www.terripugh.co.uk and www.eatfromwithin.com are both owned and operated by Mrs Terrianne Pugh (“Terri Pugh”). Terri Pugh is also the business name. Terri Pugh and Eat From Within (also “we” or “us”) are the businesses whose websites are covered by this policy.
Terri Pugh is responsible for collecting, processing, storing and safe-keeping personal and other information as part of providing a service and carrying out regular business activities. We manage personal information in accordance with the Data Protection Act 2018.
Any questions regarding our processing of personal data should be directed to us at:
Contact address: 61 Bridge Street, Kington, HR5 3DJ
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at email@example.com.
Our Privacy Statement governs any kind of processing where we are acting as a data controller or co-controller (including collection, use, transfer, storage and deletion) of personally identifiable information (any information that may be used to identify a physical person, and any other information associated therewith) about natural persons. This statement applies to our processing of data collected through any means, actively as well as passively, from persons located anywhere in the world.
We are guided by the following principles when processing data:
- We will only collect data for specific and specified purposes; we will make it clear at the point when we request your information, what we are collecting it for and how we are going to use it;
- We will not collect data beyond what is necessary to accomplish those purposes; we will minimise the amount of information we collect from you to what we need to deliver the services required;
- We will collect and use your personal information only if we have sensible business reasons for doing so, such as contacting you with a weekly newsletter, relevant offers from time to time, to update you on membership information, and/or to provide you with coaching services;
- We will not use your data for purposes other than those for which it was collected, accepted as stated within our policy, or with your prior consent;
- We will seek to verify and/or update your data periodically and we will accept requests from you for amendment of the data held;
- We will apply high technical standards to make our processing of data secure;
- Except otherwise stated, we will not store data in identifiable form longer than is necessary to accomplish its purpose or as required by law.
The information we may collect about you could include, but is not limited to:
- Personal details
- Family details
- Lifestyle and social circumstances
- Financial details
- Physical or mental health details
- Racial or ethnic origin
- Sexual orientation
We will collect information from you when:
- You sign up to our newsletter or mailing list
- You download an opt-in
- You join a course, membership, programme, or take personal coaching
- You contact us for information via our websites or social media channels, by phone or email
- You post on our social media channels, websites or blog
- You work with us in a commercial capacity
We may receive data from third parties such as analytics providers such as Google based outside the EU, advertising networks such as Facebook based outside the EU, such as search information providers such as Google based outside the EU, providers of technical, payment and delivery services, such as data brokers or aggregators.
We may use the information collected to:
- Allow you to process a booking for a product or course
- Allow you to begin personal coaching
- Create a profile for you on our sites
- Send you our newsletters or provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes
- Ensure that content from our sites is presented to you in the most effective manner for you and your computer
- Allow you to participate in the service you have chosen to do so
- Notify you about changes to our service
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
We do not knowingly collect or use personal data from children under 16 years of age. If we learn that we have collected personal data from a child under 16 years of age, the personal data will be deleted as soon as possible. If a child under 16 years of age has provided us with personal data their parent or guardian may contact our privacy officer.
We do not carry out automated decision making or any type of automated profiling.
We will never sell or share your personal information with third parties. Exceptions to this may be:
- If it is required for any legal proceeding or if the law requires it
- To protect our legal rights
- To buyers or potential buyers of the company in the event that we seek to sell the company.
While we take all reasonable precautions to ensure that user data is secure and that users are protected, there always remains the risk of harm. The Internet as a whole can be insecure at times and therefore we are unable to guarantee the security of user data beyond what is reasonably practical.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
LEGAL BASIS FOR PROCESSING YOUR DATA
The General Data Protection Regulation (GDPR) provides that processing of your data shall only be lawful if and to the extent that at least one of the following applies:
- You have consented
- For the performance of a contract
- For compliance with a legal obligation which we must perform
- To protect vital interests of your or another person
- It is in the public interest
- It is in the legitimate interests pursued by us or a third party
We collect data for the purposes set out above. Data is managed to ensure that it is either erased from our system when it is no longer required for the purpose for which it was collected, retained for legal reasons or minimised and retained.
Any health data collected from you has special protection and is limited to that permissible by law.
INTERNATIONAL DATA TRANSFERS
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of our third parties service providers are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:
- We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
WEBSITES ANALYTICS & TARGETED MARKETING
We use website analytics to provide the best user experience and service to you and to evaluate and improve our sites. We utilise third party data analytics service provider Google Analytics to improve our visibility and to monitor websites browser behaviour and navigation across our sites.
This third-party data analytics service provider collects this information on our behalf in accordance with our instructions and in line with their own privacy policies. Our service provider may collect the following data about the way you use our sites, which will almost always be anonymised and aggregated before reporting back to us:
- Number of visitors to our sites
- Pages visited whilst using the sites and time spent per page
- Page interaction information, such as scrolling, clicks and browsing methods
- Source location and details about where users go when they leave the sites
- Page response times and any download errors
- Other technical information relating to end user device, such as IP address or browser plug-in
From time to time we may use the information collected about you to present you with targeted advertisements using platforms such as Facebook, TikTok, Twitter, Google and/or Instagram.
LINKS FROM OUR SITES
We will make it as easy as we can for you to opt out of unwanted processing, providing it does not restrict our ability to provide you with the primary service you have requested.
Please note if you wish to unsubscribe from any marketing emails that you have signed up for, you can do so by emailing firstname.lastname@example.org or by clicking on the unsubscribe link on the marketing email that was sent to you (every email will contain one at the bottom). It may take 24 hours for this to become effective.
YOUR RIGHTS AS A USER
Under the GDPR, you have the following rights:
- Right to be informed;
- Right of access;
- Right to rectification;
- Right to erasure;
- Right to restrict processing;
- Right to data portability; and
- Right to object.
You can see more about these rights at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
If you would like to know if we have collected your personal data, how we have used your personal data, if we have disclosed your personal data and to who we disclosed your personal data, if you would like your data to be deleted or modified in any way, or if you would like to exercise any of your other rights under the GDPR, please contact our privacy officer here at email@example.com.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
CHANGES TO OUR POLICY & FUTURE PROCESSING
We do not intend to process your personal information except for the reasons stated within this privacy notice. If this changes, this privacy notice will be amended and placed on our website at www.eatfromwithin.com/policies.
We continually review our privacy practices and may change our policy and privacy statement from time to time. When we do this an amended privacy statement will be placed on our websites at www.eatfromwithin.com/policies.
This privacy notice was published on 9th April 2022 and last updated on 28th October 2022.
If you are concerned about how we are collecting, using and/or sharing your personal information, you can contact our Data Protection Officer Terri Pugh at firstname.lastname@example.org so that we can, where possible, resolve the Issue. If you feel we have not addressed your concern in a satisfactory manner you have the right to directly make a complaint to a supervisory authority. You can lodge a complaint by contacting the Information Commissioner’s Office at www.ico.org.uk.