General Data Protection Rules 2018
And as the following website(s) and social media identities:
FB Debbi Walker, Suara Sound Academy, Polhilsa House Retreat
We are committed to protecting your privacy and will only use information collected lawfully in accordance with General Data Protection Rules 2018, Human Rights act 1998, Common Law Duty of Confidentiality and we abide by the British Complementary Medicine Association Code of Conduct.
- Your rights – all the ways that you can control what happens with your data
About your personal data
Personal data collection by:
Sales and enquiries through website host
When you make an enquiry
The name and contact details you give and the content of your message(s) are retained for three reasons:
- By your consent
- As part of a ‘contract’ (only while we communicate)
- For legitimate business interests – for good business practice I keep your email query on file
Your details are never shared with any third party without prior consent, ie referral to another therapsit. You are always kept informed of this.
All necessary data is encrypted password protected.
When you make an online purchase as a single purchase, a membership or subscription
This is a contract for services. Your contact details are dealt with as above (consent, contract, legitimate reasons) – also these, your purchase history and the payment details (sent to me from Paypal, iZettle or BACS) are retained for six years beyond the end of the contract for legal reasons – accounting law. All of this is encrypted password protected.
When you attend a workshop or training
All of the above applies. I also keep record of your attendance, your booking form, your feedback forms, also so that I can send you updates or offers which may be of specific interest to you as an attendee/graduate. Your details are collected on an attendance form and are hand written. Booking forms are usually sent by post or email. By providing these details, you agree to be contacted by email, text, Messenger until you give notice or unsubscribe, which you can do at any time. Your feedback which is handwritten or typed is used by prior consent on my website and social media platforms. These will be removed as requested by you if the need arises.
When you work with me 1:1 – Sensitive Data Collected
An assessment form is carried out and these are retained in printed or handwritten format and include your contact details and where appropriate, signature. The sensitive nature of such documents will generally be in relation to health or medical history.
These records help to provide you with the best possible care and treatment plan. The records are paper and not kept in any digital method, unless you send me the form back by email.
We record and use the following categories of personal data: name, address, telephone numbers, email address, GP details, health status and information including past and current medical history, previous investigations, any diagnosis and treatment protocol. You sign a consent form that you have declared all you need to and any feedback is allowed to be used in research with anonymity being maintained at all times.
Information may be used within the practice for audit purposes to monitor the quality of the services we provide. All of your information is held securely on our premises and may be used for statistical purposes. Where we do this, we take strict measures to ensure that individual clients cannot be identified.
In all cases I am required by law and insurance reasons to retain these records for six years after the completion of our contract – or in the case of a minor, from six years beyond the date of their eighteenth birthday.
Other data sources:
Incoming data is also received from my website host Web.com, Paypal, Skype, Zoom
I may receive information from another practitioner or therapist as part of a referral, this will be done in accordance with the GDPR data protection act 2018.
Sharing your data
Your privacy is important and I do not sell your data nor share it except by your consent or under the law.
When working together, I may give out elements of your personal information to another practitioner or therapist as part of a referral. This will always only be with your personal consent.
In continuation of current UK law on confidentiality I also retain the right and in some cases the legal requirement to breach confidentiality to inform an authority such as the police or your GP of impending harm or illegality.
The GDPR sets out clearly what your rights are. It also lays out deadlines for a reply and other rules which are reproduced for your information at the bottom of this section.
Right to be informed
You have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the GDPR.
I must provide you with information including: my purposes for processing your personal data, my retention periods for that personal data, and who it will be shared with. This ‘privacy information’ is provided above.
I must provide you with privacy information at the time I collect your personal data from you, in other words it has to be available to you before you fill in a form or hand over your data such as your email address.
If I obtain your personal data from other sources, e.g. by referral or from the payment service provider your selected, I must provide you with privacy information within a reasonable period of obtaining the data and no later than one month.
There are a few circumstances when I do not need to provide people with privacy information, such as if an individual already has the information or if it would involve a disproportionate effort to provide it.
The information I provide to people must be concise, transparent, intelligible, easily accessible, and it must use clear and plain language. Therefore if there is anything you do not understand, please get in touch.
Right of access
You have the right to access your personal data and supplementary information. This allows you to be aware of and verify the lawfulness of the processing.
You are entitled to confirmation that your data is being processed, access to your personal data, and
other supplementary information as provided in this privacy notice
Right to rectification
You have the right to have the data your personal data corrected if it is incorrect, or completed if it is incomplete.