top of page

Privacy Policy (GDPR)

Herb Spirit Healing Logo

It is our policy to collect, process and share the personal data ('data') provided to us by you in
order to carry out the services requested by you and any contact in relation to those services only.
Your data will not be used for any purposes other than those explicitly stated in this Privacy Policy
or requested by you in your dealings with us.


This Privacy Policy describes how we collect, use, protect, process and share your data when you
book appointments with us, either online or directly, and when you communicate with us
throughout the process of treatment and at any other time. This Privacy Policy does not provide
exhaustive detail. However, we are happy to provide any additional information or explanation
needed. Any requests for this should be sent to hello@herbspirithealing.com.


This Privacy Policy does not apply to the information processed by third parties on behalf of
Herb Spirit Healing. However, we have reviewed their Privacy and Data Protection Policy/ies and are satisfied
that they meet the standards set out in the General Data Protection Regulations 2018.


We may update this Privacy Policy at any time to enable us to carry out the services we provide in
the most effective and efficient way possible. We will notify you of any changes by revising the date
on our published document on our website and in clinic, or for more substantial changes by
contacting you via email or text to seek consent. This Privacy Policy was last reviewed in [April
2025].


1. The identity of the data controller
You are hereby informed that the data that you provide is collected, used, protected, processed and
shared by Herb Spirit Healing.


2. Collection of data
We may collect data about our clients, prospects and visitors.
Your data is collected when you browse our website, contact us via email, phone or in person or
through our website.


Data we collect fall into the following categories:

• Identification information
• Contact information
• Medical information
• Browsing information
These data are gathered directly from you via booking and from direct communication with us, i.e.
client intake form. Browsing history is collected via automated methods.


2.1. Information you provide to us
We process data you provide directly to us, in particular when you complete a client intake form or
when you book.
For example, we collect data when you create a booking, use the services, participate in a contest or
promotion, register for an event or an online course, apply for a job, request customer support or
otherwise communicate with us.
The data may include the following data as well as any other type of information that we specifically
request you to provide to us through our client intake forms and during consultation, such as:
• Names
• Address
• Date of birth
• Phone no.
• Email
• Doctor’s details
• Next of kin
• Medical history
• Medical red flag(s)
• Treatment notes
• Relationship data
• Images of Eyes
• Lab test results
• Browsing data.


2.2. Data we collect automatically when you use our online services
When you access or use our online services, we automatically collect the following information
about you:


• Log information: We log information about your use of the services, including the type of
browser you use, access times, pages viewed, your IP address and the page you visited
before navigating to our services.
• Device information: We collect information about the computer or mobile device you use
to access our services, including the hardware model, operating system and version, unique
device identifiers and mobile network information.
• Location information: We may, with your consent, collect information about the location of
your device each time you access or use one of our mobile applications. If you initially

consent to our collection of location information, you may be able to subsequently stop the
collection of these data through your device's operating system settings.


2.3. Information we collect automatically through cookies and other tracking technology
We may use cookies, web beacon and other similar technologies on our online Services to collect
information and provide you with the services or products that you have requested.
A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and which
is used to record information related to the navigation or the use of a device or a website.
A “web beacon” is a small object or image that is embedded into a web page, application, or email
and is used to track activity. They are also sometimes referred to as pixels and tags (also known as
“tracking pixels”). It may be used in our services or emails and help deliver cookies, count visits,
understand usage and campaign effectiveness and determine whether an email has been opened
and acted upon. For more information about cookies, and how to disable them, please see 'Your
Choices' below.


We use cookies and other similar technologies to collect information for the purposes described in
this Privacy Policy. We may also combine the information collected by these technologies with
information we have collected about you by other means that are described in this Privacy Policy.
Some of the cookies are used for the exclusive purpose of enabling or facilitating communication or
are strictly necessary for the provision of our online services.


These are essentially of session cookies for authenticating and connecting to our online services, as
well as memorising navigation items during a session.
You have the ability to decline cookies by changing the settings on your browser but this might
prevent you from benefiting from some elements of our online services. You can also consult or
destroy cookies if you wish, since they are stored on your hard disk.


We may also use these technologies for other purposes than our online service operation, such as:
• To improve our online services
• To remember you, for your convenience, when you use our online services.
We inform you, in particular, that we use Google Analytics to collect information about use of our
online services. We do not combine the information collected through the use of Google Analytics
with personally identifiable information. We inform you that Google Analytics plants a permanent
cookie on your web browser to identify you as a unique user the next time you visit our site, the
cookie cannot be used by anyone but Google. Google’s ability to use and share information
collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms
of Use and the Google Privacy Policy. You can prevent Google Analytics from recognising you on
return visits to this site by disabling cookies on your browser. For more information on Google
Analytics, please visit Google Analytics.

​

2.4. Third-party cookies
When you access or use our online services, one or more third-party cookies are likely to be placed
on your equipment.
We inform you that we have no access to, and cannot exercise any control over, third-party cookies.
However, we shall ensure that the partner companies agree to process the information collected on
our online services in compliance with the GDPR and undertake to implement appropriate measures
to secure and protect data confidentiality.


3. How we use the data
We may use information about you for the following purposes:
• Provide, maintain and improve our services
• Provide and deliver the service you request, process transactions and send you related
information, including confirmations and invoices
• Send you technical notices, updates, security alerts and support and administrative
messages
• Respond to your comments, questions and requests, and provide customer service
• Monitor and analyze trends, usage and activities in connection with our services
• Personalise and improve the services we provide.
According to the GDPR, the legal basis we use for processing your data is Consent.


4. How we share your data
• We will seek your express consent before sharing your information with your GP or other
healthcare providers. However, if we believe that your life is in danger then we may pass
your information onto an appropriate authority (such as the police, social services in the
case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital
interests
• We may share your case history in an anonymised form with our peers for the purpose of
professional development. This may be at clinical supervision meetings, conferences, online
forums, and through publishing in medical journals, trade magazines or online professional
sites. We will seek your explicit consent before processing your data in this way.
• In response to a request for information if we are required by – or believe that disclosure is
required by – any applicable law, regulation or legal process, including in connection with
lawful requests by law enforcement, national security, or other public authorities.

​

5. The period of data retention
Following completion of your healthcare, we retain your personal data for the period defined by our
insurance, Balens Insurance Finance Services Ltd (BIFS). This enables us to process any complaint
you may make. In this case, the legal basis of our holding your personal data is for contract
administration.

​

6. Data access
Upon receiving a written request from you seeking access to your data, we will provide either a hard
or electronic copy of the data that we hold on you, to be sent by registered post or email,
respectively. This will include exports of the information held about you on our website. We will
provide your data to you within a period of 28 days from the date that we receive your request.


7. Data amendments
Upon receiving a request from you to update, correct or amend your personal data held by us, we
will make the amendments within a period of 7 days from the date that we receive your request.


8. Security
We are committed to taking appropriate measures designed to keep your data secure. Our
technical, administrative and physical procedures are designed to protect data from loss, theft,
misuse and accidental, unlawful or unauthorized access, disclosure, alteration, use and destruction.
We follow generally accepted standards to protect the personal information submitted to us, both
during transmission and once it is received.


9. Your rights
Under the General Data Protection Regulations 2018 (GDPR), individuals have significantly
strengthened rights to:
• Obtain details about how their data are processed by an organisation or business
• Obtain copies of personal data that an organisation holds on them
• Have incorrect or incomplete data corrected
• Have their data erased by an organisation where, for example, the organisation has no
legitimate reason for retaining the data
• Obtain their data from an organisation and to have that data transmitted to another
organisation (data portability)
• Object to the processing of their data by an organisation in certain circumstances
• Not to be subject to (with some exceptions) automated decision making, including profiling.

​

10. In the event of a data breach
Every precaution will be taken to avoid a breach of your data. However, if such a breach should
occur, it will be documented, assessed as to its severity and appropriate action taken. The
Information Commissioner's Office (ICO) will be informed and you will be contacted to assist you in
taking steps to mitigate the risks to yourself if the breach is deemed sufficiently severe to put you or
your identity at risk.

Herb Spirit Healing © 2025 Maya Daghighi

​

Member of

Association-of-Master-Herbalists-Logo

Privacy Policy

Important Medical Disclaimer: The information on this site is NOT INTENDED or IMPLIED to be a substitute for professional medical advice, diagnosis or treatment. The alternative therapies offered through this website are to compliment medication and medical treatment, and are NOT offered as medical or psychological advice, guidance or treatment.

 

bottom of page