Privacy Policy

Customer’s Data Consent and Secured privacy form

Data Retention Schedule

Helpful Herbs March 2025

To periodically review this schedule, record when reviewed and train staff to adhere to Privacy policies.

Mailing purchase/s.

Name and address to send products to. (1 week)

Health consultation Services

Name, address, health details, magnified eye photos.

With natural health herbal consultations and Iridology readings Helpful Herbs holds customer’s health data for 2 years in a secure location. ( Helpful Herbs computer in an off line file or hard copy in a locked file. Also on camera memory SD card stored securely.)

Customers sign a Data consent and Secure privacy form.

Email communication

Email communication (Name and email address) keep to uphold continuity and resolve issues.

 (2 years is a suggested time frame).

Product recall

For the unlikely event of product recall if a batch is found to be faulty.

Hold name, add

Cookies
Some cookies may last for a defined period of time, such as one visit (known as a session), one day or until you close your browser. Others last indefinitely until you delete them.
Your web browser should allow you to delete any cookie you choose. It should also allow you to prevent or limit their use. Your web browser may support a plug-in or add-on that helps you manage which cookies you wish to allow to operate.

Access Control Policy

Helpful Herbs March 2025

Staff that have access to personal data are made aware of Helpful Herbs’ policies to secure personal data.

Staff will follow the practices in this Access Control Policy and:

Terms and Conditions; Privacy Policy; Database retention policy; Data Breach and Disaster policies; Cookie policy; Working from home/remotely Policy; Returns policy; Data Subject Access request; Database retention Schedule; Customer Data Consent form and professional codes of conduct.

Presently only Chloe Bruce holds access passwords.

Elevate OM is building the website.

IONOS is the website host.

Unauthorized access is controlled by :

using complex passwords,

using encryption where necessary,

monitoring user and system activity to detect anything unusual;

implement and update anti-malware and anti-virus protection;

act upon vendor’s alerts or patches for updates to protect against technical vulnerabilities;

block websites or categories so unsupported operating systems or blacklisted sites can not be accessed;

have internal and external firewalls in place as well as intrusion detection systems to detect and prevent unauthorized access or attack;

data passing over public networks or wireless networks are safeguarded;

we use a supported operating system that is automatically updated;

we do not use social media or messaging apps to share personal data;

we use 2 step verification where possible;

removable media is kept securely.

Home/ Remote Working Policy

Helpful Herbs March 2025

Mobile phone security is two factor authentication.

Removable media is stored securely with minimum personal data.

Equipment, information and software taken off site is noted. It is kept in a secure place when possible it has 2 stage verification processes to access it.

Policies are available on the website and business computers.

Computer access and passwords are only available to Helpful Herbs.

Personal data is kept in a secure location.

Personal data is not seen by others not in the staff of Helpful Herbs on the screen, printer, before destruction or in locked, secure storage.

Database retention policy, Retention Data policy

Helpful herbs and staff are aware of securing customer’s personal data.

This policy is regularly reviewed. Only authorised personnel are given access to data. This is reviewed and recorded in The Data retention Schedule.

Data is reviewed periodically to remove unnecessary, inaccurate, duplicated data and anonymise where possible.

Data awaiting destruction is stored in a secure , locked place.

Paper documents are shredded or incinerated.

Electronic data is wiped by secure destruction.

Third parties, in Helpful herbs the third party is website manager ElevateOM and website host IONOS securely dispose of data.

We need to ask for appropriate assurance through for example audit checks or destruction certificates.

Customers agree by tick box to have their data processed, agree to our Terms and Conditions and use of cookies with options to opt out. And can easily apply to have data held seen and removed through the Data Service Access Request Form available on the website.

We keep a log of destructed confidential waste or equipment.

All data stored is listed in an Information asset register/ Data retention schedule.

Some data such as contact details and health reports are periodically backed up with hard copies that are stored securely in a locked place. ( see Disaster Recovery Plan).

Data Breach Response and Disaster Recovery Plan

Helpful Herbs March 2025

In case of data loss, some data such as contact details and health reports are periodically backed up with hard copies that are stored securely in a locked place.

Data breaches are reported to ICO within 72 hours even if full details are not known.

ICO needs to know:

The cause of the Breach;

what happened;

the personal data affected;

the effects of the breach;

any remedial action taken and rationale for that.

This needs recording in the case of near misses with the reason why it was deemed unnecessary to report to ICO.

Notifying individuals of breaches

We will notify customers if a breach has occurred, likely consequences, measures taken and advice of how the individual/s can protect themselves to mitigate the impact.

Helpful herbs will monitor breaches and how it was dealt with and what can be improved. Security measures will be assessed to try and prevent reoccurrence and minimise impact to our customers.

Periodic assessment will be made to update security measures.