DATA PRIVACY POLICY
Thank you for trusting us with some information about you, we want you to know what we collect, how we use it and why.
1. WHO IS HOLDING YOUR INFORMATION
| NAME: | The Healing Link (THL) Ltd |
| WHO ARE WE: | We (THL) are registered with the Information Commissioners Office (ICO) as a Data Controller, which means we are responsible for handling your personal data in line with UK data protection law |
| ADDRESS: | Unit 6, Washington Road, West Wilts Trading Estate, Westbury, Wiltshire. BA13 4JP |
| COMPANY REGISTRATION NO : | 17222851 |
| WEBSITE: | https://thehealinglink.co.uk |
| EMAIL ADDRESS FOR GENERAL ENQUIRIES: | info@thehealinglink.co.uk |
| DATA RETENTION POLICY: | https://thehealinglink.co.uk/legal/data-retention-policy/ |
| CARD & PAYMENT PROCESSOR (Third Party) AND THEIR SECURITY POLICY LINK | |
| COOKIE POLICY | https://thehealinglink.co.uk/cookie-policy-uk/ |
| ARTIFICIAL INTELLIGENCE POLICY: | https://thehealinglink.co.uk/legal/ai-policy/ |
| WHO WE ARE: | The Healing Link (“WE”, “US”, “OUR”) operates as a holistic referral network, practitioner directory and health connector service. We connect members of the public (“CLIENTS”) with independent holistic and complementary practitioners (“PRACTITIONERS”). We act solely as a facilitator and marketing intermediary and do not provide medical, diagnostic or healthcare services. |
| THIRD PARTIES WE SHARE INFORMATION WITH: | We will not sell or exchange your personal information with any organisation who may use it for marketing purposes. We will only share your information with necessary parties only, and only when/if it is required. We may out source during busy periods. This includes using Virtual Assistants and IT Support. Such services will have limited access to your data and will only be provided where it is essential to their service. We hold your information in the strictest confidence. The software we use during our service and ongoing support for you will be listed separately and their data protection and policies will be included. Password protection will be used to secure your data and the system we use is secure for sharing passwords. All Third Party processors used by THL are subject to review before implementation. Relevant policies, Data Processing Agreements and data protection commitments are retained where available and link provided within our Legal Hub. Providers are expected to process personal data in accordance with applicable UK data protection legislation and to implement appropriate safeguards for any international transfers. |
| DATA STORAGE AND PLATFORMS: | Zoho Namecheap Hostinger |
| DO WE TRANSFER YOUR DATA TO ANY ORGANISATIONS/COUNTRIES OUSIDE THE EU/UK: | We have selected UK and/or EU based data hosting with our service providers. We do not routinely transfer personal data outside of the UK or EU. If an international transfer is required by one of our service providers, we will ensure that the appropriate safeguards are in place and that the transfer complies with applicable data protection laws. |
| DO WE USE ANY AUTOMATED DECISION MAKING/PROFILING TOOLS ON YOUR DATA: | We do not use automated decision making or profiling that produces legal or similarly significant effects on individuals, decisions regarding practitioner listings, enquiries and services are subject to human review |
| NOMINATED DATA PROTECTION CONTACT: | Shelley James |
| CONTACT EMAIL FOR PRIVACY & DATA ENQUIRIES: | website@thehealinglink.co.uk |
| OUR DATA REGULATOR CONTACT DETAILS ARE: | The data regulators for the EU and UK can be found via these links – UK – https://ico.org.uk/ EU – http://edible.europa.eu/about-edpb/board/members_en |
| ARE WE COLLECTING INFORMATION ABOUT CHILDREN UNDER 16: | Yes |
| HOW TO RAISE CONCERNS: | If you have any concerns about how we handle your personal data you can raise a complaint directly by using our online form which can be found HERE. It contains information on how to escalate to our regulator if needed, or you can email the address above. |
| DATE POLICY UPDATED: | 9th June 2026 |
2. WHOSE INFORMATION DO WE COLLECT
We process information about:
| PROSPECTIVE CLIENTS | Potential clients seeking services from us, people connected to potential clients, children for whom services are sought |
| PROSPECTIVE PRACTITIONERS | Potential practitioners, people employed by potential practitioners |
| CLIENTS | People who have accepted services from us |
| PRACTITIONERS | Practitioners who have subscribed to our services |
3. OUR POLICY
We are committed to respectful treatment of the personal information of everyone we have contact with. We comply with UK GDPR, The Data Protection Act 2018, and ICO guidance.
This policy explains how we keep things simple and clear – when and why we collect the information, how we use it, the situations whereby others can see or use it, and how we keep it secure.
In case you don’t want to read the policy in full right now we can refine it for you –
- We don’t sell, rent or trade email lists with anyone else
- We have divided this policy into sections, depending on who you are
- Section A is for EVERYONE
- Section B is for PROSPECTIVE CLIENTS
- Section C is for PROSPECTIVE PRACTITIONERS
- Section D is for CLIENTS
- Section E is for PRACTITIONERS
LAWFUL BASES AND DATA PROTECTION RIGHTS
Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.
Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
• Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access.
• Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.
• Your right to erasure – You have the right to ask us to delete your personal information. Read more about the right to erasure.
• Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.
• Your right to object to processing – You have the right to object to the processing of your personal data. Read more about the right to object to processing.
• Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.
If you make a request, we must respond to you without undue delay and in any event within one month.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
SECTION A – EVERYONE
Whoever you are, our intention is to use your information to make everything work smoothly in your experience of working with us. If that’s not how it turns out for you, please be sure to contact us. It’s best to put things in writing, which you can do by emailing the address in this policy.
We regularly review this policy and revise it as and when required. Please check back here from time to time to ensure you have the latest information.
A.1. – OUR GENERAL APPROACH TO PERSONAL DATA
We’re committed to protecting your privacy and honouring your legal rights to control how we use your personal data.
We only collect and use personal data when we need to:
- Because you have asked us to do something (eg. send newsletters)
- So that we can reply to queries or complaints
- To develop and manage our relationship with you
- To help our business grow and fulfil our services
- To provide services to CLIENTS and PRACTITIONERS
- To calculate service levels to PRACTITIONERS
- To meet legal obligations
We try to make sure the information we hold is accurate and up to date, and that it is no more than we need to have.
A.2 -CATEGORIES OF DATA
The types of information we will be processing depends on our relationship with you.
We may process information about you that you have provided to us yourself or published generally on the internet through social media and other websites.
In all cases, we will have the identifying and communication information that is relevant and that we can sensibly obtain: such as your name, email address, business name (if applicable), contact address, social media addresses. We may also capture some of the information published by you in your social media output to the extent that it might be relevant to our interactions.
If you are or work for a PROSPECTIVE PRACTITIONER, we will aim to process information for the purposes of establishing and maintaining a professional working relationship with you, and for carrying out activities connected to our business relationship. This may include information relating to your business, professional services and relevant professional interests.
If you are or you are a relative of a CLIENT or PROSPECTIVE CLIENT we will also keep records of our interactions, the referrals we have provided for you and any follow up communication and feedback.
If you are or work for a PRACTITIONER we will keep records as listed above and in addition financial and accounting records.
If we are processing information about you purely in the process of providing services to others please see section C and E. Please note that your rights may be subject to applicable exemptions.
If you have any questions or concerns about our use of your information, or how we have responded to any request about your personal data, please contact us by emailing us on the address provided on this policy.
If you remain dissatisfied with our response, details of the relevant supervisory authority are provided within this policy, and you have the right to raise it with them accordingly.
A.3 – DOWNLOADS, NEWSLETTERS AND SERVICES
We monitor engagement with newsletters, downloads, services and automated email sequences, such as whether emails are opened or links are clicked. We use this information to better understand which content and services are most useful and relevant to our audience, so that we can improve and tailor communications and resources.
When you interact with links or content on our website, you may be shown related information or directed to additional pages to help you explore topics of interest.
You can unsubscribe from these sequences at any time.
Existing CLIENTS and PRACTITIONERS may receive emails about specific services and offers relating to things you have received before. You can unsubscribe from these at any time.
We use automations (short sequences of emails that start when you ask for something in particular) to send you the information you have asked for, to provide services you have requested from us, to fulfil our contract with you, and to administer services you have subscribed to. A lot of our onboarding for our services is done by emails which give you tips, hints and short videos. You can unsubscribe to these at any time.
We monitor who reads our mailing and automations, how many times, and which links you choose to use and read. We use this information to increase the contents level of interest and help us to improve what we send. You can remove your information from this monitoring by disabling cookies on your website browser before opening emails from us. From time to time we contact individual email newsletter subscribers, but this is extremely rare.
We use anonymised data about you from time to time to target advertising campaigns based on profiling the sort of person who wants to receive information from us.
Our team contacts PROSPECTIVE CLIENTS and PROSPECTIVE PRACTITIONERS from time to time in a sales and marketing sense. This is usually because you have requested a call, or because we are actively trying to let you know about something you might benefit from.
We are not, and never will be a hard sell or cold calling based organisation, we prefer to build long term relationships with satisfied and relaxed PRACTITIONER and CLIENTS.
A.4 – SOCIAL MEDIA
We have an active and growing presence on social media. If you are using social media they are holding your information according to their privacy policy.
If you engage with any of our posts or follow us, or if you contact us using social media – we keep a record of that. Your replies to us, messages you send us and any other activity linked to our posts may be seen by any of our team. Our contracts we hold in house hold us to high standards of protecting your information.
A.5 – NO SALE OR EXCHANGE OF YOUR DATA
We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes.
A.6 – DATA LOCATION AND PLATFORMS
As a small business – we do not have any tailor made software. We use mainstream packages for everything from our CLIENT and PRACTITIONER records, to email and accounting.
We have taken every step to ensure that your data is held in Europe or the UK, however many providers base their services in the USA or elsewhere. Our policy will be updated if we are made aware of local data centres being moved outside of this area.
A.7 – WE MAY SHARE SOME OF YOUR DATA WITH THESE PEOPLE
We may outsource some support for our business which may include accountants, IT Support, Virtual Assistants. They will have limited access to your data, where the service they provide to us means they need it,
For example – if we invoice you our accountant will have access to the information on your invoice.
Our team use their own software to access the data they need, their security on their own devices are part of their agreement with our business. We do not permit copying or sharing by any members of our team and monitor for breaches. Your information is held in the strictest confidence. Our team is contracted to strict confidentiality clauses.
The only backups of data are made by the person named on this policy.
If you need more information about this please contact them on the email on this policy.
A.8 – HOW LONG DO WE KEEP YOUR DATA FOR
Your information will be kept for the length of time set out in our Retention Policy (see section 1).
If you have subscribed to a newsletter or such, you will remain on that list you joined until you unsubscribe.
A.9. IF YOU WANT TO SEE WHAT DATA WE HOLD ABOUT YOU
If you would like to know what information we hold about you (if any) please email the address in this policy. Quote your name and email address(es). We may need to confirm your identity before we can proceed.
Providing we can legitimately disclose the information to you, we will happily do a search and send you what we have. This is called an SAR.
A.10. WHAT ARE YOUR RIGHTS
You have the right to know what information we are collecting on you, and to amend it if it is inaccurate.
If you feel that we have information we should not be keeping, or it is out of date or otherwise incorrect, please let us know ASAP and we will take appropriate action.
Most of the information we hold is not based on your individual consent but is based on our needing the information to run our business and provide our services.
You have a “right to be forgotten” – but that does have some legal limits to it. If you want us to remove information about you, let us know. If you have been a PRACTITIONER we may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation and our insurers requirements.
A.11. OUR LEGAL BASIS FOR PROCESSING YOUR DATA
Signing on to our newsletter lists is by your consent – and when you withdraw consent we stop processing your data.
Apart from that, the information we hold is based on our needing it to run our business and provide you with our services, either so we can perform our contract with you, or because we have a legitimate business interest in processing your data.
In a few situations we are processing personal data because we are legally obliged to. This primarily relates to our business, accounting and tax records.
SECTION B: PROSPECTIVE CLIENTS
The majority of the information we process comes from you. We process it so we can reply to you and when you contact us again we know what was asked, what you were sent and what you told us.
Typically, we are collecting name, contact details, how you came across us, background information from you by completing our forms, emailing, messaging or social media engagement.
If you sign up for newsletter lists, you will be sent what you asked for. You can unsubscribe at any time by clicking the unsubscribe button on any email.
You are not automatically subscribed to any other lists but may be invited to to join ones that are appropriate.
If we email you individually using our own email system or respond to an email sent to us at any of our business email addresses, a copy of that email will also be stored.
If you make an enquiry via our website, we will keep details of that enquiry and response for our data retention period.
SECTION C: PROSPECTIVE PRACTITIONERS
The majority of the information we process comes from you. We process it so we can reply to you and when you contact us again we know what was asked, what you were sent and you told us.
Typically, we are collecting name, contact details, how you came across us, background information from you by completing our forms, emailing, messaging or social media engagement. This includes any information you have shared on social media platforms or websites, anywhere in the public domain and regular offline marketing.
If you sign up for newsletter lists, you will be sent what you asked for. You can unsubscribe at any time by clicking the unsubscribe button on any email.
You are not automatically subscribed to any other lists but may be invited to to join ones that are appropriate.
If we email you individually using our own email system or respond to an email sent to us at any of our business email addresses, a copy of that email will also be stored.
If you make an enquiry via our website, we will keep details of that enquiry and response for our data retention period.
SECTION D: CLIENTS
Once you have requested our support we will collect further information from you from the point of your request.
This will include the information collected above from PROSPECTIVE CLIENT. We will collect your email address, phone number and postal address, you will be required to provide us with details regarding your health and wellbeing so that we can fulfil our service to you and keep appropriate records of our business relationship.
We process your data to support the delivery of the referral service you have requested. We keep records of the referrals provided to you, and the information you give us so we can support you during the time you are using our service and advise you of any additional services you may need.
D.1. THIRD PARTY DATA
As well as your own personal data, we understand that you may need to provide us with the personal data of a relative or someone you are responsible for, depending on the services you request. We hold all such information under strict confidentiality obligations, as set out in our Terms of Business.
In the event that you are acting on behalf of a minor you will need to provide parental consent, if on behalf of an adult we will need their consent and this information will be stored with your data.
D.2. PRACTITIONER DATA PRIVACY POLICY
Our trusted practitioners agree to strict confidentiality guidance when they sign up with us, which reiterates what is set out in this policy. However we advise you to refer to their own in house Privacy Policies for a more in depth view of their data management.
SECTION E: PRACTITIONERS
Once you sign up with us we will collect information from you from the point of sign up.
This will include the information we collect as a PROSPECTIVE PRACTITIONER. We collect your email address, phone number and postal address so we can provide our services, invoice you and keep proper records of our business relationship.
Additional information we collect includes, but is not limited to your holistic qualifications, insurances and experience.
We process your data to support the delivery of the services you have signed up for. We keep records of the services provided to you, and the information you give us so we can support you when needed and advise you of our contractual obligations on a regular basis.
E.1. THIRD PARTY DATA
As well as your own personal data, we understand you may need to provide us with data relating to your employees or third parties depending on the size of your practice. We hold all such information under strict confidentiality obligations, as set out in our terms of business.
E.2. FINANCIAL AND CREDIT/DEBIT CARD DETAILS
Credit/debit card payments are handled by an external secure processor in accordance with their data security policies (see section 1).
We receive limited information from our processor for us to tie up your payment(s) with your invoice/account.
If you pay us by BACS or direct transfer, we will only receive the information provided by your bank in relation to the transaction. This will typically include the account name, payment amount, transaction reference and payment date.
We do not keep credit scores or use credit reference agencies.
E.3. CONTENT AND MARKETING
As part of our service to PRACTITIONERS we share information about them on our website and social media platforms. Such information comes from you and is agreed by you in advance.
If you are wish for such content to be removed please email us at the address on this policy.
Information shared includes your name, working address, your therapies, contact information and may include images. A full list is available in your Terms & Conditions.
E.4. REFERRALS
As part of our service to PRACTITIONERS we provide CLIENTS with appropriate information for them to decide whether to connect with you. Such information includes your name, contact details and other basic information as confirmed in your Terms & Conditions.
We keep a record of any referrals we have made to you, along with any comments, reviews or suggestions we receive from CLIENTS following their referrals, including complaints (if any) and their resolution. Please see your Terms and Conditions for further guidance.
This information is needed to manage our relationships with both yourself and the CLIENT.
4. COMPLAINTS
If you have a complaint about the way we are handling your information or how we have responded to a request for information or removal, you contact us by emailing us at the email address set out in this policy.
If we are unable to resolve the matter the relevant supervisory authority can be contacted using the following details.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113