PRIVACY POLICY

As a sole trader, I am the director/manager of my complementary therapy practice, and in terms of GDPR, I am the data controller for my practice, too. GDPR stands for the General Data Protection Regulation that was introduced by the European Union in April 2016 and is enforceable from 25th May 2018. I am registered with the ICO (Registration Number: C1326847). ICO stands for Information Commissioner’s Office, the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and privacy for individuals.

I take the protection of your data seriously and am committed to my responsibility for maintaining confidentiality between myself and you as my client. This privacy policy sets out how I use and protect any information you give me.

If you have any questions or concerns about how your data is processed or shared, please contact me by emailing reynoldshealth@hotmail.com.

How is information about you collected?

When you visit my website:

My website uses Cookies. Cookies are small files that are stored on your device when you visit a website. Cookies are used to store non-personal data about you (for example, your geographical location, and IP address, as well as which of my web pages you’ve visited most. Cookies help to distinguish you from other users of my website. This helps me to provide you with a good experience when you browse my website and also allows me to improve my site. Your information is not stored on my website. If you click on the email address link on my website and send me a message, I will then be able to see your email address, and whilst I store this information so that I’m able to respond to your query and get in touch, I do not sell or share this information.

Via email:

When you enquire about my services via email and I reply to you via email, I cannot guarantee that your email, or my reply, is 100% secure. Possible assessment related emails tend to include some level of personal identifying or sensitive information, even if it is to simply book another appointment with me, or if I send an email to remind you of your next session, as emails from me could identify me as a practitioner. Please choose an appropriate email address accordingly. For the purpose of introducing an extra layer of security, you could consider sending your information to me by attaching a Word document that you have protected with a password. You could then let me know the password via phone or text. You are also welcome to create two paper copies of completed forms and questionnaires to bring to sessions where we are meeting in person (one for each of us), if you would prefer not to send them password protected by email.

Via phone:

If you choose to make contact with me over the phone, I may collect information from you before inviting you in for an assessment (see below “What type of information is collected?"). If you become a client, I may store your mobile number in my phone for the duration of treatment, identifying you only by first name and the first or first and second letter of your surname. I would do this in order to be able to contact you on the day of a session if either you or I are late or need to rearrange, or to text session reminders to you if you wish me to do so.

Completing forms:

When we have arranged for you to attend an assessment session, I will ask you to complete a client details form (or if I am performing surrogate testing, you will have sent the form back to me prior to the assessment via post). This form concerns personal information, including your name, date of birth, address, health issues and medications taken (if relevant). After the first assessment, this form will not be kept in the same place as my notes (which do not contain any identifying information) but will be stored in a locked safe in my home office. See “via email” above for how to make the conveying of the details in these forms more secure, should you wish to do so.

Face to face:

When you attend appointments with me, I collect and record data from you in order to get to know you and understand your health needs.

What type of information is collected, and why?

I collect the personal and sensitive data below from you to ensure that the service I provide to you is adequate, and for monitoring and evaluation purposes.

I may collect some or all of the following personal information from you, either before our first meeting (on the phone/via email/via post), or face to face:

Personal Information:

Personal details
Emergency contact (next of kin)

Special Category Data (Sensitive Data):

Some of the information I may collect from you can be classified as sensitive.

Physical or mental health details
Medications/supplements taken

What will your information be used for?

I process personal information to enable myself to provide complementary therapy to my clients, which may include:

Communicating with you regarding your treatment/appointments
Account for my clinical decisions and/or respond to complaints

What happens to the notes I take?

For me to fulfill my role as a complementary therapist, I take notes in each session and store these notes in your file, in order to help me remember significant details and reflect on your treatment plan and progress. I don’t need to have a written record of everything you share with me, and only use your data in ways you would reasonably expect. I keep notes separate from your identifying information (surname, date of birth, address). In between appointments, your notes are kept in a locked filing cabinet, to which only I have access.

Safeguarding

As per the NMC Code, I have to take appropriate action to protect the rights of children and vulnerable adults if I believe they are at risk. I would normally discuss any concerns I may have about safeguarding issues with you before I get in touch with anyone else.

There are three situations where I might share your information with third parties without your consent:

Court Order

If I am required to disclose data about you under a Court Order

Child Protection

If I am concerned about the welfare of a child, i.e. where there are child protection issues

Risk to self or others

Where there is an imminent risk of harm to yourself or others, i.e., you have expressed an intent to kill yourself, or to kill someone else, imminently.

Duration your data is stored for:

My Professional Indemnity Insurance requires that I store data for seven years. According to the Limitation Act 1980, you, as my client, have six years within which to bring against me a complaint of breach of contract, breach of trust or a claim in relation to negligence. It is therefore in both our interests that I store your data for this period of time. Once you have stopped having complementary therapy with me, your file is stored securely in a locked filing cabinet in my home for seven years, after which your file is securely destroyed.

Security of information shared over the internet:

I process your personal data in line with GDPR legislation (EU) 2016/679, and take all appropriate measures to keep it secure. You can find out more about this legislation online.

I make every effort to ensure that your personal information is held securely and to safeguard against unauthorised access to your personal information.

You acknowledge that the privacy of your communications and personal information can never be completely guaranteed when it is being transmitted over the internet.
You acknowledge and agree that you share and transmit the information at your own risk.

See “via email” above for more secure ways of sharing information over the internet.

Your Individual Rights:

You have a number of rights (including Right to be informed, Right to access, and Right to lodge a formal complaint) when it comes to your personal data. Please refer to the ICO’s website for full details of you rights.

Right of Access

You may request details of personal information which are held about you. Requests for information must be put in writing. If you would like to request access to the information held on you, please email me.

Requests that are considered excessive or unreasonable may be refused. In the event your request to obtain details of information held about you is refused, you will be provided with an explanation as to why that is.

Right to lodge a formal complaint with a supervisory authority

If you believe that your rights under the GDPR regulation have been infringed, or that the processing of personal data relating to you does not comply with this regulation, you can inform the ICO (Information Commissioner’s Office) or by phoning their helpline on 0303 123 1113.