YOUR PEACE OF MIND
As a Complementary Therapist, I am required to note personal information about clients. This information is kept secure, and no personal data is shared with 3rd party organisations. The only exception to data sharing is where there is a safeguarding concern relating to a child or vulnerable adult perceived to be at the risk of harm, in which case data may be shared with the necessary safeguarding agencies. I do not sell, rent or trade any personal information (including your email) with any other another person or business for marketing purposes. However, as is the case with all businesses, it’s important for me to be able to communicate with my clients. The following policy aims to provide a brief outline of how, when and why I may collect and store personal information, what it’s used for, and the limited conditions under which I may disclose this information to other parties.
Blissful Moments Holistic Therapies needs to gather and use certain information about individuals. These can include clients, suppliers, business contacts, employees and any other people that Blissful Moments Holistic Therapies has a relationship with, or may need to contact. My data protection policy is designed to:
- Comply with current data protection law and follow good practice
- Be completely open about how I store and processes an individual’s data
- Put in place measures to protect against the risk of data breach
- Protect the rights of any staff, clients, or partners
CURRENT DATA PROTECTION LAW
The Individuals Rights:
- The right to be informed
- The right of access
- The right of rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- The right not to be subject to automated decision making, including profiling.
The Organisations Principles:
- Data is collected, used, and stored:
- In a fair and transparent manner
- Is collected for specific reasons, and only used for those specified reasons
- Is adequate, relevant, and limited to what is necessary
- Is accurate, and kept up-to-date
- Kept in an identifiable form for no longer than necessary
- Held securely to prevent inappropriate access, loss, or disclosure
This policy applies to Blissful Moments Holistic Therapies, clients, contractors, suppliers, and other people Blissful Moments Holistic Therapies has a relationship with. It applies to all data that the business holds relating to identifiable individuals, even if that information technically falls outside of the GDPR. This can include:
- Names of individuals
- Postal addresses
- Email addresses
- Telephone numbers
- Plus any other information relating to individuals
Lynda Bliss of Blissful Moments Holistic Therapies is ultimately responsible for ensuring that Blissful Moments Holistic Therapies meets its legal obligations.
LYNDA IS REPONSIBLE FOR
- Reviewing all data protection procedures and related policies, in line with the GDPR.
- Handling data protection questions from clients and anyone else covered by this policy.
- Dealing with requests from individuals to see the data that Blissful Moments Holistic Therapies holds about them.
- Ensuring all systems services and equipment used for storing data meet acceptable security standards.
- Performing regular checks or scans to ensure security hardware and software is functioning properly.
- Evaluating any third-party services the company uses/plans to use to store data.
WHAT DATA DO I COLLECT?
They enable me to:
Estimate my audience size and usage pattern.
Store information about your preferences, thereby allowing me to customise my site according to your individual interests.
Speed up your searches.
Recognise you when you return to my site.
When someone visits Blissful Moments Holistic Therapies’ website, a third-party service, Google Analytics (GA), collects standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of my site. Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to me. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google does not share this information with me. I do not make any attempt to find out the identities of any individual visiting my website.
CONTACT FORMS, BOOKING SYSTEM AND SHOP
The information you provide on the contact form, booking system and shop goes directly to my email account. Absolutely none of this information is shared…EVER.
I use a third-party provider, G Suite, as my email software.
THIS WEBSITE’S SERVER
This website is hosted by WordPress.
CLIENT CONSULTATION FORMS AND RECORDS
As a Complementary Therapist, I take an holistic approach to my treatments. To this end, I complete with the client on their first appointment a consultation form. This form and subsequent records will contain details such as medical prescriptions and personal information about your health (both physical and mental) which falls into the “special category data” section of current GDPR law.
Special category data is any data that includes information about race, ethnic origin, politics, religion, genetics, biometrics, health, sex life or sexual orientation. These records are private and seen only by myself and the patient for the purposes of treatment. In some circumstances (such as in the case of persons who have notifiable communicable diseases or a condition that must be recorded or shared in the interests of public health laws) these records must be shared with a third party who in most instances will be the client’s GP or specialist health care practitioner. If that is the case then the client will be expressly informed. I am duty bound by law to keep such records which must remain on file for a minimum period of 10 years.
At the time of making an initial appointment you will be asked to provide your consent for my keeping these records. Unfortunately, for insurance purposes and in order to fulfil my duty as a registered practitioner, I am unable to provide treatments to anyone who does not wish to give their consent to the keeping of such records.
Records can be viewed by the client at any time and are stored in the form of a hard copy (paper file) which is kept under lock and key. If you are a current client who wishes to view or amend your records, you may do so by email to email@example.com or in writing. I shall endeavour to provide you with access to your files within a time frame of 21 days.
ACCESSING, AMENDING, OR DELETING YOUR PERSONAL INFORMATION
You are entitled to view, amend, or delete any personal information that Blissful Moments Holistic Therapies holds about you. To request this, please send an email to firstname.lastname@example.org. Evidence of your identity will be required.
I may withhold such personal information to the extent permitted by law. You may instruct me not to process your personal information for marketing purposes by sending an email to me. In practice, you will usually either expressly agree in advance to my use of your personal information for marketing purposes, or I will provide you with an opportunity to opt-out of these marketing communications.
Security of your personal information
Blissful Moments Holistic Therapies will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. I will store all the personal information you provide on secure (password- and firewall- protected) servers. All electronic transactions you make to, or receive from me, will be encrypted using SSL technology.
Any data stored about you is currently stored in an identifiable fashion; a limitation of the content management system that this website is built on (WordPress). In the near future, I aim to change the storage of this data to a pseudonymous fashion meaning that the data would require additional processing using a separately stored ‘key’ before it could be used to identify an individual.
Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. I am committed to keeping it as a high priority and will implement it on this website as soon as I am able to.
Of course, data transmission over the internet is inherently insecure, and I cannot guarantee the security of data sent over the internet.
In addition, I may disclose your personal information:
To the extent that I am required to do so by law
In connection with any legal proceedings or prospective legal proceedings
In order to establish, exercise or defend my legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
To the purchaser (or prospective purchaser) of any business or asset that I am (or may in the future) contemplate selling
To any person who I reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in my reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information
I will report any unlawful data breach of this website’s database or the database(s) of any of my third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
MY PROMISE TO YOU
Blissful Moments Holistic Therapies stands by the principles outlined in the GDPR, and as such, ensures that any information held by the organisation is collected, used, and stored securely, and for specific reasons. No information I hold about you is shared, sold, or rented and is accessible by you upon request. If you would like access to your information, please contact me via email at email@example.com.
POLICY DOCUMENTATION UPDATES
This document was updated on the 18th May 2018. I’ve done my very best to explain clearly and in plain English what I do, what information I collect and why, so that you can feel completely comfortable that any information held or stored is being used exactly in the way you would expect in order to maintain your privacy. If there’s anything here that isn’t clear, or you discover any errors in this document, please reach out to me and I’ll fix it immediately.
This policy will next be reviewed on 18th May 2020 unless circumstances (or the law) changes in the interim time period. Please note that you will not be explicitly informed of any changes, but they will be made freely available on my website, so please check the page from time to time so you can be confident you’re completely happy and satisfied with my processes.