PRIVACY NOTICE – 5Elements services Ltd.
Please read and acknowledge this privacy notice relating to the processing of your personal data by our organisation.
Our aim is to ensure that at all times your personal data is protected by our organisation and that when processing your personal data we are in compliance with the General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (DPA), collectively referred to as the ‘Data Protection Laws’.
The Data Protection Laws aim to set a new standard for how companies use and protect individuals’ data.
We take the processing of your personal data very seriously and we view the Data Protection Laws as an opportunity to enhance our commitment to data protection for your benefit.
Purpose of this Privacy Notice
This Privacy Notice is aimed at ensuring that you are aware of:
– The identity and contact details of the person(s) responsible for processing your personal data;
– The different categories of your personal data which we intend to process;
– The reasons why we intend to process your personal;
– To whom we share your personal data;
– How we process your personal data in compliance with the Data Protection Laws;
– Your rights under the Data Protection Laws;
– How you can make a complaint.
Services Provided by Us
5Elements Services Ltd. Is an over 18’s only entertainment service that provides psychic readings and distance Reiki healing to clients both located within the U.K.
5Elements Services Ltd. Also has an online shop from which jewellery, such as semi-precious stone bracelets and Malla beads can be purchased. 5Elements Services Ltd only processes personal data in order to fulfil its contractual obligations with you or for other lawful reasons in line with the GDPR.
Roles & Responsibilities
The Controller is responsible for ensuring that the terms of the privacy notice are adhered to by all the employees, sub-contractors etc of the organisation.
- The Controller is accountable under the DATA PROTECTION LAWS
- Controller: Nadia Maria Ochoa
You can contact the following Controller if you require any assistance regarding the processing of your personal data:
- Controller’s Contact Details
Phone no: 07507893490
Data Protection Officer (DPO)
– DPO: Nadia Maria Ochoa
– DPO’s Contact Details: 5Elementsweb@gmail.com
Your Personal Data that we may process
Personal data means any information about an individual from which that person can be identified.
We may collect the following information from you when you use the website and/or its related services, or if you contact us directly. Depending on your level of interaction within our website and services we may collect the following information:
- Your full name;
- Date of birth;
- Telephone number(s);
- Financial and transaction details;
- Personal description;
- Photo ID;
- Technical data – Includes internet protocol (IP) address; the browser and device you use, pages viewed, links clicked, cookie details, client engagement requests and related call connection times and sequences, messages and reviews, content, testimonials and any other information that you disclose to us whilst using our website and services. Additionally any technical data that we are obligated to retain as part of our legal compliance requirements.
- If applicable, marketing & communication data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Voice and call recording.
- In addition we will typically keep a record of any direct correspondence if you contact us.
- Details of the product that you are purchasing.
- Additional personal information (for a custom order of jewellery for example).
If you fail to provide us with your Personal Data
In the event that we need to collect your personal data by law, or under the terms of a contract we have with you and you fail to provide us with such personal data; this may lead us to terminating our contract with you. If this is the case, we will notify you in writing of our reasons for termination.
How we collect your Personal Data
We collect personal data via the following means:
– directly from you; or
– from third parties
If we do obtain some personal data from third parties, we will inform you of the source.
Third parties to whom we share your Personal Data – Recipients
- In response to a request for information if we believe disclosure is in accordance
with any applicable law, regulation or legal process, or as otherwise required by any applicable law, rule or regulation.
- If we believe your actions are inconsistent with the character or language of our user agreements or policies, or to protect the rights, property and safety of the website, company and employees.
- With your consent or at your direction, including if we notify you through the website, service or otherwise that the information you provide will be shared in a particular manner and you provide such information.
- Third party service providers and our group companies who process your personal data on our behalf for the purposes set out in this policy.
We do not sell your information to advertisers or other third-parties
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will only transfer personal data to third parties that comply with the Data Protection Laws.
Reasons for Processing your Personal Data
Principle 1 – Lawful Purpose
We will be processing your personal data in order to ensure that we can:
– Fulfil our obligations with you under our contract of services with you.
– For legal obligations
– Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
– To protect your vital interests or to protect the vital interests of another third party.
– For public task reasons If you have provided us with ‘consent’.
– To fulfil your order.
Principle 2 – Specific Purpose & Limited
At all times when we process your personal data including sensitive data will aim to process it for a specific and limited purpose in order that we fully comply with this principle.
Principle 3 – Adequate, Relevant & Limited
We only want to keep your personal data and sensitive data which is adequate, relevant & limited for the purposes used by our organisation.
Principle 4 – Accuracy of your Personal Data and keeping it up to date
We want to ensure that your personal data is kept up to date and therefore if any of your personal data changes please kindly update us by contacting our Controller.
We will take reasonable steps to ensure that your personal data is kept accurate and up-to-date.
Principle 5 – Retention Periods
We will keep your personal data for the duration of our contractual relationship with you and for a further period as specified in our ‘Retention Policy’.
Our aim is to ensure that we limit the retention periods and retain only personal data for legitimate purposes.
Principe 6 – Ensuring Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have processes in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. If you think that any part of our process is not secure, please email us at: 5Elementsweb@gmail.com
Transfer of Your Personal Data to the EU, Third Countries or International organisations
Some of our third party service providers are based outside the European Economic Area (“EEA”) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
While we keep your personal data you have the following rights:
– Right to be informed
– Right to all of your personal data, known as a ‘Subject Access Request’
– Right to the restriction of personal data
– Right to rectification of your personal data
– Right to object to the processing of your personal data
– Right to erasure of your personal data
– [Right to data portability] – if applicable
– Right not to be subjected to automated decision making processing (including profiling)
– Right to be notified
– Right to seek judicial review
– Right to make a complaint to the supervisory authority [ICO]
Subject Access Request requirements
If you require your personal data, you can request this verbally, however as we need to first verify your ID you will need to carry out the following:
- Complete a SAR Form; and
- complete and return the SAR Form with the respective ID documents.
We will not be under any obligation to provide you with any personal data unless we receive your SAR Form and we have verified your ID.
Contact: Nadia Maria Ochoa
Subject Access Requests – Time-scale
We aim to process the SAR within 1 month from the point we receive verification of your ID, however as your personal data may also be with an external archiving company it may take a further 2 months to be retrieved.
We aim to provide your SAR, free of charge, in an electronic format, unless you require your personal data in a hard-copy format. We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Subject Access Request Notice – SAR Notice
When we provide you with your personal data we will also provide you with a SAR Notice which will comprise of the following information:
- The purposes of the processing;
- The categories of personal data (including sensitive data);
- The recipients to whom the personal data have been disclosed;
- The recipients to whom the personal data has been disclosed (third countries);
- Retention periods
- Right to request restriction, rectification or erasure, the right of objection
concerning the subject or object of such processing;
- If some of the personal data has been collected from a third party source, details of
the third party source;
- Compliance with the key principles which are disclosed in this privacy document
- The existence of automated decision making processing including profiling (if
- Your right to make a complaint to the ICO
Any information we do provide you will be provided in a:
- Easily accessible
- Concise form.
We will use plain language.
YOUR RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA
Right to object to certain types of processing of personal data such as:
- legitimate interests reasons
- public interest reasons
- automated decision making processing
In certain circumstances if you do exercise your right to object this could give rise to the termination of our contract of services with you.
This right to object does not apply if the personal data is required:
- In order to fulfil contractual obligations with you
- It is sanctioned by law (tax evasion or fraud)
- The agreement does not have a legal or equally important impact
- The processing is necessary for the performance of a task carried out for reasons of public interest
Currently we do not send marketing material to any of our customers/clients.
In the event that in the future we do, we will obtain your written consent prior to sending you any marketing material.
If we do send the marketing material via email then our emails will also notify you of:
– ‘an opt-in’ button; and
– ‘an opt-out’/’unsubscribe button’.
You have the right to withdraw your consent to receiving marketing material at any time. By clicking the ‘opt-out’ button you will be will withdrawing your consent to receiving marketing material.
If you do provide us with ‘consent’, this means that you are providing us with permission to process your personal data lawfully.
Please also note the following:
– You will need to provide consent: ‘freely’ and you will need to sign our ‘Consent Form’.
– You have the right to withdraw your ‘consent’ at any time and if you withdraw consent then you will have to complete a ‘ Withdrawal of Consent Form’.
Please contact our organisation for our ‘Consent & Withdrawal Policy’.
You have the right to lodge a complaint directly with the ICO.
The ICO’s details are: www.ico.org.uk We would however, appreciate the chance to deal with your concerns before you approach the ICO so please contact the Controller in the first instance.
– Right to be notified
– Right to seek judicial review
– Right to make a complaint to the supervisory authority [ICO]