Terms of Reference  

Louise Iredale T/As Serenity Wellbeing Gardens (“us”, “we” or “our”)   

Using our Services (the “Service”, “our services”) 


Privacy Policy  


  1. Information about us 

Louise Iredale T/As Serenity Wellbeing Gardens is the owner and operator of https://serenitywellbeinggardens.co.uk/ (our website) and any applications and/or digital channels provided by us for the purpose of accessing our website, digital media or other services.   


  1. Contact us 

If you would like any information about Louise Iredale T/As Serenity Wellbeing Gardens and its activities, you can contact us by email louiseiredale@serenitywellbeinggardens.com 

If you have any queries relating to this Privacy Policy, please contact us by email louiseiredale@serenitywellbeinggardens.com 


  1. Privacy Policy 

This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data.  


We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our contracted Terms and Conditions, accessible from https://serenitywellbeinggardens.co.uk/ 


  1. Our policy 

We are committed to protecting and respecting your privacy.  

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our policy and practices regarding your personal data and how we will treat it.  


For the purpose of compliance with UK Data Protection Law, the data controller is Louise Iredale


ICO Application Number: C1145666



  1. How do we collect information? 

Your personal data, any information which identifies you, or which can be identified as relating to you personally, for example, and not limited to: name, address, phone number, email address criminal checks (employees) and health data will be collected and used by us. For more information about how we process special category and criminal data please review our Appropriate Policy Document. 

We obtain personal information from you when you enquire about our services, register with us, become an employee, send or receive emails, ask a question or otherwise provide us with personal information.  

We collect personal data in connection with specific activities such as:   

  • Providing and maintaining services  
  • Notifying you about changes to our services  
  • Participating in interactive features of our services when you choose to do so  
  • Providing customer care and support  
  • Providing analysis or valuable information so that we can improve the service  
  • Monitoring the usage of the Service  
  • To detect, prevent and address technical issues  
  • Conducting research  

Examples of ways that you may share your personal data with us are by:  

  • Completing electronic and paper forms  
  • Registering on our website  
  • Social Media functions  
  • Digital Applications  
  • Taking part in a survey 
  • Corresponding with us by phone, email, social media or letter  
  • Using our services  

We will inform you at the point of collection what the purpose of the data processing is and provide you with the relevant information to access this Privacy Policy.  



  1. What information do we collect? 

The personal information we collect will depend on the nature of the data processing requirement. For example, including, but not limited to; your name, email addresses, postal addresses, telephone numbers, payment details, health data and criminal checks (employees) 

Certain personal information is categorised by UK data protection law as ‘special category data’ and ‘criminal data’. We are required by law to process special category data relating to health to provide our services. We are required by law to ensure that an individual working in regulated activity with a vulnerable group is not barred from doing so. This forms the basis of a legal requirement to request DBS checks with barred lists in the recruitment process. 


We gather cookie data from our website, for more information see section 8.  



  1. How do we use this information? 

Depending on your relationship with us, we will use your personal information for the following purposes:  

  • to provide you with our services or information you have requested  
  • to administer our services  
  • for general administration purposes, such as handling your enquiries  
  • to carry out research and analyse trends  
  • to comply with statutory and regulatory compliance  
  • to assess insurance risk and to prevent and detect fraud  

We share your information with service providers for educational needs and safeguarding purposes. We never sell your information to other organisations.  



  1. Use of Cookies 

What are cookies?  

Cookies are files created by websites you’ve visited that store browsing information, such as login information. There are two types of cookies used by this website: first-party cookies, which are set by us, and third-party cookies, which come from services provided by another supplier on our behalf.  

Cookies are not dangerous and are not viruses. They are small pieces of text, not programmes, and do not cause any damage to your computer, tablet or mobile device.  

Why we use cookies  

We use a number of cookies across our website (see the lists below for full details). Cookies make your use of the website easier and quicker, by remembering your browser and computer settings.   

We also use cookies to monitor your use of the website. This monitoring is completely anonymous. We don’t collect any personal data about you.  

Types of cookies  

Strictly necessary cookies  

These cookies are essential, as they enable you to move around the website and use its features, such as accessing secure areas. Without these cookies, services you’ve asked for can’t be provided. These cookies do not gather information about you.  

Performance cookies  

These cookies anonymously collect information about how you use a website, for example which pages you go to most often and if you get error messages from certain pages. These cookies do not gather information that identifies you. All information collected under a Performance Cookie is anonymous and is only used to improve how a website works.  

Functionality cookies  

Functionality Cookies allow a website to remember choices you make (such as your username, language or the region you are in) tailoring the website to provide enhanced features and content for you. These cookies can also be used to remember changes you have made to text size, font and other parts of pages that you can customise. They may also be used to provide services within the webpage e.g. watching a video, giving feedback, commenting on a post or connecting to a social media platform. The information collected by Functionality Cookies collect is anonymous and cannot track your browsing activity on other websites.  

Targeting cookies  

We do not use Targeting cookies. Websites can use these cookies to tailor marketing to you and your interests.   

Granting us permission to use cookies  

When visiting our website, you will be asked to opt in/give consent for the use of performance and functionality cookies, as described above these cookies will enhance your experience on our website without collecting any personal data.   

How to control and delete cookies  

We will not use cookies to collect personally identifiable information about you. However, if you wish to restrict or block the cookies which are set by our website, or indeed any other website, you can do this through your browser settings. The Help Function within your browser should tell you how.  

Additionally, you may wish to visit www.aboutcookies.org which lists instructions for all the main, current web browsers. For mobile devices, you should refer to the manufacturer’s website.  



  1. How we use personal data to conduct research 

We carry out research to generate feedback on your experiences. We use this feedback to improve the experience that we offer and ensure we know what is relevant and interesting to you. If you choose to take part in research, we’ll tell you when you start what data we will collect, why and how we’ll use it. All research conducted is optional and you can choose not to take part. We will not share your personal data with any third party for research purposes.  



  1. How do we protect your personal information? 

We take appropriate measures to safeguard personal information that is disclosed to us and keep it secure, accurate and up to date.   



  1. How do we store your information, and do we send it outside the European Economic Area? 

We do not directly transfer your data outside of the EEA. We store digital data on secure cloud-based services including Site Ground Web Servers and Microsoft (Document storage).  



  1. Will we sell or disclose the information we collect to third parties? 

We will never sell your data. We will only disclose your information if required by law, for example to government bodies and law enforcement agencies.   



  1. Links to other websites 

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and third parties. If you follow a link to another website, please note that such websites have their own Privacy Policies and once you have entered another site, we do not accept any responsibility or liability. Please check individual website policies before you submit any personal data.   

This Privacy Policy applies solely to the personal data collected by Louise Iredale T/As Serenity Wellbeing Gardens



  1. What is the lawful basis for processing personal data? 

Collecting, processing and using personal data is permitted only under a lawful basis. The lawful basis that we operate under are listed below, along with the data processing activities that fall under them.  

  1. Necessary for the performance of a contract  

When you purchase our service we will process your personal data, certain processing activities are considered necessary for the performance of the contract between you and us to provide our services to you.  

  1. Legitimate interests  

We may contact you with offers and services which we feel are relevant to you. This includes informing you of products and services provided by us. Legitimate Interest considers the balance between taking into account your own interests and our services offered. You can object to communications at any time by contacting Data Protection in a Box.  

  1. Legal obligations  

There are circumstances when we are required to process personal data in order to meet our legal obligations. Processing data under this basis can relate to educational needs, safeguarding and child protection requirements, financial data, insurance, information and HMRC reporting requirements. When processing on the basis of legal obligations, you have no right to erasure or right to object.  

  1. Consent  

When we rely on the lawful basis of consent to process personal data, it must be freely given, specific, informed, and an unambiguous indication of agreement. If you have provided consent, you have the right to withdraw it at any time.   



  1. How long do we keep personal data for? 

We retain personal data for no longer than is necessary. What is necessary is dependent on each data type, taking into account the reasons that the personal data was obtained, but if relevant, the length of retention is determined in a manner consistent with legal and regulatory obligations.  

We have a Data Retention Policy and Schedule that sets out retention periods for the different kinds of data we might hold about you. If you would like to find out more about this policy, please contact us on the details above.  



  1. What are my data subject rights? 

Under UK Data Protection Law, a data subject is considered to be ‘an individual who is the subject of personal data’.   

Data subjects have certain rights and by exercising these rights, you can make requests regarding your personal data.  A summary of these rights is explained below.  

The Supervisory Authority that regulates and enforces Data Protection Law in the UK is the Information Commissioner’s Office (ICO) and additional information and guidance about these data subject rights can be found on their website; https://ico.org.uk/


  1.  Right to be informed  


At the point of collecting personal data from you, we must provide you with information such as the purpose and rationale for the processing of that data.  


  1. Right of access  


This right provides you with the ability to access to your personal data that is being processed by us. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your requested personal data. The information will be provided free of charge unless the request is manifestly unfounded or excessive; in those cases, the request may be refused, or a reasonable fee charged.  


  1. Right to rectification  


This right provides you with the ability to ask for modifications and rectification to your personal data in the event you believe that your personal data is not up to date or accurate.  


  1. Right to erasure  


Also known as ‘the right to be forgotten’ this right, under certain circumstances, provides you with the ability to ask for the deletion of your personal data. We may refuse to fulfil the right to erasure if there is legal reason why the personal data must be retained, the grounds are not valid or if the data is required for use in the defence of a legal claim.  


  1. Right to restriction of processing  


You have the right to restrict the processing of your personal data where you have a particular reason for wanting the restriction. This may be because you have concerns with the personal data we hold about you or how we have processed your data.    


  1. Right to data portability  


This right provides you with the ability to ask for a copy of or a transfer of your personal data, in a certain format. You may ask for your personal data to be provided back to you or transferred to another data controller. When doing so, the personal data must be provided or transferred in a structured, commonly used and machine-readable format.  


  1. Right to object  


You have the right to object to the processing of your personal data, including marketing activities and profiling, on grounds relating to your particular situation. If you make such an objection, we will cease to process the personal information unless;  

  • we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms  
  • the processing is for the setting to exercise or defend a legal claim.  


  1. Right to object to automated processing  


This right provides you with the ability to object to a decision based solely on automated processing, including profiling. We do not use automated processing but if we did, under this right, you may ask for your processing to be reviewed manually and with human intervention.  


Exercising your data subject rights  

To make a Data Subject Access Request please use the following method:

  • Email  – louiseiredale@serenitywellbeinggardens.com 


We may request further information from you to help us verify your identity.  

Once we have all the information necessary to respond to your request and have confirmed your identity, we will locate your information and manage your request without undue delay and in any event within one calendar month. Note that this timeframe may be extended by two further months if your request is particularly complex or there is a large volume of requests.  



  1. Payment card security 

We do not offer payment via our website. An invoice will be generated and include payment terms. 



  1. Making a complaint 

If you think your data has been misused or that we have not kept it secure, please contact us using the contact details provided in section 2 and we will investigate any concerns you may have. If you are unhappy with our response or if you need any advice, you should contact the Information Commissioner’s Office (ICO).  

The telephone number for the ICO Helpline is 0303 123 1113 or you can also chat online with an advisor.  

The ICO can investigate your claim and take action against anyone who has misused personal data. You can also visit their website for information at https://ico.org.uk/concerns/.  



Last update  

This Privacy Policy (Version1.0) was last updated on18thJuly 2022.