The EU and the British Government through the Information Commissioners Office have introduced new legislation regarding Data Protection. Known as General Data Protection Regulation (GDPR).
The purpose of this notice:
This notice is designed to help you understand what kind of information we collect in connection with our consultations, treatments and services and how we will process or use that information. In the course of providing you with consultation, services and treatments we will collect and process information that is commonly known as Personal data.
This notice describes how we collect, use, retain and safeguard Personal Data.
This notice sets out your Individual Rights; we explain these later in this notice however in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
We The Malvern Healing Tree (also referred to as “we”, “us” or “our”) collect and hold data relating to our clients in the form of: Name, Address, Telephone Number, Occupation and Date Of Birth. This information is held for a period of seven years from the date of the last treatment provided, this is a legal requirement and all reasonable steps are taken to ensure that this information is maintained in the strictest of confidence. Your Personal Data is not shared with any Third Party, Partner, Spouse, Child, Sibling, Parent or Organisation without your express permission unless such request is in a legal form from a solicitor, hospital, insurance company, court of law or the police.
What is Personal Data?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s Name, Age, Address, Date Of Birth, Gender and Contact Details.
Personal data may contain information (which we do not record) which is known as special categories of personal data. This may be information relating to and not limited to, an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation.
Personal data may also contain data relating to criminal convictions and offences (which we do not record).
For the purposes of safeguarding and processing criminal conviction and offence data responsibly (which we do not record), this data is treated in the same manner as special categories of personal data, where we are legally required to comply with specific data processing requirements.
For the purposes of processing financial transactions by cheque, credit/debit card or direct bank transfer or online banking we do not retain details of your bank account outside that as displayed on the bank statement of the account into which you transfer funds.
Personal Data We Collect.
In order for us to provide Consultation, Treatment and Other Services to you, we will collect and process Personal Data about you. In the event that another person discloses personal or other information about you to us it is their responsibility to ensure that they are entitled to and have your permission to disclose such personal information about you to us.
In the event that you disclose personal information about other persons, you have a responsibility to ensure that you are entitled to and have permission to disclose such personal information relating to that third party.
You may provide us with your Personal Data by completing the Contact Form on the website, by discussing your specific condition, requirements and details over the Telephone, Mobile Phone or by communicating such information by text, multimedia messaging, email, social media, messaging, letter, face to face communication or by completing a patient record form.
We do not share your personal data with your spouse, partner, children or any third parties, or other organisations without your express permission. Your personal data is kept in a locked filing box.
We do not use any form of data collection tools such as location, cookies or IP addresses associated with you visiting our website. Where we collect personal data directly from you, we are considered to be the controller of that data i.e. we are the ‘Data Controller’. A ‘Data Controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A ‘Data Processor’ means the individual or organisation which processes personal data on behalf of the ‘Data Controller’.
If you object to us collecting or maintaining your Personal Data we may be unable to provide you with the Consultation, Treatment, or service that you require.
For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
Why Do We Need your Personal Data?
We require your Personal Data to identify you as an ‘identified or identifiable natural person’.
The retention of Personal Data is necessary where required for legal and regulatory purposes. The destruction of your Personal Data at the end of the retention period is via shredding in terms of Paper record, deletion and shredding of computer-based data.
Individuals are provided with legal rights governing the use of their Personal Data. These grant individuals the right to understand what Personal Data relating to them is held, for what purpose, how it is collected and used, with whom it is shared if applicable, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
- The right to be informed about the personal data being processed; - The right of access to your personal data; - The right to object to the processing of your personal data; - The right to restrict the processing of your personal data; - The right to rectification of your personal data; - The right to erasure of your personal data; - The right to data portability (to receive an electronic copy of your personal data); - Rights relating to automated decision making including profiling.
Individuals can exercise their Individual Rights at any time. As mandated by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.
In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your Personal Data, we may be required to retain some data for regulatory and other statutory purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
Protecting Your Data:
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your personal data.
If you are dissatisfied with any aspect of the way in which we process your personal data please contact our Data Privacy Representative. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.
How to Contact Us:
If you have any questions regarding this Notice, the use of your data and your Individual Rights please contact our Data Privacy Representative at email@example.com; or Mob: 07955228906