GDPR and Privacy Notice
GDPR is bringing in new legal protection for personal information from 25th May 2018. The stills you what personal information I hold and why, and what your rights are.
I can also confirm that I will not hold any of your health or medical details electronically, I will only store your preferred contact detail and name. These are stored on my encrypted phone, iPad and laptop. This means:
- If your initial contact is done by email, I will store your email address alongside your name and all appointment reminders will be sent that way.
- If your initial contact is done by text/phonce call I will store your number alongside your name and all appointment reminders will be sent that way.
- If your initial contact is made by facebook messenger, then all appointment reminders will be sent that way.
Therapists Name : Claire Barns
Telephone Number: 07935205124
Email: [email protected]
Data Controller Contact Details : Claire Barns
Data Protection Officer: Claire Barns
The Purpose Of Processing Client Data
I hold and use client data in order to provide you with the best possible treatment options support and advice.
Lawful Basis for Holding and using Client Information
The lawful basis under which I hold and use for information:
- my legitimate interests i.e my requirement to retain the information in order to provide you with the best possible treatment options and advice
- my requirement to hold your information for the following legal reasons:
1) 'claims occurring' insurance (records to be kept for 7 years since last treatment)
2) Law regarding children records( records to be kept until child is 25 or if 17 when treated then 26)
As I hold special category data (i.e health related information) the ADDITIONAL CONDITION under which I can hold and use this information is: for me to fulfil my role as a health care practitioner bound under the AoR confidentiality as defined in the AoR Code of Practice and Ethics.
What Information I Hold and What I Do With It
In order to give professional reflexology treatments, I will need to ask for and keep information about your health. I will only use this for informing reflexology treatments and any advice I give as a result of your treatment. The information to be held is :
- Your Contact Details
- Medical History and other health related information
- Treatment details and related notes
I will NOT share your information with anyone else (other than within my own practice, or as required for legal process) without explaining why it is necessary, and getting your explicit consent.
Your Data Will/Will Not Be Transferred outside the EU Without Your Consent
This section will be updated once gmail Have confirmed if they are GDPR compliant.
Proteting Your Personal Data
I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put into place appropriate technical, physical, and managerial procedures to safeguard and secure the information we collect from you.
- All medical and treatment records are stored on paper and kept in a locked filling cabinet.
-All details relating to your chosen method of contact are stored on an encrypted phone, iPad and laptop.
- Any pre-treatment questionnaires returned by email are printed upon receipt and the email is deleted permanently form our account
I will contact you using the contact preferences you have given me.
GDPR gives you the following rights:
- The right to be informed, to know how your information will be held and used ( this notice)
- The right of access, to see your therapists records of your personal information, so you know what is held about you and can verify it.
-The right to rectification, to tell therapists to make changes to our personal information if it is incorrect or incomplete
-The right to erasure (also called the right to be forgotten), for you to request your therapist to erase any information they hold about you.
- The right to restrict processing of personal data, you have the right to requests limits on how the therapist uses your personal information.
-The right to data portability, under certain circumstances you can request copy of personal information held electronically you can reuse it in other systems
-The right to object, to be able to tell your therapist you dont want them to use certain parts of your information, or to only use it for certain purposes.
- Rights in relation to automated decision-making and profiling.
-The right to lodge a complaint with the Information Commissioners Office, to be able to complain to the ICO if you feel your details are not correct or if they are being used in a way that you have given permission for , or being stored when they don't have to be.
Full details of your rights can be found at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individuals-rights/.
If you wish to exercise any of these rights , please email: [email protected]
If you are dissatisfied with the response you can complain to the Infrmation Commissioners Office; their contact details can be found at : www.ico.org.uk
-If you do not agree to your therapist keeping records of information about you and your treatments, or if you don't allow them to use the information in the way they need for treatments the therapist will NOT be able to treat you.
-Your therapist has to keep records of treatment for a certain period of time (see section Lawful basis for holding and using client information) for more details. this may mean if you ask them to erase any details about you, they might keep these details until after that period has passed.
- Your therapist can move their records between their computer and IT systems, as long as your details are protected from being seen by others without your permission.
We will collect all your medical details and personal information at your first appointment. At this appointment you will also be asked to sign a copy of this agreement and we will complete contact preferences form. Both of these will be kept on your file.
You will be offered a hard copy to take away with you too.