- Introduction and Summary
This policy specifically relates to Niki Hutchison Ltd (“we” or “us”) only and details the types of personal data we may collect about you when you interact or register with us. Furthermore, this policy explains how we store and handle that data whilst maintaining its safety. There is a substantial amount of information contained within this policy, but it is your legal right to be fully informed. Therefore, by reading this document in full, you should receive the detail required to understand what Niki Hutchison Ltd does with your data and how we maintain contact with you using the data you provide.
This document also explains how ‘cookies’ may influence your user-experience via our website and third-party booking system whilst also detailing how you can opt-out of our direct marketing.
EU GDPR – Data Protection Regulation 2018
The introduction of the new GDPR (General Data Protection Regulation 2018) in May 2018 outlines new rules for the way businesses collect data. To use our services, we must collect, use and hold some of your personal and contact data. With this new regulation, you can change the way we use your data or ‘opt-out’ of certain items at any time by emailing us: email@example.com. Please note that if you choose to opt-out of certain items, you may be unable to access some or all of our services.
- Niki Hutchison
Niki Hutchison Ltd, trading as Niki Hutchison is a Marketing Strategist based in Scotland. Niki Hutchison Ltd is registered with the ICO as a Data Processor and Data Controller.
- The relevant lawful bases for processing your data
Data protection law outlines a number of reasons for which a company may collect and process your data. Niki Hutchison Ltd has identified the lawful bases for processing your data as the following:
In certain circumstances, we can collect and process the data you provide us with your positive consent. For example, when you ‘tick’ a box to receive our newsletters.
In some cases, we need your personal data in order to comply with our contractual obligation to you. For example, if you purchase a coaching package from us, we require your contact details including home or registered business address and phone number.
If the law requires us to, we may need to collect and process your data. For example, we may need to pass on your data to the police if by chance, you are involved in or subject to criminal activity.
In specific situations, we require your data to pursue our legitimate interests in a way that may reasonably be expected, to be able to run our business. Such action does not materially impact on your rights, freedom or interests. For example, we may use your email address to contact you with specific information relating to your business and/ or our services which you have purchased, important notices or changes and any other relevant information that is fundamental in our contractual obligation to you as our customer.
- When do we collect your data?
- When you book a support package. This is done through the third-party booking system ‘Acuity Scheduling’
- When you purchase an online course. This is done through the third-party booking system ‘Teachable’
- When you purchase an event ticket. This is done through the third-party booking systems ‘Eventbrite’ or ‘Meetup’
- When you book another service offering with us.
- When you buy any merchandise or other items sold by us at any given time
- When you contact us with a query or feedback via email, telephone, social media or in person
- When you complete any surveys or questionnaires generated by us
- When you complete any online forms (when applicable) for specific reasons
- When you use any premises that we operate in that uses CCTV – these systems may record your image during your visit, only for safety reasons and within public areas.
- What sort of data do we collect?
We use several third-party companies to support our business.
- For our file storage and email provision, we use ‘Microsoft Outlook’
- For our website hosting, we use ‘Wordpress’
- For the purchase of online support services, we use ‘Acuity Scheduling’
- For the delivery of online support services, we use ‘Zoom’ and ‘Facebook’
- For online payments for bookings made via Acuity Scheduling, we use ‘Stripe’ as our payment processor.
- We use Keap, SurveyMonkey, Typeform, Facebook, LinkedIn, Pinterest, Google and Instagram for marketing purposes.
Please note that all third-party companies we use have their own and separate Privacy Policies, which can be viewed via the links below – beware when using external sites:
Microsoft Outlook: https://privacy.microsoft.com/
Acuity Scheduling: https://acuityscheduling.com/privacy.php
Survey Monkey: https://www.surveymonkey.co.uk/mp/legal/privacy-policy/
If you contact Niki Hutchison Ltd by email, we will access your email address and may also request additional information such as your registered business or home address, phone number and the name and nature of your business, as well as social media handles for yourself and/or your business.
If you open an Acuity Scheduling account and register for a Discovery Call or book a coaching package, we will ask you for:
- Your full name
- Email address
- Telephone number
- Social Media handles
If you access ‘Zoom’ in order to take part in a Discovery Call or coaching session, you may be required to issue your personal data through their secure site.
If you make payment via our Acuity Scheduling booking site, the third-party payment platform ‘Stripe’ will be used to process and safely handle your payment. You will be required to issue your personal data through their secure site, including payment details.
If you get in touch with us for any other reason, specifically through our website ‘contact form’, we collect the following personal data through our website host, WordPress:
- Full name
- Email Address
We may collect certain personal data from you when using Keap and/or SurveyMonkey services including, but not limited to:
- Full name(s)
- Contact number(s)
- Email addresses
- Opinions/Feedback (via online surveys or questionnaires) It is at your own discretion which information you choose to share with us whether directly or via one of the third-party companies we use. Please be aware that some or all platforms may require essential information to meet contractual obligations to you, as a customer.
- How and why do we use your data?
We only collect the data concerning you that is absolutely essential. It is important, given the nature of the services we offer, that we collect reasonable contact details from customers to be able to offer accurate and appropriate business advice.
To meet our contractual obligation to you as a customer, we will use your email address and mobile number in order to:
- Send confirmations of Discovery Call or coaching session bookings you have made
- Send confirmations of Discovery Call or coaching session bookings that you have requested we make on your behalf
- Send invoices for payments and/ or outstanding payments
- Inform you of any Discovery Call or coaching session changes or urgent notices
- Notify you of any notable changes in Niki Hutchison Ltd policies or procedures
- Notify you of any other relevant information that directly affects you as a customer
We will only use your email address to send you marketing and/ or promotional material if we have your consent to do so. We sometimes use Keap to send out email marketing campaigns. You can change how we use your data at any time and can request that we do so by emailing firstname.lastname@example.org
Please be aware that some changes may result in us not being able to provide you with the services you have originally requested and may therefore result in request refusal. For example, if you are a current customer of Niki Hutchison Ltd and you ask us to remove your email address and telephone number from our records we will then be unable to contact you about booking changes, new policy notices, outstanding balances and other important information relating to your bookings. In scenarios like this and depending on your individual situation, we may reasonably refuse any request you make.
Information you provide will be used for the purposes of booking in calls (name, email address and phone number). If you do not provide us with certain details, we are unable to fulfil our contractual obligations to you. For example, if you fail to provide your email address, we are unable to contact you via ‘Zoom’ to undertake our calls, meaning we are unable to fulfil our contractual obligation to you.
If required by law, we may use your data and share this with law enforcement. For example, when a court order is submitted to share data with law enforcement agencies or a court of law, we are legally obliged to provide access to the personal data we have collected about you.
- Direct marketing and opt-out
Only Niki Hutchison of Niki Hutchison Ltd, or duly authorised sub-contracted staff, can access or view your personal data and only under legitimate business interests.
Niki Hutchison Ltd will only ever contact you with relevant and honest marketing material if we have your consent to do so. If we do have your consent, we may periodically contact you via email or text to offer you our services in which we feel you would be genuinely interested in. To support our marketing efforts, we may also use Keap, Facebook, LinkedIn, Pinterest and Instagram. To be able to use this service, we must upload your email address to the Keap system for us to be able send out marketing campaigns or similar. You will not receive marketing or promotional emails through Keap if we do not have your consent and you can opt-out at any time after consenting. For example, if you are a current customer and we launch a new offering that we feel you would be interested in, we may contact you to see if you would like to know more about the service. This includes courses, packages and events.
We never share your data with any other third party other than those mentioned above under our contractual obligation to you.
If you no longer wish to receive direct marketing through email, text or Keap regarding Niki Hutchison Ltd offerings that may be of interest to you, then you can request to opt-out by either:
- Emailing: email@example.com
- Clicking ‘Unsubscribe’ at the foot of an email (Keap platform only)
Please be aware that by opting-out, we may be unable to offer some of our services to you and you may miss out on some of our offerings. For example, if you ask us to remove you from the email/text mailing list(s), you will only receive information that is specific to your current package and you will not receive any updates regarding new packages, courses, challenges, special offers or similar. If you are in any doubt however, please let us know and we will be more than happy to clarify.
- How we protect your data
The security of your data is extremely important to us and we have done our utmost to ensure that the third-party companies we use to support our business hold sufficient security procedures and protection.
- Niki Hutchison Ltd is the Data Controller
- Microsoft Outlook is a Data Processor that collects and stores your personal data on behalf of Niki Hutchison Ltd.
- Acuity Scheduling is a Data Processor that collects and stores your personal data on behalf of Niki Hutchison Ltd.
- WordPress is a Data Processor and is used to collect some of your personal data on behalf of Niki Hutchison Ltd.
- Stripe is a Data Processor and handles our online payments via the Acuity Scheduling booking site
- Keap is a Data Processor and is used for online and email marketing on behalf of Niki Hutchison Ltd
- SurveyMonkey is a Data Processor and is used for online surveys and questionnaires for market research.
- Typeform is a Data Processor and is used for online surveys and questionnaires for market research.
Niki Hutchison Ltd computing equipment is password protected, as is our access to the third-party websites we use to support our business, highlighted above. Only Niki Hutchison Ltd staff or duly authorised sub-contractors (e.g. admin staff) are able to view any personal data you provide to us (the aforementioned can only access or process any information you provide if they have signed a GDPR compliant data protection/confidentiality agreement.)
- How long will we keep your data?
We only keep the data you have provided to us for as long as is necessary. For example, if you book a six-month coaching package in January 2018, we will hold your details on our booking system within the Acuity Scheduling system until the end of July 2018 (allowing for any over-running of your package) as we will use your personal data to get in touch, to schedule your coaching sessions and to offer continued coaching support following the end of your current package. Should you choose to decline such an offer, we will then remove your details from our active customer files.
Beyond this point, we may still retain certain information regarding any payments/transactions you have made to us to meet our own legal obligations. Any contractual documents in which you share personal data with us will be kept for up to 6 years after the date of the original transaction in order to comply with our own legal obligations regarding retention of financial records. Financial data, including payment documents and transaction details, may be stored for a period of up to 6 years after you cease activities with us due to our own legal obligations regarding retention of financial records. Any other personal data you share with us such as contact information via alternative methods such as email or text are deleted 12 months after sharing, unless you request us to remove such details before then.
We can remove your details via the Acuity Scheduling database at any time – to request to have your details removed, please email us at firstname.lastname@example.org. Please be aware, if you are a current customer of ours and you request to remove some or all of your personal data you shared with us, we may be unable to offer some or all of the services you requested when originally signing up and we may be unable to carry out your request if you:
- Are still an active customer – we need to have essential details about you in order to fulfil our contractual obligation to you
- Have an outstanding financial balance due to us, linked to a service we have provided to you – until such an amount is settled
Please note: web data is electronically deleted/removed and any data in hard-copy format is disposed of via an appropriate confidential waste method.
- Who do we share your data with?
Other than the companies mentioned above who support our business activities (Microsoft Outlook, WordPress, Acuity Scheduling Stripe, Mailchimp, SurveyMonkey, Facebook, LinkedIn, Pinterest and Instagram) we DO NOT share or sell your personal data to any other third party company. Your personal data is important to us, so it is important for you to know that we only use it for our specific business purposes and nothing else. Please be aware that it may be necessary for us to share your information with local authorities, law enforcement and for any other legal reason and in such cases, we do not require your consent to do so.
- Where your data may be processed
As a business, Niki Hutchison Ltd operates inside the European Economic Area (EEA) and therefore does not process the data that we receive from our operational support companies (Microsoft Outlook, WordPress, Acuity Scheduling, Stripe, Mailchimp, SurveyMonkey) outside the EEA. However, as we use third-party companies to support our business, there is a chance that your data is processed outside the EEA before it reaches Niki Hutchison Ltd. Please refer to the respective company Privacy Policies for further guidance, links above.
Otherwise, it may be necessary from time-to-time for staff or nominated sub-contractors to process your personal data (such as a name) privately between you and/or staff via email or on social media platforms such as Facebook or Instagram and/ or via mobile phone for the purposes of:
- Amending or updating booking details and/or coaching sessions at short notice
- Co-ordinating events or similar quickly and easily
In addition, we have our public Facebook page which is viewable to anyone, publicly, who visits online. If you choose to comment or share any personal data (such as names, addresses, phone numbers etc.) on this public page, other Facebook users may be able to see this data too. Please be aware that Facebook, Instagram and other social media platforms operate their own privacy policies which are applicable when you use their respective sites/apps:
Such social media pages or groups associated with Niki Hutchison Ltd. are created solely for genuine business purposes and to assist with the delivery of our services to customers efficiently and informatively. You, as a Data Subject, should not wilfully share any specific personal or sensitive data about yourself publicly on any Niki Hutchison Ltd associated social media platform. Please only do so at your own discretion and with full awareness of the potential risks of sharing such data. Any personal data that is wilfully shared with Niki Hutchison Ltd on social media platforms is carefully and professionally collected and processed by staff only. Although we treat such data confidentially to the best of our abilities, we do not recommend sharing sensitive data in this way (such as addresses, phone numbers, medical records or bank details) due to discrepancies and risks relating to social media security. We recommend that, only if necessary, you email any personal or sensitive data instead, if circumstances permit.
PHOTOGRAPHY / VIDEOGRAPHY
We will only process or share personal data such as photography and videography for marketing purposes, if you have permitted us to do so.
- Your rights to privacy
It is important to know your rights. Whilst we are not experts on providing such advice, it is our understanding that you can request the following:
- Access to the personal data we hold about you – free of charge
- That we correct or amend any personal data we hold about you e.g. phone number or email address
- That we no longer send marketing or promotional material to you (If you wish to access, amend or remove the personal data that we hold about you, please email us: email@example.com and allow up to 30 days for your request to be processed and your data updated). This means that you may receive some communications in the period of ‘cross-over’ until systems are fully updated. If we cannot satisfy your request for any reason, we will let you know why – this includes refusal of your request and any uncontrollable delays we may face in obtaining your information at short-notice.
Please be aware that if you have opted-in at any point with us (or any company) to use or process your personal data, it is your legal right to be able to withdraw your consent at any time. You can do this via the contact method above.
We may, from time-to-time, rely on legitimate interest for using or processing your data however you may ask us to stop doing so in relation to your specific circumstance using the contact method above. We will action such requests only if we do not have a genuine reason to continue using or processing your personal data.
You can request that we stop using your personal data to contact you with marketing/promotional material at any time, even if you have given us previous consent. We will always honour such a request.
Cookies are small text files that are placed on your computer by websites that you visit. They are used to give the owners of the website information about the visitors. Information such as what time of day they are coming to the website, and how long they spend on there.
Cookies can also be used to improve websites. For example, we may see that lots of visitors from the south aren’t accessing their area information, so we could improve the website by making that information more prominent and easier to find.
We don’t use many cookies, but the ones we would like to place on your computer are on this table, along with an explanation of what we would use them for:
These cookies collect information about the way visitors access the information on our website. We use that information to make improvements and produce statistics such as the number of visitors to the site and the most popular pages being viewed.The cookies collect information anonymously.
More information on privacy and security from Google.
If you would like to learn more about cookies, how they are used, which ones are on your computer and how to remove them, visit: www.allaboutcookies.org
When you use this website and agree for us to place cookies on your computer, you are agreeing that we may use your personal information for the purposes set out in this statement.
Other than as set out above, we will not distribute your personal information to third parties unless we have your permission or are required to by law. We will not sell or lease your information to any third parties.
We have several videos on our website that we’ve embedded from our Niki Hutchison Ltd YouTube channel. Watching our videos on your computer can result in YouTube storing cookies on your computer, but these cookies will collect information anonymously and will not gather any information that would identify you personally.
We use tracking software to monitor customer traffic patterns and website usage to help us develop the design and layout of the website to better meet the needs of visitors. This software does not enable us to capture any personally identifying information.
We may also gather other non-personal information (from which we cannot identify you) such as the type of your internet browser which we use to provide you with a more effective service.
Please be aware that if you are using any external website including Acuity Scheduling, Stripe, Keap or any other external website, their own privacy and cookies policy should be acknowledged/understood before website use. You can manage the cookies on your computer or devices through your internet browser/settings, help links are provided below. Please note that The Simplicity Concept is not responsible for the content of external websites:
- Relevant contact information
- Email: firstname.lastname@example.org
- Post: Niki Hutchison Ltd., Tribe Porty, 19 Windsor Place, Edinburgh EH15 2AJ
To find out more information regarding the GDPR and to make any complaints, please visit the governing body website at: www.ico.org.uk.