Our Contact Details:
If you have any questions in respect of this Privacy Notice or how we manage your personal data, please contact:
Angela Daye at the above address
Who’s Personal data does Inner Pathways collect and process?
We process information about:
• Clients
• Suppliers
• Enquirers
• Advisors and other Professional Services
What personal data does Inner Pathways collect and process?
 We collect the following types of data:
• General contact details such as, Name, Address, email address, Telephone number
• Personal Details such as Date of Birth or Marital Status
• Business Activities of the person whose information we are processing
• Details of Goods and Services provided to you
• Financial Details – such as credit history or payment or bank details
• Information obtained through our use of cookies (please see our Cookie Policy)
• Your marketing preferences
• For Test and Protect – we collect your name and contact telephone number or if you do not have a telephone number, your address or email address
 
Special Categories of Personal Data that we collect:
• Health & Medical Information
How we collect your information
 In most cases we collect your data directly from you.  We collect data and process it when you:
• Complete an online ‘contact us’ form
• Speak to us on the telephone or video call to discuss or use our services
• Email or write to us to enquire about or use our services
• Complete a Pre Consultation form
• Provide relevant information during a therapy session
• View our website via your browsers cookies (see our Cookie Policy)
• Provide Contact details for Test and Protect Purposes
 
Social Media and our Digital Business Cards – where you access us via other social media platforms or via our Digital Business Card, we have no control over those websites and the personal data they may collect.  Please always remember to review the privacy notices and cookie information on those sites.
We also receive your data indirectly from the following sources:
• Social Media Sites
• Marketing Lists
• Public sources – demographic data, Market Research
• Credit Agencies
Why we do we collect your information?
Where we collect and process personal data, we identify both the purpose and legal basis for doing so.  There are 6 possible legal bases which are:
Consent - where we have consent from the individual to the processing of his or her personal data for one or more specific purpose
Contract - where the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Legal Obligation – The processing is necessary for compliance with a legal obligation to which we are subject
Vital Interests – Where the processing is necessary in order to protect the vital interests of the data subject or another natural person
Public Interest - Where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Legitimate Interests - Where the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal date, in particular where the data subject is a child.
Our purpose and legal basis for the information we collect, and process allows us to:
• To understand your requirements prior to agreeing and entering into a therapy session with you, that it meets your needs, and to fulfil those needs - This processing is necessary for the performance of a Contract or an anticipated Contract
• To manage our business operations and comply with any internal policies and procedures. Or to notify you of changes to our service.  It is in our legitimate interests to use some personal information to ensure that we provide and adapt our services and keep you informed.
• For Marketing of similar services to past and existing customers or enquirers or individuals at incorporated companies -  It is in our legitimate interests to use your personal information for marketing purposes to incorporated companies or where the services being marketed are similar to those you have purchased or enquired about previously.
• We send email marketing to other individuals only with Consent.
• We will provide information to medical professionals if requested your Consent
• We may also need to use your personal data to comply with our legal obligations, law enforcement, court and regulatory bodies requirements
• It is also in our Legitimate Interests to identify and prevent fraud as a responsible business.
• In addition we process personal data to assist with NHS Scotland’s efforts in tackling the coronavirus public health epidemic. It is in our Legitimate Interests to assist with NHS Scotland’s Test and Protect Strategy in this way.
Where we rely on your consent you have the right to withdraw this consent at any time by contacting us using the contact information on this statement.
Legitimate Interests - Where the processing of personal data is based on our Legitimate Interests, it is to improve on our service, security and prevent fraud or illegal activity in favour of the well-being of our customers, employees and shareholders. 
​​​​​​​
Direct Marketing
We may send you details of similar services to those you have enquired about or purchased from us previously.   You can opt out of receiving this information from us at any time by contacting us at the above address or clicking ‘unsubscribe’ on any messages you may receive.
We will never share or sell your information to any other party for marketing purposes.
Who we share your information with?
From time to time we may share your personal information with the following third parties for the purposes set out above:
• Accountants
• Card Payment Services Providers
• Auditors
• Lawyers, Regulators & other Professional Bodies
• Specialist Experts for example, Marketing Companies, where we have a lawful basis for doing so, Compliance Consultants, Web Service providers
• Cloud storage providers
• Fraud detection Agencies
• Police and Law Enforcement agencies where reasonably necessary for the prevention or detection of crime

• Medical Professionals (only with your consent)
• Debt Collection Agencies
• Credit Reference Agencies
• Selected Third Parties in connection with any future sale, transfer or disposal of our business

• We will share contact details with NHS Scotland’s Test and Protect Services upon request from them where they advise that a positive case has been identified that has a link to our business.  They will use this detail to make you aware and give  guidance on any need to self-isolate.  For more information please see their privacy information: https://www.informationgovernance.scot.nhs.uk/covid-19-privacy-statement/

International data transfers
We do not transfer your information outside of the UK, however some recipients and service providers of your personal data may be located outside your country or have offices in countries where data protection laws may provide a different level of protection than the laws in your country. When transferring personal data to such recipients, we provide appropriate safeguards by confirming that such locations have an appropriate adequacy agreement or have the appropriate Standard Contract Clauses in place.
Automated decision-making or Profiling
We do not process personal data for automated decision making or profiling
How Long do we keep personal data for?
We will retain personal data in accordance with legal and regulatory requirements and for no longer than is necessary to fulfil the purposes set out in this privacy policy.  We maintain and review a detailed retention policy which documents how long we will hold different types of data.  The time period will depend on the purpose for which we collected the information and is never on an indefinite basis.  Subsequently, we will delete your personal data in accordance with our data retention and deletion policy or take steps to properly render the data anonymous, unless we are legally obliged to keep your personal data longer (e.g. for tax, accounting or auditing purposes).
The following details the criteria used to establish the retention period set out within our policy.
Where it is still necessary for the provision of our Services
This includes the duration of any contract for services we have with you and for a period of 24 months after the end of any contract with a view to maintaining and improving the performance of our products, keeping our systems secure, and maintaining appropriate business and financial records. Most of our retention periods are determined on the basis of this general rule.
Where required by Statutory, contractual or other similar obligations
Corresponding storage obligations may arise, for example, from laws or regulation. It may also be necessary to store personal data regarding pending or future legal disputes. Personal data contained in contracts, notifications and business letters may be subject to statutory storage obligations depending on national law.
 
Test and Protect
We will retain your contact details for Test and Protect for a period of 21 days since your visit to our premises.
Your Rights as a data subject 
As a data subject, you have rights in relation to your personal data in most cases (with some limited exceptions).  These are:
The Right to Access – You have the right to request details of personal information held or processed and to copies of this data.  We do not usually charge for this service.
The Right to Rectification – You have the right to request that any information be corrected that you believe is inaccurate or to complete any information that you believe is incomplete.
The Right to Erasure – You have the right to request that we erase your personal information under certain conditions
The Right to Restrict Processing – You have the right to request that we restrict the processing of your personal data under certain circumstances
The Right to Object to Processing – You have the right to object to our processing of your data, under certain conditions.
The Right to Data Portability – You have the right to request that we transfer the data that we have collected to another organisation or directly to you, under certain conditions.
You also have the Right to Withdraw Consent where you have previously provided this at any time. 
To exercise any of these rights, or if you have a complaint please contact:
Angela Daye, Inner Pathways
Email: Angela@innerpathways.com
Tel: 07803082997
You also have the right to complain to the Supervisory Authority.  Where you wish to report a complaint or feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office at:
Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire

SK9 5AF
Helpline: 0303 123 1113
Contractual Obligations and Consequences
In some circumstances, the provision of personal data is partly required by law (for example, tax regulations, employment and legal obligations) or can also result from contractual provisions.  This means that it may sometimes be necessary to conclude or fulfil a contract, that the personal data be provided.  In those circumstances where the data is not provided or where certain rights are exercised, (for erasure or objection) there is a possible consequence that the contract could not be fulfilled or concluded and may be cancelled. 
Cookies & similar technologies
When you visit our Website, we use cookies and similar technologies to provide you with a better, faster and safer user experience, to Analyse the performance of the site itself or to show you personalised advertising. Cookies are small text files that are automatically created by your browser and stored on your device when you visit or use the Website.
Some non-necessary cookies such as Analytics and Advertising require your consent before being placed on your browser which is why you will often see ‘pop up’ boxes or banners asking you to accept cookies when you visit a website.
For full information on our use of cookies and how to manage them, please see our Cookie Policy 
Data security
We aim to protect your personal data through technical and organisational security measures to minimise risks associated with data loss, misuse, unauthorised access and unauthorised disclosure and alteration.
We store customer records in cloud-based services which have controlled and restricted access.  We operate records management and Information security policies which detail our standards of physical security, cloud storage security monitoring, access control including the ability to restore any data, and password security measures and controls.  We also maintain and use anti-virus and malware software and firewalls.
Changes to our Privacy Notice
Inner Pathways keep our Privacy Notice under regular review.  This Privacy Notice was last updated on 23rd October 2020. ​​​​​​​

Back to Top