Please take the time to read through this information carefully.
Olive Tree Holistic Therapies respects and protects your privacy. This notice sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website at www.olivetreetherapies.com and me, Diogo André Duarte, the website owner. Furthermore, the way I use, store and protect any personal data I collect from you, or that you provide to me, will also be detailed within this notice.
Please note Olive Tree Holistic Therapies and Diogo Andre Duarte are used interchangeably.
The information I collect
When you book an appointment I collect personal details such as your name, email and telephone number. This information is used to identify you and contact you about the appointments and services you have booked.
To provide a safe and effective massage treatment I also need to collect information such as your medical background and lifestyle choices. I do this via the consultation form, hosted by Google, which can be accessed here. The information collected in this form is only used to make sure your treatment is as effective as possible.
Whilst you use the website I also receive information about your computer such as your IP address, operating system and browser details. This information helps me provide a better website experience for you.
When you buy a gift voucher I collect personal details such as your name, email, recipient’s name and possibly a postal address. This information is used to identify you and provide the service you have requested.
If you are contacting me through Facebook.com or any of its companies to book an appointment, I collect your name, email and phone number in order to get in touch with you to arrange that appointment.
When signing up/opting in to my newsletter via my website or Facebook.com or any of its companies, I collect your name and email in order to send you a newsletter for marketing purposes.
After your treatment, I will keep minimal, succinct and factual notes about your treatment and health which I review before each appointment in order to provide you with the best service possible.
From the 22nd July 2020, there will be an additional declaration form for the client to complete and sign stating that:
The client has not been in contact with anyone with Covid-19, in the last 14 days, to their knowledge
The client does have any of the following symptoms - dry cough, temp over 37.8°C, loss of smell and/or taste
Should the client contract the virus they must inform me as soon as possible
Should the client contract the virus and I am made aware of it, I am obliged to inform NHS Scotland Test & Protect
There will also be a signed declaration from me stating the same declaration, which will be given to the client.
All first-time and follow-up consultations will be carried out initially via a Google Form and then via telephone or via video conferencing rather than face to face (if required).
When you provide me with your personal information in the course of booking an appointment, completing your consultation form, making a payment or contacting me about my services, you are giving your consent to me collecting that information and using it for that specific reason.
I will not use your personal information for any secondary reason, like marketing, unless you’ve given us consent to do so when opting in to my newsletter.
How do I withdraw my consent?
For the purpose of legal protection I am required to hold the personal information you have given to me in the consultation form, as well as notes about treatments provided to you for a period of five years.
Five years after your last treatment I will permanently delete all your personal information that I hold.
If you withdraw your consent during the five year retention period, I will archive your data until the five year period expires.
Whilst your information is archived, I will not access or process it in any way except if needed for legal protection or if I'm required to do so by law.
Should you wish to withdraw your consent at any time please email firstname.lastname@example.org with your request.
How can I access, update or amend my personal information?
You have the right to review the personal information I store about you and your massage sessions at any time. These will be sent by email, in a Microsoft Word password protected document attachment. You also have the right to request I update or amend your data if it is incorrect.
To action any of these rights at any time please email email@example.com with your request.
Unless required to do so by law, I will not otherwise share, sell or distribute any of the information you provide to me without your consent.
Data handling and storage
Your data is stored through Google, Trello and Facebook using their data storage facilities and databases, on secure servers which are always encrypted when in storage and whilst being transmitted across the internet. Two-step verification is enabled on all platforms to ensure the information held there is as secure as possible. Covid-19 disclosure forms are kept in a secure locked cabinet in the premises.
If you choose to pay for your massage with a debit or credit card your information will be passed to my payment processor iZettle for card payments in person. I never store your credit card details, it is always processed by third-parties. It is encrypted through the Payment Card Industry Security Standard (PCI-DSS).
iZettle adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
In general, the third-party providers I use will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information I am required to provide to them for your purchase-related transactions. For these providers, I recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in the UK and your transaction is processed by a payment gateway located in the United States, then your personal information used to complete that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
All direct payment gateways offered by Wix.com and used by their company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
When you click links on my website, they may direct you away from our website. I am not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
To protect your personal information, I take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, I follow all PCI-DSS requirements and implement additional generally accepted industry standards.
If this business is acquired or merged with another business, your information may be transferred to the new owners so that they may continue to provide you with the massage services you have requested.
To request your information, or if you have any questions about how your information is collected, stored and used, please email firstname.lastname@example.org
Questions and contact information
If, for any reason, you are unhappy with how I am handling your data, please raise your concerns with me first, so that we can seek a resolution. If you are still not satisfied, then you have the right to complain to the Information Commissioner’s Office (ICO).
This information is collected by me in accordance with the guidelines set out in the General Data Protection Regulation (GDPR), Articles 6.1(b), 9.2(h) and 9.3.
Olive Tree Holistic Therapies is registered with the Information Commissioner's Office under the founder and owner’s name Diogo Andre Duarte. Registration Reference: ZA76997.
I will never lease, distribute or sell your personal information to any third parties.
Legal basis for storing data
FAO: Diogo Andre Duarte
20/2 North Junction Street
Last updated: 21 October 2022