Privacy Policy davedigitalthomson@gmail.com January 29, 2021

Privacy Policy

Last updated: 21st May 2024

This Privacy Policy describes our policies and procedures on the collection, use and disclosure of your information when You use the Service (www.storyclinics.com) and tells You about your privacy rights and how the law protects You.

We use your personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service

  • Affiliate means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for the election of directors or other managing authority
  • Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Story Clinics (Harley Academy Limited), 5th Floor Jasper House 4-6 Copthall Avenue, London, EC2R 7DA

  • Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses

  • Country refers to: United Kingdom

  • Device means any device that can access the Service such as a computer, a mobile phone or a digital tablet

  • Personal Data is any information that relates to an identified or identifiable individual

  • Service refers to the Website/Application

  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analysing how the Service is used

  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit)

  • Website refers to Story website, accessible from www.storyclinics.com

  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Data Protection

Our use of your personal data is subject to the data protection laws applicable in the United Kingdom, including the UK GDPR; the Data Protection Act 2018 (and regulations made thereunder) (DPA 2018); the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) and the ePrivacy Directive (2002/58/EC) as amended and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications) and the guidance and codes of practice issued by the Commissioner or other relevant regulatory authority which are applicable to a party.

Who are we?

We are Story Clinics, the sister brand of Harley Academy Limited of 5th Floor Jasper House, 4-6 Copthall Avenue, London, EC2R 7DA (“we”, “us”, “our” or “Story”). We are the controller of personal data for the purposes of this Privacy Policy.

If You have any questions about this Privacy Policy, including requests to exercise your legal rights, please contact us using the details set out below:

Attn: DPO contactable at privacy@storyclinics.com or Story Clinics, 5th Floor Jasper House, 4-6 Copthall Avenue, London, EC2R 7DA.

What data do we collect from you?

We collect and use data through your use of our services and platform, enquiries You make about our services and your contact with us via the Website/Application or through other means. In respect of this personal data, we are the Controller.

If You use our services, are enquiring about using our services or if You are a contributor providing information to our platform, it will be necessary for You to provide certain data to us.

If You are passing data to us that belongs to someone else You must ensure You are lawfully permitted to transfer such data to us.

The data You provide or may provide is listed below.

Identity Data

Identity data includes your name, email address, username, title, date of birth, gender, profession and registration number or similar identifier.

Contact Data

Contact Data includes billing address, email address and telephone numbers.

Financial Data

Financial Data includes bank account and payment card details.

Transaction Data

Transaction Data includes details about payments to and from You and other details of any payments made by You whilst using our services or purchasing services or goods from us.

Profile Data

Profile Data includes your username and password, your user ID, preferences and Feedback.

Usage Data

Usage Data includes information about your visit and use of the platform, including the website that referred You to our Website (if applicable), the path that You take through the Website and platform (including date and time); pages that You viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Marketing and Communications Data

Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Aggregated Data

We also collect, use and share Aggregated Data, such as statistical or demographic data, for any purpose. Aggregated Data may be derived from your data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature or we may aggregate your responses to questions on the Website or through our Service and our findings to identify trends. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify You, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

Personal Data

We only collect Special Categories of personal data about You (such as information about your health and genetic data) where we have your explicit consent and we ensure our collection and processing of this data is not excessive. We do not collect any information about criminal convictions and offences.

Personal Data and Information we collect automatically

Information About Your Use of the Service

Our servers automatically record your visits to the Service. Like all other website and mobile app servers, ours compiles a log that records the date, time, browser (i.e., Firefox), device type (i.e., iPhone), operating system (i.e. Android), and originating IP address of each page You visit.

We use cookies to collect information about your visits to our website and Service

Cookies are text files placed on your computer by websites to collect standard log information and visitor behaviour information. Our cookies collect the following information about You: which website or ad You visited right before ours, which pages You visited on our Service, and how much time You spent on each section of our Service. We may also collect other data about your visit, such as search requests and results. We use this information for our legitimate interests to track usage of our Service, to measure the number of unique visitors to the different sections of our Service, to understand how Members find and join our website, and to help us make our Service more valuable to every Host and Member. The use of this information is called “analytics.” Often information used for analytics is aggregated. Our mobile applications on iOS (Apple) and Android (Google) have to interact with our computer servers. We assign your device a token so that You do not have to log in every time You use the Service via our mobile apps.

You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some of our Service features may not work properly without cookies. Most browsers accept cookies automatically but allow You to disable them. For more information about cookies visit https://www.allaboutcookies.org

Information About Your Location

From your IP address, we can tell generally where You are when You are accessing our Service, such as which city. We start by choosing a location for You based on the IP address of your internet connection. You can update or remove this location at any time by logging in to your account on the Service.

Personal Data and Information Third Parties collect automatically

Third-Party Cookies for Site Use Analysis

We use third parties such as Google to help us analyse how people are using our Service. We also use the Google Analytics service to provide us with demographic data about our Hosts and Members, such as age and gender. Google uses a cookie that can be recognised by Google or its affiliate DoubleClick when You visit other websites. For more information about how Google collects, uses, and shares your information, please visit the Google Privacy Policy-Partners website at https://www.google.com/policies/privacy/partners/

Third-Party Cookies Used to Target Ads on Other Websites.

“Beacons” are transparent pixel images that are used in collecting information about website usage across websites and over time. Our Hosts may use their own or third-party cookies or beacons to target Host ads to You when You visit other websites. Our Hosts may also work with other companies who use their cookies or beacons to target third-party ads to You on other websites based on your prior visits to the Host’s Network on our website Service. This is called online behavioural advertising (“OBA”) because You receive ads based on your prior online behaviour. We do not have access to these cookies; it is third parties who engage in OBA.

How Do We Collect Data?

We use different methods to collect data from You including as follows:

  • Enquiring If You contact us to ask about our services or about us generally, either through the Website or otherwise, we will collect and process Identity, Contact and Financial Data

  • Signing up If You sign up for our Service, we will collect and process Identity, Contact, Financial, Transaction, Technical, and Profile Data

  • Usage When You use our Service or platform, we will collect and process the data You add to our platform

  • Correspondence If You correspond with us using our contact form or through our ‘contact us’ or help features, we will collect and process Identity and Contact Data

  • Browsing We collect some Technical and Usage Data.

How Do We Use Data Collected From You?

We will only use your data when the law allows us to. Most commonly, we use it in the following circumstances:

  • Where we need to perform the contract we are about to, or have, entered into with You

  • Where we have your consent to process your data, for example for certain marketing purposes or where we collect Special Categories of data. You have the right to withdraw your consent at any time

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests)

  • Where we need to comply with a legal or regulatory obligation such as informing You of changes to this policy or if we are obliged by a court of law.

Below are the ways we use data and the legal basis for doing so. We have also identified what our legitimate interest is, where appropriate.

1. Purpose/Activity

To register You as a new client

1. Type of Data

  • Identity
  • Contact

1. Lawful basis for processing including basis of legitimate interest

  • Performance of a contract with You
  • Necessary for our legitimate interest (for running our business and providing You with services)

2. Purpose/Activity

To perform the contract and provide You with services:

  • Manage payments, fees and charges
  • Collect and recover money owed to us

2. Type of Data

  • Identity
  • Contact
  • Financial
  • Transaction
  • Technical
  • Marketing and Communications

2. Lawful basis for processing including basis of legitimate interest

  • Performance of a contract with You
  • Necessary for our legitimate interests (to recover debts due to us)

3. Purpose/Activity

To operate our platform and provide our platform services

3. Type of Data

  • Identity
  • Profile
  • Health
  • Information

3. Lawful basis for processing including basis of legitimate interest

  • Performance of a contract with You
  • Necessary for our legitimate interest (for running our business and providing You with services)
  • Where You have given your explicit consent
  • Necessary for our legitimate interest (for identifying trends and patterns in the data)

4. Purpose/Activity

To manage our relationship with You which will include:

  • Notifying You about changes to our terms or privacy policy
  • Asking You to provide feedback on our services

4. Type of Data

  • Identity
  • Contact
  • Profile
  • Marketing and Communications

4. Lawful basis for processing including basis of legitimate interest

  • Performance of a contract with You
  • Necessary to comply with a legal obligation
  • Necessary for our legitimate interests (to keep our records updated and to study how customers use our Services and Applications)

5. Purpose/Activity

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

5. Type of Data

  • Identity
  • Contact
  • Technical

5. Lawful basis for processing including basis of legitimate interest

  • Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
  • Necessary to comply with a legal obligation

6. Purpose/Activity

To deliver relevant website content and advertisements to You and measure or understand the effectiveness of the advertising we serve to You

6. Type of Data

  • Identity
  • Contact
  • Profile
  • Usage
  • Marketing and Communications
  • Technical

6. Lawful basis for processing including basis of legitimate interest

  • Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
  • Consent obtained for use of
    relevant cookies

7. Purpose/Activity

To use data analytics to improve the Website, services, platform, marketing, customer relationships and experiences

7. Type of Data

  • Technical
  • Usage

7. Lawful basis for processing including basis of legitimate interest

Necessary for our legitimate interests (to define types of customers for our products and services, to keep the Website and platform updated and relevant, to develop our business and application and to inform our marketing strategy)

Purpose/Activity

Type of Data

Lawful basis for processing including basis of legitimate interest

To register You as a new client

  • Identity
  • Contact
  • Performance of a contract with You
  • Necessary for our legitimate interest (for running our business and providing You with services)

To perform the contract and provide You with services:

  • Manage payments, fees and charges
  • Collect and recover money owed to us
  • Identity
  • Contact
  • Financial
  • Transaction
  • Technical
  • Marketing and Communications
  • Performance of a contract with You
  • Necessary for our legitimate interests (to recover debts due to us)

To operate our platform and provide our platform services

  • Identity
  • Profile
  • Health
  • Information
  • Performance of a contract with You
  • Necessary for our legitimate interest (for running our business
    and providing You with services)
  • Where You have given your
    explicit consent
  • Necessary for our legitimate interest (for identifying trends and patterns in the data)

To manage our relationship with You which will include:

  • Notifying You about changes to our terms or
    privacy policy
  • Asking You to provide feedback on our services
  • Identity
  • Contact
  • Profile
  • Marketing and Communications
  • Performance of a contract with You
  • Necessary to comply with a legal obligation
  • Necessary for our legitimate interests (to keep our records updated and to study how customers use our Services and Applications)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

  • Identity
  • Contact
  • Technical
  • Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
  • Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to You and measure or understand the effectiveness of the advertising we serve to You

  • Identity
  • Contact
  • Profile
  • Usage
  • Marketing and Communications
  • Technical
  • Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
  • Consent obtained for use of
    relevant cookies

To use data analytics to improve the Website, services, platform, marketing, customer relationships and experiences

  • Technical
  • Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep the Website and platform updated and relevant, to develop our business and application and to inform our marketing strategy)

Special Category Data

In light of the services which we provide to You, it will often be necessary for us to use information about your health. Even in the broadest sense of the word, ‘health’ information is a special category of personal data which requires us to have an additional lawful basis for using this information. Where we use information about your health for the purpose of providing our services to you (or in preparation for us to provide services to you), the additional lawful basis on which we shall rely will be that such use is necessary in order for us to provide you with health care or treatment.

You may be asked to provide details that impact potential treatments and products. Including medications, medical history, allergies, lifestyle factors such as occupation and travel plans, medical treatments and on going concerns. This data is stored securely and only used when advising you on suitable treatments.

With the exception of Health Data, we do not collect any other Special Categories of Personal Data about you (this includes details about religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic or biometric data). Nor do we collect any information about criminal convictions and offences.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

If the information we have stored needs updating, please inform us by email info@storyclinics.com

We may process data for more than one lawful ground depending on the specific purpose for which we are using data. Please contact us if You want further details about the specific legal ground we are relying on to process your data.

Where we need to collect data by law, or under the terms of a contract and You do not provide that data when requested, we may not be able to fulfil the contract. In this case, we may have to cancel a service You have with us.

Who Do We Share Your Data With?

We may share your data within Story clinics sister brands, The Academy Clinic and Harley Academy Limited (i.e. our officers, staff and contractors) and with our service providers; for example, to service your requests or provide You with information. We may also share your data if a change happens in our business such as a merger or acquisition. If that happens, the new owners may use your data in the same way as set out in this Privacy Policy.

We may also share your data with service providers whom we engage to help us run our business or deliver our services to you.

We may also share any data You place on our platform with other users of our platform.

We may also share your data with other organisations or individuals when it is reasonably necessary to:

  • Meet any applicable law, regulation, legal process or request of a suitable governmental body or public authority e.g. under a relevant court production order
  • Enforce applicable legal terms and conditions or our other legal rights, including investigation of potential violations
  • Protect against or prevent harm to the rights, property or safety of Story Clinics as required or permitted by law.

When we share personal data with third parties, we will ensure that we only share the minimum necessary, that appropriate safeguards are in place and that such recipients are bound by appropriate confidentiality obligations.

Your activity on Our Service in accordance with their Privacy Policies:

Where Is Your Data Stored And Processed?

We will process and store your data on the Website/Application servers, email and other servers and equipment that are needed to provide the services and platform as applicable.

We do not ordinarily transfer your data outside of the country or region from which You access our services. That is either the UK or European Economic Area. However, we may transfer your data outside of your country or region as follows:

Analytics Providers

Our service providers, such as Google Analytics (Google Inc. and its affiliates), may process your data in the course of providing analytical information to us about the use of the Website. These service providers may collect and/or transfer your data outside of the UK or European Economic Area. For more information on how Google Analytics processes your data, You can visit here: https://support.google.com/analytics/answer/6004245?hl=en-GB

Service Providers

Sometimes our service providers are based outside of the EEA or UK. Whenever we transfer data out of the EEA or UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer data to countries that have been deemed to provide an adequate level of protection for data; or
  • Where we use certain service providers, we may use specific contracts approved by the UK Information Commissioner which give personal data the same protection it has in the UK.

What Direct Marketing Do We Conduct?

If You provide your contact details, we might contact You individually in the future if we think that our services may be of interest to you. If we think it appropriate, we might also add You to our regular email marketing list.

You can ask us to remove your personal details from our marketing lists using the contact details listed at the top of this Privacy Policy.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of Your data and other personal information.

Your Legal Rights

Under certain circumstances, You have rights under data protection laws in relation to your personal data.

  • Request access to your personal data (commonly known as a “data subject access request”). This enables You to confirm with us whether your personal data is processed and, if it is, to receive a copy of the personal data we hold about you

  • Request correction of the personal data that we hold about you. This enables You to have any incomplete or inaccurate data we hold about You corrected, though we may need to verify the accuracy of the new data You provide to us

  • Request erasure of your personal data in certain circumstances. This enables You to ask us to delete or remove personal data where it is no longer necessary for us to continue to process it. You also have the right to ask us to delete or remove your personal data where You have successfully exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with applicable law. However, the right to erasure is not an absolute right and we may not always be required to comply with your request for specific legal reasons which will be notified to you, if applicable, at the time of your request

  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party). In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms.

You also have the right to object where we are processing your personal data for direct marketing purposes.

  • Request restriction of processing of your personal data in certain circumstances. This enables You to ask us to suspend the processing of your personal data in the following circumstances:

    A. If You want us to establish the data’s accuracy

    B. Where our use of the data is unlawful but You do not want us to erase it

    C. Where You need us to hold the data even if we no longer require it as You need it to establish, exercise or defend legal claims; or

    D. You have objected to our use of your personal data or performing profiling activities when relying on a legitimate interest but we need to verify whether we have overriding legitimate grounds to use it.

  • Request the transfer of your personal data to You or a third party. We will provide to you, or a third party You have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal data processed by automated means which You initially provided consent for us to use or where we used the information to perform a contract with you

  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before You withdraw your consent. If You withdraw your consent, we may not be able to provide certain products or services to you. We will advise You if this is the case at the time You withdraw your consent

  • You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns in the first instance.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation

  • Protect and defend the rights or property of the Company

  • Prevent or investigate possible wrongdoing in connection with the Service

  • Protect the personal safety of Users of the Service or the public

  • Protect against legal liability.

Security of Your Personal Data

The security of Your Personal Data is important to Us. We have put in place appropriate security measures to prevent data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to data to those of our staff and other third parties who have a business need to know. They will only process data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data breach and will notify You and any applicable regulator of any breach where we are legally required to do so.

Children's Privacy

Our Service does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 18 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent’s consent before We collect and use that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third-party’s site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If You have any questions about this Privacy Policy, You can contact us:

  • By email: privacy@storyclinics.com

    ● By mail: Story Clinics of 5th Floor Jasper House, 4-6 Copthall Avenue, London, EC2R 7DA.