Last updated: 5 November 2021
This Privacy Policy describes our policies and procedures on the collection, use and disclosure of Your information when You use our website and tells You about Your privacy rights and how the law protects You.
We use Your personal data to provide and improve our website. By using our website, You agree to the collection and use of information in accordance with this Privacy Policy.
For the purposes of this Privacy Policy:
Account means a unique account created for You to access our website or parts of our website.
Company (referred to as either “the company”, “we”, “us” or “our” in this Privacy Policy) refers to Carolyn Spring Ltd, registered company in England and Wales number 111009933, registered office at Workspace House, 28-29 Maxwell Road, Peterborough, PE2 7JE. We deliver online training and publish resources related to recovery from trauma and reversing adversity. For the purpose of the GDPR, the Company is the Data Controller.
Consumer means every individual who uses our website.
Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Country refers to the United Kingdom.
Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
Device means any device that can access the website such as a computer, a mobile phone or a digital tablet.
Personal Data is any information that relates to an identified or identifiable individual.
For the purposes for GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
Service refers to the website.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the website, to provide a service on behalf of the Company, to perform services related to the website or to assist the Company in analyzing how the website is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
Usage Data refers to data collected automatically, either generated by the use of the website or from the website infrastructure itself (for example, the duration of a page visit).
Website refers to the Carolyn Spring Ltd website, accessible from https://www.carolynspring.com.
You means the individual accessing or using the website, or the company, or other legal entity on behalf of which such individual is accessing or using the website, as applicable. Under GDPR (General Data Protection Regulation), ‘You’ can be referred to as the Data Subject or as the User as You are the individual using the website.
While using our website, we may ask You to provide us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:
Usage Data is collected automatically when using the website. Usage Data may include information such as Your device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our website that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the website by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that Your browser sends whenever You visit our website or when You access the website by or through a mobile device.
We use Cookies and similar tracking technologies to track the activity on our website and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse our website. The technologies We use may include:
Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. You can learn more about cookies here.
We use both Session and Persistent Cookies for the purposes set out below:
Necessary / Essential Cookies
Cookies Policy / Notice Acceptance Cookies
Functionality Cookies
Tracking and Performance Cookies
The Company may use Personal Data for the following purposes:
We may share Your personal information in the following situations:
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain Your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our website, or we are legally obligated to retain this data for longer time periods.
Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of Your data and other personal information.
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
The security of Your Personal Data is important to us, but please bear in mind that no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect Your Personal Data, we cannot guarantee its absolute security.
The Service Providers we use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on website in accordance with their Privacy Policies.
We may use third-party Service Providers to monitor and analyse the use of our website, for example:
Google Analytics
Facebook Pixel
We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us.
We may use Email Marketing Service Providers to manage and send emails to You either with Your consent or under the lawful basis of legitimate interest, but if You opt out of receiving emails from us then Your email address will be added to a blacklist and You will not receive any further such emails unless You specifically ask us to be re-added to our whitelist.
Our current Email Marketing Service Providers are:
Sendinblue
Metorik
We may provide paid products and/or services within the website. In that case, we may use third-party services for payment processing (e.g. payment processors).
We will not store or collect Your payment card details. That information is provided directly by You to our third-party payment processors whose use of Your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
Our current payment processor is:
Stripe
Their Privacy Policy can be viewed at https://stripe.com/us/privacy
We may process Personal Data under the following conditions:
In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.
You have the right under this Privacy Policy, and by law if You are within the EU, to:
You may exercise Your rights of access, rectification, cancellation and opposition by contacting us. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, we will try our best to respond to You as soon as possible.
You have the right to complain to a Data Protection Authority about our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.
We have a separate privacy notice for California residents which is available from us upon request, and it applies solely to all visitors, users, and others who reside in the State of California.
Our website may contain links to other websites that are not operated by us. If You click on a third party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.
We will let You know via email and/or a prominent notice on our service, prior to a significant change becoming effective and update the “Last updated” date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
If You have any questions about this Privacy Policy, You can contact us:
By email: info@carolynspring.com
By mail: Workspace House, 28-29 Maxwell Road, Peterborough, PE2 7JE