It is the policy of Kathryn O’Halloran of Mindful Way to collect, process and share your Data provided to me by you in order to carry out the services requested by you and any contact in relation to those services only. Your Data will not be used for any other purposes other than those explicitly stated in this policy or requested by you in your dealings with me.
1. The Identity of the Controller.
You are hereby informed that the Data that you provide is collected, used, protected, processed and shared by Kathryn O’Halloran
2. Collection of Data
I may collect Data about clients, prospects and visitors.
Your Data are collected when you contact me via email or by phone; when you fill in an online application form; when you use the contact form or sign up form on my website; when you opt in to my mailchimp mailing list; browse my website.
Data I collect fall into the following categories:
These Data are gathered directly from you via online application form, email and phone, mailchimp mailing list, contact form and sign up form on website.
Data is also gathered directly from referrals to me.
Browsing history is collected via automated methods.
2.1 Information you provide
I process Data you provide directly to me.
For example, I collect Data when you fill in an online application form, make an enquiry for my services, use the services, participate in a course or otherwise communicate with me.
The Data may include the following data as well as any other type of information that I specifically request you to provide to me through my online application form, phone call or by email, such as:
Date of Birth
Relevant Physical, Mental & Emotional History
Any experience with Mindfulness, Meditation & Yoga
Current state of health
2.2 Data I collect automatically when you use my online services
When you access or use my website, or open a group email I automatically collect information about you:
3. How I use Data
I may use information about you for the following purposes:
provide and deliver the service you request, send you related information including payment requests
Send you updates on courses schedule.
Respond to your enquiries , questions, comments and provide support.
Monitor and analyse trends, usage and activities in connection with the website and mailchimp newsletter campaigns
According to GDPR, each Data processing is performed on one of the following legal basis:
The performance of the service requested by you.
4. How I share your Data
I will share your details with another service provider on your request.
In response to a request for information if I am required by, or believe disclosure is required by, any applicable law, regulation or legal process, including in connection with lawful requests by law enforcement, national security, or other public authorities.
5. The period of Data retention
All sensitive data on online application forms is deleted once the course is complete. Name, email, phone number and attendance of MBSR participants is stored in google drive so I can use it as a reference if client takes another MBSR course with me.
Administration forms are destroyed once course is complete.
Email addresses are stored on mailing list unless client unsubscribes.
I am committed to taking appropriate measures designed to keep your Data secure. My technical, administrative and physical procedures are designed to protect Data from loss, theft, misuse and accidental, unlawful or unauthorised access, disclosure, alteration, use and destruction.
7. Your rights
Under the GDPR 2018 individuals have the significantly strengthened rights to:
Obtain details about how their data is processed by an organisation or business;
Obtain copies of personal data that an organisation holds on them;
Have incorrect or incomplete data corrected;
Have their data erased by the organisation, where, for example, the organisation has no legitimate reason for retaining the data;
Obtain their data from an organisation and to have that data transmitted to another organisation ( Data Portability);
Object to processing of their data in certain circumstances;
Not to be subject to (with some exceptions) automated decision making, including profiling.
8. In the event of a Breach
Every precaution will be taken to avoid a breach of your Data, but if such a breach should occur, it will be documented , assessed as to its severity and appropriate action taken. The Data Protection Commissioner will be informed and An Garda Siochana will be contacted for assistance and you will be contacted to help you take steps to mitigate risks to yourself, if it is deemed a severe enough breach as to put you, your identity etc. at risk.