YOUR PERSONAL INFORMATION - GENERAL DATA PROTECTION REGULATION (GDPR)
GDPR is bringing in new legal protection for personal information from May 2018. This tells you what personal information I gather via my website, and why, and what your rights are.
Therapist’s Name/Identity: Dr Emily Hughes
Therapist’s Contact Details:
Telephone No: 01865 981420
Email address: [email protected]
Address: Lashford Lane, Dry Sandford, OX13 6EB
Data Controller Contact Details: As above
The Purpose of processing Client Data
In order to give professional reflexology treatments, I will need to gather and retain potentially sensitive information about your health. I will only use this information for informing reflexology treatments and associated recommendations concerning aspects of health and well-being which I will offer to you. I take basic contact details and information via my website to allow me to contact you and handle bookings.
I have registered with the ICO and this is renewed automatically each year.
Lawful Basis for holding and using Client Information
As a full member of the Association of Reflexologists, I abide by the AoR Code of Practice and Ethics. The lawful basis under which I hold and use your information is my legitimate interests, i.e., my requirement to retain the information in order to provide you with the best possible treatment options and advice.
As I hold special category data (i.e., health related information), the Additional Condition under which I hold and use this information is: for me to fulfil my role as a health care practitioner bound under the AoR Confidentiality as defined in the AoR Code of Practice and Ethics.
What information I hold and what I do with it
In order to give professional reflexology treatments, I will need to ask for and keep information about your health. I will only use this for informing reflexology treatments and any advice I give as a result of your treatment. The information to be held is:
I will NOT share your information with anyone else (other than as required for legal process) without explaining why it is necessary and getting your explicit consent.
How Long I Retain Your Information for
I will keep your information for the following periods:
Your data will not be transferred outside the EU without your consent.
Protecting Your Personal Data
I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information I collect from you.
I will contact you using the contact preferences you give me in relation to:
GDPR gives you the following rights:
Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
If you wish to exercise any of these rights, please use the contact details given above.
If you are dissatisfied with the response you can complain to the Information Commissioner's Office; their contact details are at: www.ico.org.uk
A hard copy of this document will be provided at a first treatment for you to sign to confirm that you have understood and accepted my privacy statement and your rights under the GDPR.