Last Updated 24/09/2019
Treat Privacy Statement
WHO IS COLLECTING MY DATA?
This Privacy Statement explains how Onsite Treat Services Ltd www.treat.ie will process your professional and personal information in accordance with the General Data Protection Regulation 2016 (GDPR) effective from May 25th 2018, replacing the existing data protection framework under the EU Data Protection Directive.
As data controllers, Treat employs appropriate technical and organisational measures to meet the requirements of GDPR and ensures that all processors do the same.
We collect personal information from you when you apply for one of the services which we offer, this may be via an online form, a video consultation, a follow-up question, a telephone call, an email or other means. It is necessary for us to collect sensitive data (such as medical information) relating to you so that our team can make a decision if the service (and treatment) is safe and suitable for you. We collect your email and mobile number so that our team can contact you if required.
Should you contact us by any electronic format, including Web Chat, online form messages, phone, or email or by any other method – we may hold the content, contact details and any additional information you provide to us on record for future reference and use by Treat.
If you give us your credit card details then we will process payments using Secure Sockets Layer (SSL) security but we will not keep a record of your card details on our servers.
PRIVATE PRACTICES AND DIRECT MARKETING
We will never use your data for direct marketing purposes without your consent. At any time you may opt out (i.e. refuse the use of your personal data), including at the time the data is collected, or on every subsequent marketing message. Unsubscribing will always be free of charge and fully respected.
It should be noted that other methods of communication (confirmation of appointments or reminders, etc.) do not fall under “direct marketing”, however consent will still be collected for this. Booking reminders made through our third-party sites and portals have their own privacy policies and will be available to view on booking portal. Confirmation of booking is taken as consent to send you booking reminders and confirmation or payment receipts when applicable.
WHAT TYPE OF DATA IS COLLECTED?
Treat complies GDPR as set forth by the European Union regarding the collection, use, and retention of personal data from European Union member countries. Treat has certified that it adheres to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement.
We collect two types of data: personal data, and sensitive personal data.
WHAT IS MY DATA BEING USED FOR?
When you contact Treat to avail of or enquire about any of our services via a form on our website or by phone, we will ask you to provide your name, email address, the company you work with, your work phone number, your job title and the number of employees working at your company.
This information provided will be used by Treat to:
When we communicate with you regarding our products and services for the first time we will give you the option to “opt-in,” and on every subsequent communication there will be an option to “unsubscribe.” If you subscribe to our email newsletter, we use email tracking to record and save your email address to your subscriber record to monitor and store your preferences.
If you are using one of our pop up health and wellness practitioners, your personal data is being collected during service in order to provide you with the service and record engagement. We will not share any of your sensitive data with your employer. We may share your personal data such as full name, service and time/date with your employer only if the service is being paid for or co paid by your employer. Your employer will receive a company overview report containing only anonymised and aggregated data about the pop up health and wellness engagement and utilisation of services of their employees as a whole.
When you attend a Treat pop up health Service you may be asked to provide further sensitive data to allow your service provider to:
(As Treat and its sister company Spectrum Health avail of the same diary booking system for services your appointment and service type will be visible to essential personnel across Spectrum 10x’s subsidiary companies, which in some instances will include non-Spectrum 10x personnel for the purposes of health and safety, and providing meeting and greeting services. These non Spectrum personnel will be bound by confidentiality contracts. Treat will never share your personal information with any other third party without your consent unless required to do so by law.)
Treat will never share your personal or sensitive information with any other third party, including your employer, without your consent unless required to do so by law.
WHAT HAPPENS TO MY DATA?
All of your personal and health data is stored securely, offsite and in electronic format on a Customer Management System. All electronic communications are hosted within platforms which are SSL-secure, password protected and encrypted. Treat has adequate measures in place to ensure that your information is held securely, within the EU. Any personally identifiable information you elect to make available publicly on our sites – e.g. posting comments on any of our blog posts – will be available to others.
WHO HAS ACCESS TO MY DATA?
Access is restricted to essential personnel of Treat
We may provide non-personal data to third parties, where such information is combined with similar information of other users of our website. For example, we might inform third parties regarding the number of unique users who visit our website, the demographic breakdown of our community users of our website, or the activities that visitors to our website engage in while on our website.
The third parties to whom we may provide this information may include, commercial partners, sponsors, licensees, researchers, sister companies and other similar parties. We will never disclose your Personal Data to third parties unless you have consented to this disclosure or unless the third party is required to fulfil your order (in such circumstances, the third party is bound by similar data protection requirements).
We will disclose your Personal Data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirements.
HOW LONG IS MY DATA HELD FOR?
Your data will be held by Treat as long as is legally required. After the required retention period has been fulfilled we will securely destroy the data held.
WHAT ARE MY RIGHTS?
You can contact us at any time to:
Any request should be put in writing and will be responded to, by us within 30 days. Please contact us either by email at DPO@Treat.ie or by post at 95 Merrion Square West, Dublin 2. All correspondence should be marked for the attention of our GDPR team.
For your protection, we may need to verify your identity to process your request.
USE OF TREAT WEBSITES
Like most websites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website.
This Non-Personal Data comprises of information that cannot be used to identify or contact you; such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our websites.
Any external links to other websites are clearly identifiable as such, and we are not responsible for the content or the privacy policies of these other websites.
You are always free to decline our cookies, if your browser permits, or to ask your browser to indicate when a cookie is being sent. You can also delete cookie files from your computer at your discretion. Note that if you decline our cookies or ask for notification each time a cookie is being sent, this may affect your ease of use of this website.
FACEBOOK CONVERSION TRACKING PIXEL
Treat may, from time to time, use Facebook Advertising, Facebook Pixel Re-Marketing, and communications or any other platforms under the ownership of Facebook including but not limited to Instagram. This tool allows us to understand and deliver ads, making them more relevant to you. The collected data remains anonymous, and we cannot see the personal data of any individual user.
However, the collected data is saved and processed by Facebook. Facebook may be able to connect the data with your Facebook account and use the data for their own advertising purposes (in accordance with Facebook’s Data Use Policy found under:
Treat may, from time to time, utilise Google’s remarketing technology. This allows us to display relevant ads based on the pages on the Spectrum website you have viewed. The advertisements will be displayed using cookies. This cookie will not record any personal information or identify you personally.
Google has its own data protection policy which can be accessed here:
Treat may, from time to time, utilise Acuity’s scheduling technology; a Squarespace owned service. This tool allows us to display, store and organise our customer appointments. When booking an appointment with this tool, you consent to have your data saved and processed by Acuity.
Acuity has its own data protection policy which can be accessed here:
We take our security responsibilities seriously, taking all reasonable steps, including appropriate technical and organisational measures to protect your data. We review our security measures regularly.
If you have reason to believe that your interaction with us is no longer secure, please contact us immediately via email firstname.lastname@example.org or phone +353-1-5180492.
SALE OF BUSINESS
We reserve the right to transfer information (including your personal data) to a third party in the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets of our company in the following cases:
You will be notified in the event of any such transfer and you will be afforded an opportunity to opt-in.
UPDATES TO THIS PRIVACY STATEMENT
We may change this privacy statement, however the “last updated” date will always be listed at the top of this page. Any changes will be effective immediately.