Privacy Policy

Privacy Policy for NATURAL GREEN HERB AND ACUPUNCTURE LIMITED

 

Effective Date: July 11, 2025

This Privacy Policy describes how NATURAL GREEN HERB AND ACUPUNCTURE LIMITED (referred to as "the Clinic," "we," "us," or "our") collects, uses, processes, and protects the personal data of visitors and customers ("you" or "your") of our website, located at [www.tcmclinic.ie] (the "Website").

We are committed to protecting your privacy and complying with our obligations under the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the relevant Irish data protection legislation.

 

1. About Us

 

NATURAL GREEN HERB AND ACUPUNCTURE LIMITED Registered Address: Unit 122C, Stephen's Green Shopping Centre, Saint Stephen's Green, Dublin 2, D02 TD66, Ireland

 

2. Contact Details for Privacy Inquiries

 

If you have any questions about this Privacy Policy or our privacy practices, or if you wish to exercise any of your data protection rights, please contact our Privacy Team / Customer Service Team via:

  • Email: info@tcmclinic.ie

 

3. Data We Collect

 

We collect various types of personal data from you when you interact with our Website, make purchases, or book appointments.

3.1 Data You Provide Directly to Us:

  • Customer/User Account & Order Data:

    • Name

    • Email address

    • Phone number

    • Billing address

    • Shipping address

    • Payment information (processed by Shopify Payments; we do not store your full payment card details)

    • Purchase history of services and products

    • Customer account login information (passwords are encrypted)

  • Appointment/Service Booking Data:

    • Name

    • Email address

    • Phone number

    • Desired appointment time

    • Selected service type

    • Note on Sensitive Data: Our booking system does not include free-text note fields designed for collecting sensitive personal data, such as health information. We kindly ask you to refrain from submitting any such sensitive information through other general communication channels unless specifically requested and with your explicit consent.

3.2 Data We Collect Automatically (via Shopify and website analytics):

When you visit our Website, certain information is automatically collected, primarily to ensure the Website's functionality, security, and for analytical purposes. This may include:

  • IP address

  • Browser type and version

  • Device information (e.g., mobile, tablet, desktop)

  • Pages visited on our Website

  • Time spent on pages

  • Referring source (the website that led you to ours)

  • Cookies and other tracking technologies (as detailed in Section 6)

 

4. How We Use Your Data and Our Legal Basis for Processing

 

We use your personal data for the following purposes, relying on specific legal bases as required by GDPR:

  • To Fulfil Orders and Provide Services (Legal Basis: Contractual Necessity):

    • To process your service appointments and payments.

    • To manage your product orders and delivery.

    • To provide customer support related to your purchases and bookings.

  • For Website Administration and Improvement (Legal Basis: Legitimate Interest):

    • To operate, maintain, and improve the functionality and user experience of our Website.

    • To analyze Website usage patterns and understand how visitors interact with our content.

    • To ensure the security of our Website and prevent fraudulent activities.

  • For Legal and Compliance Purposes (Legal Basis: Legal Obligation):

    • To comply with our legal obligations, such as tax laws and consumer protection regulations.

    • To resolve disputes and enforce our agreements.

  • For Communication (Legal Basis: Legitimate Interest or Consent, if applicable):

    • To respond to your inquiries and provide necessary information about your bookings or orders.

    • Note on Marketing: We do not collect email subscription information for marketing communications (e.g., newsletters, promotions) and do not send unsolicited marketing emails.

 

5. How We Share Your Data

 

We may share your personal data with the following categories of third-party service providers to facilitate our operations and provide you with services:

  • Shopify Inc.: As our e-commerce platform provider, Shopify processes data necessary for the operation of our online store, including customer accounts, orders, and website analytics.

  • Shopify Payments: For secure payment processing, your payment information is handled by Shopify Payments. We do not store your full payment card details on our servers.

  • Appointly: Our chosen appointment booking application, Appointly, processes your booking-related data (name, email, phone, service type, appointment time) to manage your scheduled sessions.

  • An Post: For the delivery of physical herbal products, we share necessary shipping information (name, shipping address, phone number) with An Post.

  • Website Analytics Services: We use analytics tools (such as Shopify's built-in analytics) to understand Website usage. These services may collect data like IP address, browser type, and pages visited, typically in an aggregated or anonymized form.

  • Legal or Regulatory Authorities: We may disclose your personal data if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such action is necessary to comply with legal obligations.

  • Other Service Providers: We may also share data with other third-party service providers who assist us in operating our Website or providing our services (e.g., IT support, customer service platforms), provided they adhere to strict data protection and confidentiality obligations.

 

6. Cookies and Tracking Technologies

 

Our Website uses cookies and similar tracking technologies to enhance your Browse experience, remember your preferences, analyse Website usage, and ensure security.

  • What are Cookies? Cookies are small text files placed on your device by websites that you visit. They are widely used to make websites work more efficiently and to provide information to the website owners.

  • How We Use Cookies: We use cookies for:

    • Strictly Necessary Cookies: Essential for the Website to function correctly (e.g., remembering your shopping cart, login status).

    • Analytical/Performance Cookies: To collect information about how visitors use our Website (e.g., which pages are most popular), helping us improve the Website's performance.

    • Functionality Cookies: To remember your choices and provide enhanced, more personal features (e.g., language preference).

  • Your Choices: Upon your first visit, a cookie consent banner is displayed. You have the right to accept or decline certain non-essential cookies. Most web browsers also allow you to control cookies through their settings, but disabling certain cookies may affect the functionality of our Website.

 

7. Data Security

 

We are committed to ensuring the security of your personal data. We implement appropriate technical and organisational measures, including encryption, access controls, and secure hosting environments, to protect your data from unauthorised access, alteration, disclosure, or destruction.

 

8. Data Retention

 

We will retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The retention period will vary depending on the type of data and the purpose of processing. For example, data related to contracts and financial transactions will be retained for a longer period as required by tax and company law (typically 5-7 years in Ireland). Customer service records may be retained for a reasonable period after your last interaction.

 

9. Your Data Protection Rights (GDPR Rights)

 

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request a copy of the personal data we hold about you (Data Subject Access Request - DSAR).

  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.

  • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data under certain conditions.

  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.

  • Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

  • Right to Object: You have the right to object to our processing of your personal data under certain conditions.

  • Right to Withdraw Consent: If we are relying on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that our processing of your personal data infringes GDPR. In Ireland, the supervisory authority is the Data Protection Commission (DPC).

To exercise any of these rights, please contact us using the details provided in Section 2.

 

10. International Data Transfers

 

As we use global service providers like Shopify, your personal data may be processed and stored in countries outside the European Economic Area (EEA), including the United States. When transferring data outside the EEA, we ensure that appropriate safeguards are in place, such as reliance on Standard Contractual Clauses (SCCs) approved by the European Commission, to provide a level of data protection equivalent to that within the EEA.

 

11. Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. Any changes will be posted on this page with an updated "Effective Date." We encourage you to review this Privacy Policy periodically.

 

12. Contact Us

 

If you have any questions or concerns about our Privacy Policy or your personal data, please do not hesitate to contact our Privacy Team / Customer Service Team at info@tcmclinic.ie.