Privacy policy
This privacy notice explains how Fiona McKenzie trading as Human-Centred Health collects, stores, manages and protects your personal data. It outlines the types of data that we hold and how we use them. We take our responsibilities around the correct collection, use and destruction of any personal data seriously and are committed to openness and fairness in the handling of Personal Data. We aim to be clear when we collect information about you and not do anything you wouldn’t reasonably expect.
Fiona McKenzie trading as Human-Centred Health is a Data Controller (as defined by the Data Protection Act 2018 and all applicable laws which replace or amend it, including the General Data Protection Regulation) who will collect and process your personal data, as appropriate and required.
In work for some clients, Fiona McKenzie, trading as Human-Centred Health, also acts as a Data Processor. A summary of data collected and processed is contained on a project-specific data register. All relevant agreements with clients set out data protection clauses.
This policy was last updated in October 2023.
Principles
Article 5 of the UK GDPR requires that any personal data collected shall be:
processed lawfully, fairly and in a transparent manner in relation to individuals
collected for specified, explicit and legitimate purposes
adequate, relevant and limited to what is necessary
accurate and, where necessary, kept up to date
kept in a form which permits identification of data subjects for no longer than is necessary
processed in a manner that ensures appropriate security of the personal data
As a data controller, we are responsible for ensuring compliance with these seven principles.
2. Types of personal information, how we get it, why we have it, and data retention
1) This website collects personal data to power our site analytics, including:
Information about your browser, network, and device
Your IP address
This information may also include details about your use of this website, including:
Clicks
Internal links
Pages visited
Scrolling
Searches
Timestamps
We share this information with Squarespace and Google Analytics, our website analytics providers, to learn about site traffic and activity. The legal basis for processing your data is based on your consent and legitimate interests. The maximum amount of time that Analytics will retain data is 26 months.
2) When someone fills in the contact form on this website, we collect and process the following information:
Name
Email address
The legal basis for processing your data is your explicit consent. This data is held securely within Google Workspace for no longer than is necessary for the purposes for which it is processed and then permanently erased.
3) When someone books a meeting through YouCanBookMe, we may collect and process the following information:
Name
Email address
Phone number
The legal basis for processing your data is your explicit consent. This data is held securely within Google Workspace for no longer than is necessary for the purposes for which it is processed and then permanently erased. YouCanBookMe also hold this data for 24 months.
3. How we store your personal information
All Human-Centred Health data, including personal information, is stored on secure servers. Our storage solutions all comply with ISO/IEC 27001 (an international standard on how to manage information security) in order to securely safeguard your information. The GDPR requires certain safeguards when transferring personal data from outside the EEA, the UK and Switzerland to "third countries," which are all countries outside these protected areas, including the United States.
Squarespace - This website is hosted by Squarespace. Squarespace stores data in multiple Tier III data centers across the United States. Squarespace commits to processing personal data in a way that meets the European Commission Standard Contractual Clauses.
Google Workspace & Google Analytics - Google hosts our workspace, including email, calendar and file storage. Google Analytics tracks website activity. Rather than storing each user's data on a single machine or set of machines, Google distributes all data — including their own — across many computers in different locations. They then chunk and replicate the data over multiple systems to avoid a single point of failure. They name these data chunks randomly, as an extra measure of security, making them unreadable to the human eye. Google’s commitments for international data flows have been confirmed as compliant.
Dropbox - Dropbox provides our primary file back-up storage. Once a file is added to Dropbox, it's synced to their secure online servers. All files stored online by Dropbox are encrypted and kept in secure storage servers. Storage servers are located in data centers across the United States. Dropbox have published a Privacy and Data Protection whitepaper that provides further detail on how they store and protect data.
YouCanBookMe - YouCanBookMe manages our online scheduling for appointments and meetings. They have a clear and helpful privacy policy. Their server infrastructure is provided by Amazon Web Services and is currently based in the United States (although servers may from time to time be based in other countries). Certain of their processors may be based outside of the EEA, if so then they will ensure that the relevant transfer is subject to appropriate safeguards as required by Article 46 GDPR.
Details about what information we keep, for how long, and how we dispose of it is listed above.
Under data protection law, you have rights including:
Your right to be informed - You have the the right to be informed about the collection and use of your personal data.
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
For further information on these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office on individual rights under the General Data Protection Regulations. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us if you wish to make a request:
email – fiona@humancentredhealth.co.uk
post – Human-Centred Health, 4 Icknield Rise, Great Chesterford, CB10 1FG.
4. Your data protection rights
If you have any concerns about our use of your personal information, you can make a complaint to us at fiona@humancentredhealth.co.uk. You can also complain to the Information Commissioner’s Office if you are unhappy with how we have used your data.
The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
5. How to complain
Fiona McKenzie trading as Human-Centred Health