed by a third-party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. At the time of the latest review of this policy the Company is using PayPal. If you have any questions regarding secure transactions, please contact us.
Transfer of data outside the EU
Personal data may also be held on Cloud based IT devices, which means that personal data may be transferred outside of the EU. Where this is the case, the Cloud based IT device has confirmed that it has appropriate safeguards in place. For example, we use Google Drive which transfers data to the US. Google Drive is certified under the EU-US Privacy Shield Framework. This means that the country to which your personal data is transferred (the US) is deemed to provide an adequate level of protection for your personal information.
Keeping your data accurate
The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or any of the other information we hold is inaccurate or out of date please email email@example.com.
The Data Protection Act (2018) gives all data subjects enhanced rights over their own personal data:
- The right to be informed what personal data we collect from you, what we are doing with it and how long we are keeping it; we inform you via this privacy notice.
- The right to withdraw your consent for any personal data we process based on your express written consent.
- The right to access the personal data we hold about you. You may do so by writing to the Tosh Brittan as detailed below.
- In limited cases you have the right to object to our processing your data or restrict processing, but this will not apply to data we process to meet our legal obligations.
- The right to erasure. This is the right to be ‘forgotten’ and it applies to any data we do not hold for legal obligations. We may keep limited data in our legitimate interests to ensure a person who wishes to be forgotten is not contacted by including basic name and email data on a ‘no-contact’ list.
- You have the right to correct your data if you believe it is inaccurate.
- The right to complain to a supervisory authority.
To exercise any of your rights about or if you are unhappy with how we have processed your data, please contact Tosh Brittan, Director of the Company by email at firstname.lastname@example.org or by writing to our registered address below. In all cases we will respond without undue delay and within 30 days.
If you are unsatisfied with the response from us, you have the right to complain to the Information Commissioner’s office at www.ico.org.uk
Security of your personal data
When you give us personal information, we take steps to ensure that it’s processed securely. The Company has security precautions in place to protect the loss, misuse or alteration of your personal data and our security arrangements are reviewed and updated regularly.
Any sensitive information (such as credit or debit card details) is encrypted and protected with 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear in front of the website address in web browsers such as Microsoft Internet Explorer and at the bottom of your screen. If you are in any doubt about the security of your payment, do not complete the transaction and instead contact us directly at email@example.com.
For information collected from you and recorded on paper forms we hold all records securely in locked filing cabinets, accessed only by the Company. Wherever data can be minimised or anonymised to avoid identification of individuals, we do so. When transporting hard copy (paper) data between sessions, data is stored securely and locked away when not in use.
We use password protection on documents emailed to you which may contain sensitive (special categories) of personal data. We inform you of the password in a separate email. When emailing clients we use only the registered email address for the client and do not email any data to general email addresses which we cannot verify is solely for the use of the client.
All company electronic devices including computers, tablets and mobile telephones are password protected and recommended anti-virus software is run regularly. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Regular backups are maintained and stored securely under lock and key.
Use of ‘cookies’
It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies off may result in a loss of functionality when using our website.
Links to other websites
In addition, if you linked to our website from a third-party site, we are not responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you read the policy of that third-party site.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in January 2019.