Privacy Policy

We (The Lotus Factory) are committed to protecting the privacy and security of your personal information. Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint. When we use your personal data, we are regulated under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. We are responsible as ‘controllers’ of that personal data for the purposes of data protection legislation. This privacy notice applies to any individual whose data we process, including (but not limited to) visitors to our website, and clients). We may change this policy by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

Definitions and interpretations:

The following definitions are used:

- Data- Collectively all information that you submit to The Lotus Factory via the Website. This definition incorporates, where applicable, the definitions provided in the Data Protection Laws;

- Data protection- Any applicable law relating to the processing of personal data, including but not limited to the Directive 94/46/EC (Data Protection Directive) or the GDPR, and any national implementing laws, regulations and secondary legislation, for as long as the GDPR is effective in the UK

- GDPR – the General Data Protection Regulation (EU) 2016/679

We may collect/store the following personal information about you: 

• “Identity Data” - includes name, username or similar identifier, title, date of birth and gender. 

• “Contact Data” - includes address, email address and telephone numbers. 

• “Financial Data” – we don’t store any financial information as all payments are made directly by you to us via transfer.

• “Transaction Data” - includes details about payments from you and other details of services and sessions you have purchased, including correspondence between us and clients

• “Technical Data” - includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. 

• “Profile Data” includes your username and password, name, email address, purchases made by you, preferences, feedback and survey responses.

• “Usage Data” - includes information about how you use our website and services. 

• “Marketing and Communications Data” - includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We may collect/store the following sensitive personal information about you:

• If you are a client, information contained in the notes taken by your facilitators during your sessions. Such notes may also contain the sensitive personal information of individuals you discuss during a session with them. These notes are anonymised, and password protected. This will include any related documents (including correspondence with medical professionals etc). We will not access these notes/related documents unless it is necessary. This sensitive personal information is stored and processed for the reasons, and in the manner, explained below.

We only collect and store such sensitive personal information where it is necessary and lawful to do so. We are committed to protecting and preserving the confidentiality of this information.

Information about other people:

Should you provide information to us about any person other than yourself, including (but not limited to) your employees, advisers, or counterparties you must ensure that such third parties have been informed and understand how their data will be used and/or that they have given their permission for you to disclose it to us and for you to allow us our outsourced service providers to process it.

How and why we use your personal information: 

We may collect your personal data for the following purposes:

• to register you as a user on the platform; 

• to provide services to you and fulfil our contract with you; 

• to analyse and improve our services and communications and to ensure business policies are adhered to e.g. policies covering security, data protection, use of our website etc. 

• to protect the security of our website, communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities; 

• for insurance purposes; 

• to exercise or defend our legal rights, or to comply with court orders;

• for any other purposes related and/or ancillary to any of the above or any other purposes for which your personal data was provided to us; 

• for statistical analysis to help us manage our practice e.g. in relation to our financial performance, client base, work type or other efficiency measures. 

• to communicate with you to keep you up to date on the latest developments, announcements, and other information about our, events and initiatives; • to send you feedback surveys and marketing campaigns; and 

• to collect information about your marketing preferences to personalise and improve the quality of our communications with you.

Under data protection law, we can only use your personal data if we have a reason for doing so. We may process your personal data in connection with any of the purposes set out above on one or more of the following legal grounds: 

• to comply with our legal and regulatory obligations. 

• because our legitimate interests, or those of a third-party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms. 

• where you have given consent; 

• in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings.

Please note a legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

How and why we collect/store your sensitive personal information:

If you are a client, we may collect/store your sensitive personal data for the following purposes: 

• to securely store notes taken by your facilitator during your sessions and related documentation, to allow the facilitator to effectively exercise his/her duty of care and assist him/her in keeping track of all matters being discussed with you during such sessions.

Please note we will not access such session notes unless it is absolutely necessary, such as when we need to retrieve lost personal data.

We can only collect/store your sensitive personal data if we have lawful grounds for doing so. 

We securely store your session notes based on the below legal grounds: 

• to comply with our legal and regulatory obligations. 

• to establish, exercise or defend our legal rights or for the purpose of legal proceedings; 

• you have given your explicit consent.

Before booking a session through The Lotus Factory, you will be asked to actively consent to the processing of your sensitive personal data in line with this privacy notice. Promotional communications we may use your personal data to send you updates (by email, telephone or post) about our services that might be of interest to you.

We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications.

However, where consent is needed, we will ask for this consent separately and clearly. We will always treat your personal data with the utmost respect. You have the right to opt out of receiving promotional communications at any time or to update your marketing preferences by: 

• contacting us by emailing lotusfactory1222@gmail.com; 

• using the ‘unsubscribe’ link in emails.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or structure of our business. Information about your device and how you use our site We may collect information about the devices you use, such as your mobile or browser and information about how you use our website. This helps us to improve our website for you and allows us to give you a better experience. This data is anonymised and will not include any of your personal information. This information may also be used in fraud prevention allowing us to earmark suspicious/criminal activity. Please refer to our “Cookie Policy” for more information.

How long we keep your data for: 

We will keep your personal data for no longer than is necessary for the purpose(s) it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. We keep your data for the minimum period we consider necessary to resolve any queries and to ensure legal and regulatory compliance in line with industry practice. We currently consider this period to be 6 years unless the law prescribes a longer period. As mentioned above, we do not access your personal/sensitive personal data (including session notes and related documents) unless it is necessary. Further details of the periods for which we retain data are available on request.

Who we share your personal and/or sensitive personal information with: 

We may share your personal information with third parties, but only where this is necessary and lawful.

Third-party providers: 

We may be required to share basic user information with our third-party service providers, such as our website developer and IT support. 

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations. Where your personal information is held Information may be held on our secure online server, and with third-party agencies, service providers, representatives and agents as described above (see above: ‘Who we share your personal information with’).

Your rights 

You have the following rights, which you can ordinarily exercise free of charge:   

• Access The right to be provided with a copy of your personal data 

• Rectification The right to require us to correct any mistakes in your personal data 

• To be forgotten The right to require us to delete your personal data - in certain situations 

• Restriction of processing The right to require us to restrict processing of your personal data - in certain circumstances e.g. if you contest the accuracy of the data portability 

• The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party. 

• To object The right to object: - at any time to your personal data being processed for direct marketing; and - in certain other situations to our continued processing of your personal data e.g. processing carried out for the purpose of our legitimate interests.

If you would like to exercise any of those rights, please: 

• email us – at lotusfactory1222@gmai.com

• let us have enough information to identify you (e.g. your full name, address and client or matter reference number);

Maintenance and security of your personal information: 

We are committed to ensuring that your information is secure. We endeavour to ensure that your data is stored securely and to prevent unauthorised access. We limit access to your personal information to those individuals who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Right to withdraw consent:

If you have provided your consent to the processing of your personal and/or sensitive personal data, you have the right to withdraw your consent. If you wish to do so, please contact us. 

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights, and freedoms or for the establishment, exercise or defence of legal claims. 

Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our legal services. Updating your personal information. We are committed to maintaining the accuracy of the personal data we process. If any of the personal data that you have provided to us changes or if you become aware that we are processing inaccurate personal data about you, please get in touch. We will not be responsible for any losses arising from any inaccurate or incomplete personal data provided to us by you.

How to complain:

We hope that we can resolve any query or concern you may raise about our use of your information. Data protection legislation also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or by telephone at 0303 123 1113. 

How to contact us:

Please contact us by email if you have any questions about this privacy policy or the information, we hold about you.

Our contact details: lotusfactory1222@gmail.com