GENERAL DATA PROTECTION REGULATION (GDPR) -
Privacy Policy
GDPR is bringing in new legal protection for personal information from 25 May 2018. This document confirms that I comply with Data Protection laws (Data Protection Act 1998) and follow best practice. It advises you what personal information I hold and why, and what your rights are.
Therapist’s Name: Sue Spinks trading as Pura Serenita
Telephone No: 07863 349897
Email address: sue@puraserenita.com
The Purpose of processing Client Data:
I hold and only use client data to provide you with the best possible treatment, service and aftercare advice. It is also held for Inland Revenue accountability and insurance protection.
What information I hold and what I do with it:
As a member of Association of Reflexologist AoR and Federation of Holistic Therapist FHT, I am legally obliged by the Code of Practice and Ethics which is set out by the association and federation that are lawfully basis under which I hold and use your information in retaining medical and health data.
When carrying out the initial consultation and ongoing treatments for either Reflexology or Bodywork Massage I will need to gather and retain potentially sensitive information about your health and lifestyle. This information is only used in reference to your health and general wellbeing applied at the point of all treatments you receive and any aftercare advice.
Information is retained as per our initial consultation and then ongoing medical changes and wellbeing updates from consequent sessions for both bodywork massage and reflexology treatments. All information obtained is relevant and not excessive.
Information includes:
• Your contact details – name, address, contact details, date of birth. I also hold general information on your lifestyle and wellbeing
• Medical history and general health details
• Treatment details and notes that I made during the treatments
• Occasionally photographs to compare before and after visuals with your permission
I will NOT share your information with anyone else (other than required for legal process) without first explaining why it is necessary, and getting your explicit consent beforehand.
It may be helpful for me to share your information with your GP, healthcare practitioners or other CAM (Complementary and Alternative Medicine) therapists when a referral has been made to me or I am referring you to another therapist. The information to be shared by me would only be in relation to the treatment given and the results from that treatment.
It is also to assist in the treatment of specific health related problems; however your personal contact details are never disclosed for this reason.
Your data will only be transferred with your consent.
My legitimate interest is to hold and update your information to provide you with the best possible treatment options.
My requirement to hold your information for the following legal reasons:
- For insurance claims records must be retained for seven years after last treatment
- CNHC (Complimentary and Natural Healthcare Council) which I am a member, requires therapists to retain information for eight years after the last treatment
Protecting Your Personal Data:
I am committed to ensuring that your personal data is secure, thus preventing disclosure to unauthorised persons. I do not make electronic files however in the event that I am asked to send details to a third party, and only with your consent, the data will be forwarded in pdf password protected format. All health records are in paper format, access is not made available to anyone other than Sue Spinks (except in accordance with legal requirements for the Data Protection Act). No records are transferred, unless you consent. Emails and text messages with appointment timing details and aftercare advice are held on electronic devices with a strong password, never shared, and always locked when unattended.
I will contact you using the contact preferences you give me in relation to:
• Confirming appointment times (phone, text or email)
• Providing information related to your health in aftercare format (email or post)
Your Rights:
GDPR gives you the following rights:
• The right to be informed: To know how your information will be held and used, as explained in this document.
• The right of access and rectification: To see your therapist’s records of your personal information, so you know what is held about you and can tell your therapist to verify personal information if it is incorrect or incomplete.
• The right to erasure (also called “the right to be forgotten”): You can request that your therapist erases any information they hold about you however this can only been done after a seven year period post your last treatment date. This is in accordance with insurance regulations
• The right to restrict processing of personal data: You have the right to request limits on how your therapist uses your personal information.
• The right to data portability allows you to request a copy of personal information.
• The right to object enables you to be able to advise your therapist you don’t want them to use certain parts of your information, or only to use it for certain purposes.
• Rights in relation to automated decision-making and profiling.
• The right to lodge a complaint with the Information Commissioner’s Office if you feel your details are incorrect, used in a way that you have not given permission for, or if they are being stored when they don’t have to.
Full details of your rights can be found at https://ico.org.uk/for-organisations/guide- to-the- general-data-protection-regulation-gdpr/individual-rights/
If you are dissatisfied with the response you can complain to the Information Commissioner's Office; their contact details are at: www.ico.org.uk
Therapist’s Rights:
Please note:
• If you do not agree to your therapist keeping records of information about you and your treatments, or if you don’t allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you.
• Your therapist has to keep your records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, the therapist may have to keep these details until the set time scale has lapsed.
• Your therapist can move records between their computers and IT systems, as long as your details are protected from being seen by others without your permission.
Hard copies of this document will be provided at our first treatment, one for you to sign in order to confirm that you have understood and accepted my privacy statement and your rights under the GDPR and one for you to keep for your own records.