Your Privacy Matters: Our Commitment to Data Protection at Therapy Hand Ltd

**Privacy and Cookies Policy** 1. **Introduction** 1.1 We are dedicated to protecting the privacy of our website visitors and customers. This policy outlines our approach to managing your personal data. 1.2 This policy applies where we act as a data controller concerning your personal data; that is to say, where we determine the purposes and means of the processing of such data. 1.3 Our website integrates privacy controls that influence how we process your personal data. By utilising these controls, you can indicate your preferences regarding direct marketing communications and restrict the collection, sharing, and publication of your personal data. Access the privacy controls via [URL]. 1.4 We utilise cookies on our website. Unless those cookies are strictly necessary for delivering our website and services, we will seek your consent for their use upon your initial visit. 1.5 In this policy, terms such as "we", "us", and "our" refer to [data controller name]. For further information about us, please refer to Section 19. 2. **The Personal Data That We Collect** 2.1 In this Section 2, we detail the general categories of personal data we process, including information regarding the source and specific categories of personal data not obtained directly from you. 2.2 We may process contact data that allows us to reach you. This data may comprise your name, email address, telephone number, postal address, and/or social media account identifiers. The contact data typically originates from you or your employer. If you log into our website via a social media account, we may obtain relevant contact data from that provider. 2.3 We may also process your website user account data. This includes your account identifier, name, email address, business name, account creation and modification dates, website settings, and marketing preferences. The primary source of this data is you or your employer, though some information may be generated by our website. 2.4 Furthermore, we may process information pertaining to our customer relationships. This includes your name, business or employer name, job title or role, contact details, classifications within our customer relationship management system, and communications between you and us or your employer. The customer relationship data is sourced from you or your employer. 2.5 We may process transaction data, which includes information related to purchases of goods and/or services conducted with us via our website. This data may encompass your name, contact information, payment card details, and transaction specifics, originating from either you or our payment service provider. 2.6 We may process communication data that pertains to any communication sent to or by you, including communication content and the associated metadata. Our website will generate metadata for communications made using its contact forms. 2.7 We may process usage data related to your interaction with our website and services. This data may include your IP address, geographical location, browser type and version, operating system, referral source, duration of visit, page views, navigation paths, and information regarding the timing, frequency, and patterns of your service use, sourced from our analytics tracking system. 2.8 Additional categories of data we may process include [specify general data category]. Such data may comprise [list specific items], with the originating source being [identify source]. 3. **Purposes of Processing and Legal Bases** 3.1 In this Section 3, we delineate the purposes for which we may process personal data alongside the legal bases for doing so. 3.2 **Operations** - We may process your personal data to operate our website, fulfil orders, deliver services, supply goods, and generate invoices and payment-related documentation, as well as for credit control. The legal foundation for this processing includes our legitimate interests in the effective administration of our website, services, and business, or the performance of a contract with you. 3.3 **Publications** - Your account data may be processed for publication on our website and elsewhere as per your explicit instructions. This processing is based on your consent or our legitimate interests in publishing content as part of our operational activities. 3.4 **Relationships and Communications** - We may process your contact and account data, along with customer relationship, transaction, and communication data, for managing relationships, communicating with you—excluding instances solely for direct marketing—providing support, and handling complaints. The legal basis for this processing lies in our legitimate interests in maintaining relationships and facilitating service utilisation. 3.5 **Personalisation** - We may process account and usage data to personalise content and advertisements visible on our website to ensure relevance. This is based on your consent or our legitimate interests in enhancing user experience. 3.6 **Direct Marketing** - We may process contact, account, customer relationship, and transaction data for crafting, targeting, and sending direct marketing communications. This relies on your consent or our legitimate interests in promoting our services. 3.7 **Research and Analysis** - Usage and transaction data processing may occur for the purpose of researching and analysing our website and service utilisation, which is supported by our legitimate interests in monitoring and improving our business. 3.8 **Record Keeping** - Personal data may be processed for maintaining databases and business records, based on our legitimate interests in ensuring efficient business operations. 3.9 **Security** - We will process your personal data to ensure security and prevent fraudulent activities, with a legal basis grounded in our legitimate interests in protecting our business and others. 3.10 **Insurance and Risk Management** - Your personal data may be processed when necessary for obtaining or maintaining insurance, managing risks, or obtaining professional advice, founded on our legitimate interests in safeguarding our business against risks. 3.11 **Legal Claims** - We may process personal data as necessary for establishing, exercising, or defending legal claims, underpinned by our legitimate interests in protecting and asserting legal rights. 3.12 **Legal Compliance and Vital Interests** - We may also process your personal data as necessary to comply with legal obligations or protect your vital interests or those of another individual. 4. **Automated Decision-Making** 4.1 We may employ your personal data for automated decision-making in relation to [specify automated decisions]. 4.2 This automated decision-making incorporates [provide meaningful information regarding the logic involved]. 4.3 The implications and potential outcomes of this automated decision-making are [specify significance and consequences]. 5. **Providing Your Personal Data to Others** 5.1 We may share your personal data with any entity within our group of companies (including our subsidiaries and ultimate holding company) as reasonably required for the purposes outlined in this policy. Information about our corporate structure is available at [URL]. 5.2 Your personal data may be disclosed to our insurers and/or professional advisors as necessary for obtaining or maintaining insurance, managing risks, or seeking professional counsel. 5.3 Personal data stored in our website database will reside on the servers of our hosting service providers identified at [URL]. 5.4 We may disclose [specify personal data categories] to our suppliers or subcontractors identified at [URL] as necessary for [specify purposes]. 5.5 Financial transactions related to our website and services are managed by our payment services providers [identify PSPs]. We will share transaction data with these providers solely for the purposes of processing payments, issuing refunds, and addressing payment-related inquiries. Further information about our payment service providers' privacy practices can be found at [URLs]. 5.6 We may disclose contact data and any other personal data included in enquiries submitted through our website or services to selected third-party suppliers for the purpose of enabling them to offer goods and/or services to you. Each third party operates as a data controller concerning the personal data supplied to it and will provide its privacy policy upon contacting you, which will govern its use of your personal data. 5.7 In addition to the aforementioned disclosures, we may release your personal data when such disclosure is necessary for complying with legal obligations, safeguarding vital interests, or defending legal claims. 6. **International Transfers of Your Personal Data** 6.1 This Section 6 outlines the circumstances under which your personal data may be transferred to a third country in line with UK and/or EU data protection laws. 6.2 We may transfer your personal data from the European Economic Area (EEA) to the UK and process it there, as well as transfer data from the UK to the EEA, for the purposes set forth in this policy, pending the adequacy status of such transfers under relevant data protection legislation. 6.3 Our group companies maintain offices and facilities in [specify countries]. The relevant authorities in these jurisdictions have determined their data protection laws as adequately protective. Transfers to these countries will be safeguarded using appropriate measures such as standard data protection clauses or binding corporate rules, a copy of which can be obtained from [source]. 6.4 The hosting facilities supporting our website are located in [specify countries], which have been confirmed as having adequate data protection standards. Safeguards for transfers will similarly apply as previously outlined. 6.5 [Specify supplier categories] are situated in [specify countries]. The adequacy of data protection laws in these jurisdictions has been recognised, and appropriate safeguards for data transfer will be applied. 6.6 You acknowledge that personal data submitted for publication via our website or services may be accessible globally via the internet, and we cannot prevent its use or misuse by others. 7. **Retaining and Deleting Personal Data** 7.1 This Section 7 sets forth our data retention policies, designed to ensure compliance with our legal obligations regarding the retention and deletion of personal data. 7.2 Personal data processed for any purpose shall not be retained longer than necessary for that purpose. 7.3 We will retain your personal data according to the following provisions: (a) Contact data will be stored for a minimum of [period] following our last interaction and a maximum of [period] thereafter; (b) Account data will be retained for a minimum of [period] following account closure and a maximum of [period] thereafter; (c) Customer relationship data will be held for a minimum of [period] post-termination of the customer relationship and a maximum of [period] thereafter; (d) Transaction data will be kept for a minimum of [period] post-transaction and a maximum of [period] thereafter; (e) Communication data will be maintained for a minimum of [period] following the communication date, and a maximum of [period] thereafter; (f) Usage data will be retained for [period] post-collection; and (g) [Data category] will be retained for a minimum of [period]post-[date] and a maximum of [period] thereafter. 7.4 In certain cases, we may not be able to specify retention periods in advance. In these cases, we will determine retention durations based on the following criteria: (a) The retention of [data category] will be determined by [specify criteria]. 7.5 Notwithstanding other provisions of this Section 7, we may keep your personal data where retention is necessary for legal compliance or to protect vital interests. 8. **Security of Personal Data** 8.1 We will implement appropriate technical and organisational measures to secure your personal data and prevent its loss, misuse, or alteration. 8.2 Your personal data will be stored on secure servers, personal computers, mobile devices, and in secure manual records. 8.3 Specific personal data, including your name, contact information, passwords, and cardholder data, will be stored in an encrypted format. 8.4 Data related to your enquiries and financial transactions that is transmitted between your web browser and our web server will be secured using encryption technology. 8.5 You acknowledge that transmitting unencrypted (or insufficiently encrypted) data over the internet is inherently insecure, and we cannot guarantee data security during such transfers. 8.6 You are responsible for selecting a secure password and maintaining its confidentiality, and we will not request your password except during the login process. 9. **Your Rights** 9.1 In this Section 9, we summarise your rights under data protection laws. 9.2 Your principal rights include: (a) The right to access - you may request copies of your personal data; (b) The right to rectification - you may request corrections to inaccurate or incomplete data; (c) The right to erasure - you may request the deletion of your personal data; (d) The right to restrict processing - you may request limitations on the processing of your data; (e) The right to object to processing - you may object to our processing activities; (f) The right to data portability - you may request your personal data be transferred to another organisation; (g) The right to lodge a complaint with a supervisory authority - you may report our processing practices; (h) The right to withdraw consent - where processing is based on consent, you may withdraw that consent at any time. 9.3 These rights are subject to certain conditions and exemptions. For comprehensive details, please consult relevant legislation and the guidance of regulatory authorities. 9.4 You may exercise any of your rights via written notice to us, employing the contact details provided below. 10. **Third-Party Websites** 10.1 Our website contains hyperlinks to third-party websites. 10.2 We generally lack control over and are not accountable for the privacy policies and practices adopted by such third parties. 11. **Personal Data of Children** 11.1 Our website and services are aimed at individuals aged [13] OR [16] OR [18] OR [[specify age]]. 11.2 If we ascertain that we hold personal data concerning persons below this age, we will take steps to delete such information. 12. **Updating Information** 12.1 Please notify us should the personal information we hold require correction or updating.

©Copyright. All rights reserved.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.