PRIVACY POLICY

LAST UPDATED: 20th MAY 2018

This policy (together with our Terms of Website Use and any other documents referred to on it) sets out the basis on which we, Wellness Gypsy, will process any personal data we collect from you, or which you provide to us, in the course of using our site www.wellnessgypsy.com (“site”). For the purpose of the Data Protection Act 1998 we are the data controller.

1. DEFINITIONS

1.1 In this Privacy Policy, the following terms shall have the meanings set outbelow:

1.1.1 “Applicable Law” means any laws or regulations, regulatory policies, guidelines or industry codes (whether national or international) which apply to Company (or any of its Sub-Processors) and/or the provision of or the subject matter of the Services in each case as in force from time to time;

1.1.2 In this policy, when we refer to “we”, “us”, “Company” or “Wellness Gypsy”, this refers to registered company Gillian Kennedy Ltd (Companies House number 10094492) trading as Wellness Gypsy.

1.1.3 “Customer” means a Customer or any entity that owns or controls, is owned or controlled by or is or under common control or ownership with Customer where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise;

1.1.4 “Customer Personal Data” means any Personal Data Processed by Company on behalf of a Customer pursuant to or in connection with the Principal Agreement;

1.1.5 “Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;

1.1.6 “EEA” means the European Economic Area;

1.1.7 “EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;

1.1.8 “GDPR” means EU General Data Protection Regulation 2016/679;

1.1.9 “Personal Data” means any data that relates to an identified or identifiable natural person and where such data is protected under applicable Data ProtectionLaws;

1.1.10 “Principal Agreement” means the agreement or agreements between Company and the Customer for the Services Company is providing them.

1.1.11 “Service/s” means the services and other activities to be supplied to or carried out by or on behalf of Company for the Customer pursuant to the Principal Agreement;

1.1.12 “Sub-processor/s” means any person (including any third party and any Company Affiliate) appointed by or on behalf of Company or any Company Affiliate and that Processes Customer Personal Data on behalf of any Customer; and

1.1.13 “Company Affiliate/s” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Company, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.

1.2 The terms, “Commission“, “Controller“, “Processor“, “Data Subject/s“, “Member State“, “Personal Data Breach“, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their associated terms shall be interpreted accordingly.

2. INTRODUCTION

2.1 We are committed to safeguarding the privacy of Individuals or Customers visiting our website or interacting with us in any way, including any third-party applications controlled by Wellness Gypsy.

2.2 This Privacy Policy applies where we act as a data controller with respect to the personal data of our website visitors, Customers and service users; in other words, we determine the purposes and means of the processing of that personal data. It therefore governs our data collection, processing and usage practices. It also describes our choices regarding use, access and correction of your personal information. By using our website or our applications, you consent to the data practices described in this privacy policy. If you do not agree with the data practices described in this privacy policy, you should not use our website or our applications.

2.3 We may change this privacy policy from time to time. Please review our privacy policy whenever you access our services to stay informed about this policy.

3. Processing of Customer Personal Data

3.1 Scope of this Privacy Policy and Role of Parties. This Privacy Policy applies to the Processing of Personal Data by Company in the course of providing the Services. For the Purposes of the Services and this Privacy Policy, the Customer is the Controller(s) and Company is the Processor and shall be Processing Personal Data on the Customer’s behalf, the Customer receiving the Services as principal.

3.2 Instructions for Processing Personal Data. Company shall Process Personal Data as reasonably necessary for the provision of the Services arising from the Principal Agreement (inclusive of this Privacy Policy) and in accordance with Customer’s documented instructions which, unless expressly agreed otherwise, shall at all times be consistent and in accordance with the nature of the Principal Agreement. Company may terminate the Principal Agreement if Customer provides instructions to Process Personal Data which are inconsistent with the Principal Agreement, or which Company could not comply with, without (i) incurring material additional costs or (ii) undertaking material variations to the manner in which the Services are provided which variations Company does not propose to introduce in respect of the majority of its other customers. Company may Process Personal Data otherwise than in accordance with Customer’s instructions if required to so by Applicable Law. In such case Company shall inform Customer of that legal requirement, unless prohibited from doing so by Applicable Law.

3.3 Compliance with Laws. Company, in Processing the Customer Personal Data in accordance with Clause 3.2 above, shall comply with all applicable Data Protection Laws. Company shall not be responsible for complying with Data Protection Laws applicable to the Customer or its industry that are not otherwise consistent with the provision of the Services or if, and to the extent that, the relevant provision of Data Protection Law would not also apply to Company provision of services equivalent to the Services to other customers. Customer shall comply with all Data Protection Laws applicable to Customer as Controller.

4. PROVIDING PERSONAL DATA TO SUB-PROCESSORS

4.1 We may provide your personal data to our professional advisors for the purpose of obtaining advice and improving our services, if this is reasonably necessary.

4.2 We may provide your personal data to Sub-processors if it is reasonably necessary.

4.3 We may provide your personal data to be handled by our payment services providers for the purpose of processing your payment.

4.4 Subject always to section 3.2 above, each Customer authorizes Company to appoint Sub-processors in accordance with this section 4 to Process Customer Personal Data. Company shall be responsible for ensuring that each Sub-processor has entered into a written agreement requiring the Sub-processor to comply with terms no less protective than those provided in this Privacy Policy.

4.5 Notification of New Sub-processors. Company may continue to use those Sub-processors already engaged by Company or any Company Affiliate as at the date of this Privacy Policy.

4.6 Sub-processor Objection Right. This section 4.6 shall apply only where and to the extent that Customer is established within the EEA or where otherwise required by Data Protection Laws applicable to the Customer. In such an event, If Customer notifies Company in writing of any objections (on reasonable grounds) to a Sub-processor added to the Sub-processor List within fourteen (14) days after the date of the applicable Sub-process or Notice:

4.6.1 Company shall work with Customer in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that Proposed Sub-processor; and

4.6.2 where such a change cannot be made and Company choose to retain the Sub-processor, Company shall notify Customer at least fourteen (14) days prior to the authorisation of the Sub-processor to Process Personal Data and the Customer may discontinue using the relevant services and terminate the relevant portion of the Services which require the use of the Proposed Sub-processor immediately upon written notice to Company, such notice to be given by Customer within thirty (30) days of having been so notified by Company.

5. COMPANY PERSONNEL

5.1 Personnel Reliability. Company shall take reasonable steps to (i) require background screening and to ensure the reliability of any personnel who may have access to the Customer Personal Data or the Customer environments in which the Personal Data is processed, ensuring in each case that access is strictly limited to those individuals who need to know or access the relevant Customer Personal Data, as strictly necessary for the purposes of the Principal Agreement; and (ii) ensuring that any personnel are informed of the confidential nature of Personal Data, have received training, and are subject to confidentiality obligations or professional or statutory obligations of confidentiality.

5.2 Data Protection Officer. Company have appointed a data protection officer. The appointed person may be reached at info@angelas75.sg-host.com.

6. SUPPORT IN COMPLYING WITH DATA SUBJECT RIGHTS

6.1 Requests from Data Subjects. Customer acknowledges, as part of the Services, it is responsible for responding to any Data Subjects’ request under any Data Protection Law to exercise the Data Subject’s right of access, right of rectification, restriction of Processing, right to be forgotten, data portability, object to processing, or its right not to be subjected to an automated decision-making process (“Data Subject Request”). Company shall:

6.1.1 to the extent permitted by Applicable Law, promptly notify Customer if it receives a Data Subject Request from a Data Subject; and

6.1.2 taking into account the nature of the Processing, reasonably assist Customer to access Customer Personal Data to the extent that Customer Personal Data is not accessible to Customer (as part of the Services) to fulfil the Customer’s obligations, as reasonably understood by Customer, to respond to Data Subject Requests and to comply with Data Protection Laws.

6.2 Government and Law Enforcement Authority Requests. Unless prohibited by Applicable Law or a legally-binding request of law enforcement, Company shall promptly notify Customer of any request by government agency or law enforcement authority for access to or seizure of Personal Data.

7. SECURITY

7.1 We take reasonable measures to help protect personal information from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction.

7.2 Return and Deletion of Personal Data. Upon termination of the Services, Company shall at Customer’s option, return and/or delete any Personal Data retained on the Services in accordance with the terms of the Principal Agreement and not retain any copies unless Company is required to do so by Applicable Law.

8. OPT-IN AND OPT-OUT

8.1 If Customer signs up on Compay website to hear more about Company products and services, we will ensure that Customer has an easy to understand opt-in solution that allows the choice to opt-in to receive any type of communication.

8.2 Company’s opt-in form clearly describes for what purpose the data provided by the Customer provides to us will be used with Customer consent. In most cases this will be to email Customer from time to time with products, services and information.

8.3 If Customer opts-in or consents to receive communication from Company, an easy option to opt-out again will be provided should Customer no no longer wish to receive further communication.

8.4 If Customer chooses to opt-out of receiving communication from Company, and this hinders us in providing services requested by Cusotmer, and/or paid for to Company, notification will be given to Customer that we will no longer be able to provide such services.

8.5 If Customer is a visitor to our website, and have chosen to opt-in to receive promotional emails from Company, the Customer will furthermore have the opportunity to opt-out of receiving any promotional emails by following the instructions in those promotional emails that are sent to Unsubscribe.

8.6 Customer may instruct Company to not process your personal data for any marketing purposes at any time.

9. ADDITIONAL EUROPEAN TERMS

9.1 General Data Protection Regulation. With effect from 25 May 2018, Company will Process any Personal Data in accordance with the requirements of GDPR as directly applicable to Company provision of the Services.

9.2 Subject Matter, Nature, Purpose and Duration of Data Processing. Company will Process Customer Personal Data to provide the Services. The duration of the Processing of Personal Data shall be for the term of the Principal Agreement.

9.3 Types of Personal Data and Categories of Data Subjects. The types of Personal Data and categories of Personal Data shall be those determined by the Customer being the Customer Personal Data which, along with the categories of Data Subjects, may be more particularly described in the Principal Agreement.

10. CUSTOMER RIGHTS

10.1 Customer has the right to instruct Company to hand over information held about said Customer.

10.2 Under the data protection law the Customer has the right of access as described here https://gdpr-info.eu/ART-15-GDPR/

10.3 Under the data protection law the Customer has the right to rectification as described here https://gdpr-info.eu/ART-16-GDPR/

10.4 Under the data protection law the Customer have the right to erasure as described here https://gdpr-info.eu/ART-17-GDPR/

10.5 Under the data protection law the Customer has the right to restriction of processing as described here https://gdpr-info.eu/ART-18-GDPR/

10.6 Under the data protection law the Customer has the right to complain to a supervisory authority as described here https://gdpr-info.eu/ART-19-GDPR/

10.7 Under the data protection law the Customer has the right to data portability as described here https://gdpr-info.eu/ART-20-GDPR/

10.8 Under the data protection law the Customer has the right to object as described here https://gdpr-info.eu/art-21-gdpr/

ACCEPTABLE USE POLICY

This is the acceptable use policy, which, together with our terms of website use, Terms of Use, sets out the terms under which we Wellness Gypsy allow you to use our site www.wellnessgypsy.com (“site”) whether you are a visitor or a registered user. All enquiries should be directed to info@angelas75.sg-host.com Please read the terms of this policy carefully, as by using our site you indicate that you agree to comply with and be bound by them.

PROHIBITED USES OF OUR SITE
Whether you are a visitor or registered user, you must comply with our terms of website use Terms of Use, and use our site for lawful purposes only. In particular, you must not use our site for the uses listed (without limitation) below:

• any fraudulent activity;
• any activity which breaches any applicable law or regulation, whether national or international;
• any activity which may cause or result in harm to a child under 18 years of age;
• sending unsolicited advertising or other content (spam), or entering into any arrangement for such material to be sent;
• reproducing, selling or otherwise handling our site or its contents in breach of our terms of website use;
• knowingly introducing to our site, or transmit or attempt to transmit to any other site, computer or network, viruses, trojans, worms, logic bombs or other material, code or program which is malicious or technologically harmful;
• attempting to gain unauthorized access to our site, our software, our server, or any server, computer or database connected to our site; or
• attacking our site via a denial-of-service attack or a distributed denial-of service attack.

CONTRIBUTING AND INTERACTING

When you upload material to our site, or make contact with other users of our site, you must comply with our Acceptance of Use Policy. If you upload material in breach of our Acceptable Use Policy and we suffer loss as a result, you will reimburse us for such loss. Any material you upload to our site will be considered non-confidential and non-proprietary and we have the right to use, copy, distribute and disclose it to third parties. If any third party claims that any material posted or uploaded by you to our site violates their intellectual property rights, or their right to privacy, we have the right to disclose your identity to them. We will not be responsible, or liable to any third party, for the content or accuracy of any materials posted by you or any other user of our site. We have the right to remove any material or posting you make on our site if, in our opinion, such material does not comply with the content standards set out in our Acceptable Use Policy.

In addition, any contribution or interaction must not include any material which (without limitation):

• is defamatory, obscene, offensive, hateful or inflammatory;
• is, or refers to material which is, sexually explicit;
• promotes violence, illegal activity or any form of discrimination;
• infringes any other person’s copyright, database right or trade mark;
• threatens, harasses, upsets, embarrasses, alarms or annoys any other person, or is likely to do so;
• advocates, promotes or assists any illegal activity;
• is likely to deceive any person or is made in breach of a legal duty owed to a third party (such as a duty of confidence);
• invades another’s privacy or cause inconvenience or anxiety to any person;
• is used to impersonate any person, or to misrepresent your identity or affiliation with any person; or
• gives the impression that the material emanates from us, if this is not the case.

INTELLECTUAL PROPERTY RIGHTS

We are the owner or the licensee of all intellectual property rights in our site and the material published on it. Those works are protected by copyright laws and treaties around the world. All such rights are reserved. You must not use any part of the materials on our site for commercial purposes without a license from us or our licensors. You may not reproduce in any format (including on another website) any part of our site (including content, images, designs, look and feel) without our prior written consent. If, in our opinion, you are in breach of these provisions, your right to use our site will cease immediately and you must either return or destroy (as required by us) any copies of the materials you have made.

RELIANCE ON INFORMATION AND LINKS

The contents of our site (including links to other sites and resources provided by third parties) are for information only, and we shall not be liable for any use of, or reliance on, such materials. It shall be your own responsibility to ensure that any products, services or information available through this website meet your specific requirements.

LINKING TO OUR SITE

You may link to our home page only if you have first obtained our written consent and provided that you do so in a way that is fair and legal and does not damage our reputation or take advantage of it. We reserve the right to withdraw linking permission without notice. The website from which you are linking must comply in all respects with our Acceptance of Use Policy and must be owned by you. You must not link in such a way as to suggest any form of association, approval or endorsement on our part where none exists. Our site must not be framed on any other site, nor may you create a link to any part of our site other than the home page. If you wish to make any use of material on our site other than that set out above, please address your request to  gillkennedy@angelas75.sg-host.com.

 OUR LIABILITY

The material displayed on our site is provided without any guarantees, conditions or warranties as to its accuracy. To the extent permitted by law, we hereby expressly exclude:  All conditions, warranties and other terms which might otherwise be implied by statute, common law or the law of equity. Any liability for any direct, indirect or consequential loss or damage incurred by any user in connection with our site or in connection with the use, inability to use, or results of the use of our site, any websites linked to it and any materials posted on it (whether by us or a third party), including, without limitation any liability for: loss of income or revenue; loss of business; loss of profits or contracts; loss of anticipated savings; loss of data; loss of goodwill; wasted management or office time; and for any other loss or damage of any kind, however arising and whether caused by tort (including negligence), breach of contract or otherwise, even if foreseeable. This does not affect any liability which cannot be excluded or limited under applicable law.

JURISDICTION AND APPLICABLE LAW

The English courts will have exclusive jurisdiction over any claim arising from, or related to, a visit to our site. These terms of use and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales.

 MODERATION

If we at any time use our site to provide users with any interactive service, the following moderation provisions will apply:- we will notify users if moderation is in place, and, if so, whether the moderation is provided by a person or is automated; if moderation is in place, we will give you a means to contact the moderator; although we will do our best to assess any risks which such interactive service may pose, we will be under no obligation to moderate it, and we expressly exclude any liability for any loss or damage to any person caused by use of it; and children should at all times be supervised when using the interactive services on our site, whether such services are moderated or not.

BREACHES OF THIS POLICY

Any breach of this acceptable use policy will be dealt with in the same way as breach of our terms of website use Terms of Use and we reserve the right to take any other action we reasonably deem appropriate, including restricting your use of our site and/or taking legal action against you. We are not liable for any loss or damage caused by any breach of this acceptable use policy.

AMENDMENTS

Please check this page regularly, as we may revise this acceptable use policy at any time. We may also change or update our acceptable use policy at any time by means of notices published anywhere on our site.