Privacy Notice
 
This is the privacy policy for Cheryl White, trading as New Leaf EFT
and as the following websites:
NewLeafEFT.com, EFTsuccess.co.uk, EFTsuccess.com, CherylWhite.co.uk, SoulPlan.weebly.com
and for and on behalf of Karl Dawson – EFTMRA via:
EFTtest.com, EFTtest.co.uk
Personal contact details:
52 Quarry Lane, Seaford, East Sussex. BN25 3BJ
newleafeft@gmail.com

There are two sections to the following information:
  1. About your personal data – the type of data that is collected or used, including when, how and why
  2. Your rights – all the ways that you can control what happens with your data
 
About your personal data:

When you make an enquiry
The name and contact details you give and the content of your message(s) are retained for three reasons:
  1. By your consent
  2. As part of a ‘contract’ (only while we communicate)
  3. For legitimate business interests. This is on two separate counts. For good business practice I keep tabs on who has made contact before, the types of questions asked etc. I may also email you on an occasional basis to offer information, events, products or services related or connected to your enquiry. This is not the same as subscribing you to a newsletter.

When you make an online purchase as a single purchase, a membership or subscription
This is a contract for services. Your contact details are dealt with as above (consent, contract, legitimate reasons) – also these, your purchase history and the payment details (sent to me from Paypal or Stripe) are retained for six years beyond the end of the contract for legal reasons – accounting law.

When you attend a workshop or training
All of the above applies. I also keep record of your attendance, your certificates earned etc on the legal bases of both contract and legitimate interest – so that I can confirm your certificate status / reissue certification if required, also so that I can send you updates or offers which may be of specific interest to you as an attendee/graduate. Where your certificate is awarded by a professional body (e.g. EFTMRA) that organisation will be notified of your relevant data and you will be offered sight of their privacy notice prior to or at the point of booking.

When you work with me 1:1
Client work is different. Dependent on the work, you may wish (or need) to provide personal details of a sensitive nature.
An intake form will be retained in printed or handwritten format and include your contact details and where appropriate, signature. The sensitive nature of such documents will generally be in relation to health or medical history.
As case notes these are scant memos handwritten by me for the purpose of fulfilling our contract and keeping tabs on the work during the session and from one week to the next, filed separately with only initials and date as identifiers so that no other person may connect these details to your personal identity.
In both cases I am required by law to retain these records for six years after the completion of our contract – or in the case of a minor, from six years beyond the date of their eighteenth birthday.

Soul Plan Reading
Technically Soul Plan readings are for entertainment purposes only and this releases me from keeping intake forms or case or session notes unless other services are provided For that reason once the session (contract) is complete only your name, email address and date of booking are kept for legitimate business reasons as above and your payment details are retained as financial accounts for six years.

When you complete any training with EFTMRA
As a service provider to EFTMRA and administrator of the practitioner test system, I will receive your contact details from Karl Dawson owner of EFTMRA and/or his authorised trainers. This may happen with your consent, but will also happen as part of the contract EFTMRA has with you to provide you access to the relevant test and related administrative support. This element of my services is defined by the privacy policy of the EFTMRA.  The tests themselves (and records of results) are hosted on Test.com, a US based company with a stringent privacy policy. If you do not wish to engage with that system in order to pass the final practitioner test, please discuss manual test administration with your trainer.
If you trained in Brighton UK I will also, upon introduction through Karl Dawson, offer you the opportunity to join my mailing list, and advise you of local support and mentoring events or other local services beneficial to your business and skills development. This is a legitimate business interest reliant on your consent.

Other data sources:
As well as EFTMRA, Incoming data may also be received from Weebly, Test.com, EFTMRA, Paypal, Stripe, Skype, Zoom.  If we communicate by email this also gives me access to your IP address which functions as an e-signature and which is retained for the life of the messages according to the situations above.
 
Please note: 
The ways I process your data (and the legal bases used) are constantly under review as my business grows and develops. Every effort will be made to inform you if there has been an update. Please always refer to the current privacy notice which can be found on my website

Your Rights
The GDPR sets out clearly what your rights are. It also lays out deadlines for a reply and other rules which are reproduced for your information at the bottom of this section.

Right to be informed
Under GDPR you have the right to be informed about the collection and use of your personal data. This is a key transparency requirement.
I must provide you with information including: my purposes for processing your personal data, my retention periods for that personal data, and who it will be shared with. This ‘privacy information’ is provided above.
I must provide you with privacy information at the time I collect your personal data from you, in other words it has to be available to you before you fill in a form or hand over your data such as your email address.
If I obtain your personal data from other sources, I must provide you with privacy information within a reasonable period of obtaining the data and no later than one month.
There are a few circumstances when I do not need to provide people with privacy information, such as if an individual already has the information or if it would involve a disproportionate effort to provide it to them.
The information I provide to you must be concise, transparent, intelligible, easily accessible, and it must use clear and plain language. Therefore if there is anything you do not understand, please get in touch.
 
Right of access
You have the right to access your personal data and supplementary information. This allows you to be aware of and verify the lawfulness of the processing.
You are entitled to confirmation that your data is being processed, access to your personal data, and other supplementary information as provided in this privacy notice 

Right to rectification
You have the right to have your personal data corrected if it is incorrect, or completed if it is incomplete.

Right to erasure
You may request, verbally or in writing, to have your data erased. This is also commonly known as ‘the right to be forgotten’. This right only takes effect when:
  • Your personal data is no longer necessary for the purpose for which it was originally collected or processed,
  • you withdraw your consent when the sole legal basis to hold this information is your consent,
  • there is a legitimate interest in processing this data, which does not override your request,
  • processing/analysing of the personal data was for direct marketing purposes and this is the use you object to,
  • your personal data was processed unlawfully without a proper legal basis,
  • there is a legal obligation to comply with your request; or
  • if the personal data was processed to offer information society services to a child.

Right to restrict processing
You have the right to request the restriction or suppression of your personal data. In other words you want to stop the data being used but keep it on file.
In this case your personal data cannot be used and can only be stored unless:
  • you give your consent;
  • it is for the establishment, exercise or defence of legal claims;
  • it is for the protection of the rights of another person (natural or legal); or
  • it is for reasons of important public interest.
 
Right to data portability
This allows you to obtain and reuse your personal data for your own purposes across different services.  It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.  Doing this enables you to take advantage of applications and services that can use this data to find you a better deal or help you understand your spending habits.
In general this rule exists for data held by big service providers, such as your call history or insurance or gas bill history. The right also only applies to information you have provided.
If, as a private client you wish to carry a copy of your case notes or other sensitive data to another practitioner or other mental, physical or spiritual health service, these may be provided to you or to the nominated service provider, on request, as an encrypted and password protected document.

Right to object
Individuals have the right to object to:
  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • direct marketing (including profiling); and
  • processing for purposes of scientific/historical research and statistics.
Your objection must be made on grounds relating to your particular situation.
Once you object your data can no longer be processed, unless
  • there are demonstrably compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or
  • the processing is for the establishment, exercise or defence of legal claims.

Timelines:
You can claim a right verbally or in writing.
A response should come without delay and at least within one month of receipt. The time limit is calculated from the day after you make the request (whether the day after is a working day or not) until the corresponding calendar date in the next month.
I aim to respond within 28 days.

​Exceptions:
When you request access to your data, a copy must be provided free of charge. However, you can be charged a ‘reasonable fee’ when a request is:
  • manifestly unfounded or excessive, particularly if it is repetitive, even when I have responded; or
  • for further copies of the same information (that has previously been provided). 
 

Email

newleafeft@gmail.com

Privacy Notice

Privacy Notice
PLEASE NOTE: The contents of this independent ​website are intended to offer guidance and support in line with the codes of the EFTMRA and it's recommended insurance company, Holistic Insurance Services Ltd.  Supporting data has also been drawn from the Gov.uk website and other sources seen by the author as reliable at the time of writing. You are personally responsible to check any business systems you adopt with your legal advisor, accountant, governing bodies and insurance providers as relevant. Please see other resources for some links to further information.