Introduction
Your online privacy and personal information is very important. So this policy describes what personal information we gather, why we gather it, how it is stored, who has access to it, what may be done with it and how we go about safeguarding it.
This document also explains how cookies are used on this website and how that relates to your privacy.
Who we are
AquaticTherapy.co.uk is owned by Hilary Austin, 4 The Orangery, Academy Drive, Corsham, Wiltshire, SN13 0SF, United Kingdom. Hilary is actively involved in running the website and also oversees its management by others from time to time when extra technical assistance is needed for the purposes of administering the website and any related services or products.
What personal data is collected
This section outlines the various kinds of information this website gathers, the methods through which it is gathered and the reasons we do it.
The personal data collected may include, but not be limited to…
- information about your device including your IP address, geographical location, browser type and version, and operating system;
- information about your visits to and use of this website including the referral source; length of visit; page views; when, how often, and under what circumstances you visit; navigation paths; items purchased; services used, transactions initiated and more;
- depending on what you submit while (a) posting a comment (b) registering for an account here (c) submitting a contact form (d) using a service or (e) ordering a product, information such as your name, address, phone number, email address, profile pictures, gender, birthday, relationship status, interests and hobbies, educational details, and employment details and more may be gathered;
- information you post to this website with the intention of it being published on the internet, which includes your username, profile pictures, and the content of your posts;
- both the content and (if relevant) the metadata of any communications that you send to us by email or through this website, including its communication content and metadata;
- any other personal information that you send to us.
Comments
When visitors and/or users leave comments on this website we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Furthermore, an anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, or through the Contact Form (if allowed), or send images to those involved in administering the site, you should avoid uploading images with embedded location data (EXIF GPS). Because (a) visitors to the website may be able to download and extract any location data from such images or (b) if the website files or database are breached the location data will be available to an unwanted party.
Contact Forms, Newsletters & Subscriptions
This website uses a Contact Form plugin to gather both the content of the form you submit as well as data like your IP address, browser and operating system. It will also record preferences you selected while completing the form as well as some of your user account details (if you have an account with this website and are logged in when submitting the form).
Such data will be kept solely for customer service purposes and – unless you have specifically agreed to it while submitting the form, will not be used by us for marketing purposes. Submitted Contact Form data (content and the personal information associated with it) will be kept indefinitely – or until you request that we delete it.
Please note that a Contact Form you submit will be emailed (through encrypted channels) to our website’s designated recipient(s). As they will be replying to your Contact Form from within their email account your conversation will not be recorded in this website’s database. In other words only your initial submission will be noted in our database.
While submitting a Contact Form you may be asked if you would like to receive additional messages from us regarding events, products, services and other information we feel may be of interest to you via a Newsletter or group mail. If, after opting-in to receive such messages, you change your mind you can simply either ask us to remove you from the list of recipients or click the ‘unsubscribe’ or ‘update my preferences’ or similar button at the bottom of such messages to stop receiving them.
Similarly, if you have subscribed your email to receive updates from this website, you will find links in each mail informing you of how you can update your preferences or ‘unfollow’ this website.
Cookies
This website uses cookies.
Cookies are small text files containing a string of letters and numbers (an identifier) sent to, and stored by, a visitors web browser (e.g. Firefox, Safari, Google Chrome). The identifier is then sent back to the server each time the browser requests a page from the server.
This website uses a mix of persistent and session cookies. Persistent cookies remain active in a web browser until their set expiry date (unless manually deleted beforehand). In contrast, session cookies expire at the end of the current session when the browser is closed.
The purpose of these cookies may include, but not be limited to… recognising you when you return; helping us understand which sections of the website you and others find most interesting and useful; enabling the use of a shopping cart; analysing, improving and administering the website; presenting advertisements which may be of particular interest to specific users; preventing fraud; improving security; personalising the website for each user… and more.
Cookies do not typically contain any information that personally identifies a user; but personal information stored about a user may be linked to the information stored in and obtained from cookies.
If you wish you can set your browser to refuse to accept cookies and/or delete cookies already stored on your device (search online for instructions). However, please be aware that blocking or removing cookies may have a negative impact upon the usability of this and other websites.
Some cookies will be created directly by this website while others may be created by third-party plugins, add-ons or services which may be in use by this website (e.g. Jetpack, Google Analytics, Google Adwords) or by external websites whose material has been embedded in this website.
For instance…
… if you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
… if you have an account and you log in to this site, a temporary cookie will be set to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
… if you login to your account on this site, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
… if you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles, comments and/or reviews on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
So these websites may collect data about you via cookies, embed additional third-party tracking, and/or monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
Some anonymous data will be gathered by both our web server and our chosen website statistics services (e.g. Google Analytics, Jetpack).
Why all that information is gathered
Gathering that data allows for the smooth administration of this website and its personalisation for you. It also enables the provision of some services and facilitates the sale, purchase and delivery of goods or services we may supply as well as managing your account with us (sending statements, invoices, payment reminders, receipts, taking payments).
It also enables the sending of emails, newsletters and/or other notifications you have specifically requested – as well as marketing communications relating to this business or the businesses of carefully-selected third parties considered to be of interest to you (you can inform us at any time if you no longer require marketing communications).
Finally, amongst other uses, the gathered data can help us keep this website secure, prevent fraud, verify compliance with the terms and conditions governing the use of this website (including monitoring private messages sent through this website’s private messaging service – if any), deal with inquiries and complaints made by or about you relating to this website.
Who we share your data with
We do use gathered data to figure out what interests our visitors and how best to facilitate them. So some anonymised personal data is shared with third parties for statistical analysis as their services help us monitor visitor choices and improve our site’s performance. Similarly, if in the future we decide to feature ads from external websites, some anonymised data may also be shared with those advertisers.
Also, when you you order a product or service through our website and opt to pay online, some personal data (name, address, contact number, products ordered as well as information about your device) may be shared with our payment gateway providers (e.g. Paypal, Stripe) and would then come under the remit of their Privacy Policies. This sharing is solely for the purposes of verifying your payment and completing your order – and would not take place if chose to pay by cash, order or bank transfer.
You should also be aware that your personal information may be disclosed to the website and/or business owner, the webmaster, employees, officers, insurers, professional advisers, agents, suppliers, volunteers or subcontractors as reasonably necessary for the purposes of administering the website, the business and/or related services. Your personal information may also be disclosed to any member of the group of companies we may be part of now and in the future (this means subsidiaries, our ultimate holding company and all its subsidiaries) as deemed reasonably necessary for the purposes set out in this policy.
Your personal information may also be disclosed:
- to the extent required by law;
- in connection with any ongoing or prospective legal proceedings;
- in order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
- to the purchaser (or prospective purchaser) of any business or asset that we are selling or are contemplating selling;
- and to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
Except as outlined in this policy, we will not provide your personal information to any other parties.
How long we retain your data
If you leave a comment or review on our website, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
Similarly, if you submit a Contact Form, its content and the personal information associated with it will be kept indefinitely – or until you request that we delete it.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Customer purchase and account records, documentation (including electronic documents) as well as analytics records may be kept for up to ten years, or longer if we believe that they may be relevant to any ongoing or prospective legal proceedings, or to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
What rights you have over your data
If you have an account with our website, or have left comments on it, or submitted a Contact Form through it you can request to receive a copy of the personal data we hold about you, including any data you have provided to us – subject to your supplying sufficient proof of identity (a copy of your passport, driver’s license and/or a recent utility bill).
You may instruct us at any time not to process your personal information for marketing purposes, but in practice, you will usually either expressly agree in advance to our using your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
You can also request that we:
- update any inaccurate or out-dated information we hold about you
- erase any personal data we hold about you. (Note: this does not include any data we are obliged to keep for administrative, legal, or security purposes).
You should submit requests regarding your data through the Contact Form on our website.
Where we send your data
The server on which this website normally resides is within the European Union (EU). However, from time to time, technical needs may require that this websites files and database (which wil include your data) be moved to a server in the United States of America. If such a move is necessitated the server used will be compliant with the European Union’s General Data Protection Regulation (GDPR).
Visitor comments may be checked through an automated spam detection service which may be based outside of the EU.
Newsletter and/or Subscription data may be handled by third-party websites based outside the EU.
Visitor, Registered User and Contact Form data is added to our website database. That database is backed up regularly and those backups may be copied (over encrypted channels) to other servers and file storage services (e.g. Google Drive, Dropbox) based in either the United States of America or Europe.
Contact Form and Subscription data may also be emailed (via encrypted channels) to the site owner and (if relevant) those helping administer the website.
Please bear in mind that personal information that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
Your responsibilities
You also have a role to play in protecting your own data – and that of others.
At the very least you should do all you can to ensure your device is secure and free of spyware, malware, viruses etc. Because if your device is compromised then the data of your family, friensd and other contacts could be compromised and used against them.
For similar reasons, before disclosing to us the personal information of another person, you must first obtain that other person’s consent to both (a) the disclosure and (b) their personal information being processed in accordance with this Privacy Policy.
You should also exercise due diligence when on the internet and be wary when clicking links online or received in emails (even from trusted sources – as their account may have been compromised). Hovering on a link, or pressing and holding it if on a mobile device, usually reveals the link’s destination without bringing you to it. If it is not the link you were expecting then perhaps it’s best not to click on it.
You should also use VERY strong passwords when creating accounts on this or other websites. Using a long sentence (from a poem or a song) with some punctuation between words is one way of generating a strong, memorable password. Another option is to use a Password Manager to encrypt and store passwords on your device.
Contact Information
If anything in this policy seems unclear to you, or if you have questions or concerns regarding your privacy and/or the data you submitted to us, please get in touch through this website’s contact form.
Additional information
How we protect your data
While the security of data sent over the internet cannot be fully guaranteed, we regularly review and improve our security protocols in order to protect your data and minimise the chances of it being compromised.
We will soon be setting up Two Factor Authentication for administrators of this website to add to the following security measures:
- the IP address of the server this website resides on (the origin IP) is hidden from the pubic record
- our website uses the SSL (https://) protocol to encrypt the communication between users and the website server (minimising the chance of ‘man-in-the-middle’ attacks)
- admin and user passwords are stored in an encrypted (not plain text) format
- the website owner, their staff and others involved in administering the website use strong passwords and keep them safe
- the number of Admin accounts for this website and the server it resides on, are kept to the absolute minimum.
What data breach procedures we have in place
If a data breach occurs we will take the following measures:
- within 72 hours of discovering the breach will inform the appropriate authorities based on the registered address of the domain name owner (e.g. the Data Commissioner for a domain owned by an Irish resident; the Information Commissioner’s Office for a domain owned by a resident of the United Kingdom)
- endeavour to find out how the breach happened and take appropriate action
- change all login details associated with our website and email accounts
- relocate our website and all data it contains to another server
- contact all individuals who have submitted data and inform them of what steps to take to increase their own security (e.g. spyware scan, resetting and strengthening login details etc).
What third parties we send and receive data to and from
This website may use a variety of third-party plugins and services to perform various functions. Some anonymised data may be shared with and/or received from the organisations providing those plugins and services e.g. Google Analytics, Jetpack).
Amendments
This policy may be updated from time to time so you should check this page occasionally to ensure you understand how changes may affect you. You may be notified of changes by email or through our website’s private messaging system. The date of the most recent amendment is:
24th May 2018