Privacy Notice- The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is introducing new legal protection for personal information, as of 25th May 2018. This tells you what personal information I gather via my website, why and what your rights are. Therapist's name: Maria Louise Wilson/Therapist's contact details: Tel: 01924 283558/07725349075/Email address: [email protected]
The purpose of processing client data
In order to give professional reflexology treatments, I wil need to gather and retain potentially sensitive information. I will only use this information for informing reflexology treatments and associated recommendations, concerning aspects of health and wellbeing, which I will offer to you. I take basic contact details and respond to initial/subsequent e-mail enquiries via my website, this enables me to communicate with you regarding reflexology sessions and to manage future bookings. I also use text messaging, regarding appointment reminders. On occasion, I send out vouchers etc. by post.
Lawful basis for holding and using client information
As a Full member of the Association of Reflexologists (AoR), I abide by the AoR Code of Ethics. The lawful basis under which I hold and use your information is : my legitimate interests, i.e. my requirement to retain the information, in order to provide you with the best possible treatment options and advice. As I hold special category data (i.e. health related informatino) the Additional Condition under which I hold and use this information is : for me to fulfil my role as a reflexologist, bound under the AoR Confidentiality as defined in the AoR Code of Practice and Ethics.
What information I hold?
The information I hold is : Your contact details/medical history/relevant health related information/treatment details and related notes. I will NOT share your information with anyone else (other than within my own practice, or as required for legal process) without explaining why it is necessary and getting your explicit consent.
How long I will retain your information?
I will keep your information for the following periods: 'claims occurring insurance' (records to be kept for 7 years after last treatment) Note: for children, records will be kept until the child is 25 or 26, if they are 17 when first treated.
Protecting your personal data
I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, practical and managerial procedures in order to safeguard and secure the information I collect from you. I will communicate with you using the contact preferences you give me in relation to: intial and subsequent enquiries; appointment reminders; reflexology/health and wellbeing information; special offers and promotions. You can change your mind at any time about my contact with yourself.
The GDPR gives you the following rights : the right to be informed; the right to access; the right to rectification; the right to erasure; the right to restrict processing of personal data; the right to data portability; the right to object; rights in relation to automated decision making and profiling and the right to lodge a complaint with the Information Commissioner's Office (ICO)
Full details of your rights can be found at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you do not agree to the therapist keeping records about you and your treatments, the therapist may not be able to treat you. Your therapist has to keep records of treatments for a certain period of time as described above, which may mean that even if you ask for them to erase any details, they might have to keep these details until after that period has passed. or may be unable to treat you. Your therapist can move their records between their computers and IT systems, as long as your details are being protected from being seen by others, without your permission.