Privacy Notice
This Privacy Notice is designed to provide you with information about how I handle your personal data in accordance with the General Data Protection Regulation ("GDPR") 25 May 2018. I am also under duties of confidentiality to you and will keep your data confidential and will use your data to provide you with therapeutic services and not in a way that would be outside your reasonable expectations.
What I need, why I need it and how long I will keep it for
I am a controller of your data and will create and store information relating to your name, contact details, attendance and payment. I need this information for the following reasons:
- to provide treatment;
- to contact you via email or phone;
- for administrative purposes (i.e. to keep a hard copy record of sessions attended to ensure accurate billing); and
- to keep tax records of income received from my practice.
I also hold your GP details and emergency contact details in paper format in a locked cabinet. I only use these in the case of an emergency where I am concerned you might be a danger to yourself or someone else. In these circumstances, I would contact your emergency contact and/or your GP as I consider appropriate.
Purpose and legal basis
I process your personal information for the purposes set out in this privacy notice. My legal reason for processing your data will depend on the category of data, as set out below.
Purpose - To contact you in order to provide therapeutic services.
Legal ground for processing personal data - To provide therapeutic services in accordance with my contract with you;
- It is necessary in the legitimate interests of providing therapeutic services to you.
Legal Ground for processing special category data - It is necessary for the purposes of the provision of health care.
Purpose - For administrative purposes in relation to the therapeutic service provided to you.
Legal ground for processing personal data - To provide therapeutic services in accordance with my contract with you;
- It is necessary in the legitimate interests of providing therapeutic services to you.
Legal Ground for processing special category data - It is necessary for the purposes of the provision of health care.
Purpose - To maintain tax records.
Legal ground for processing personal data - I have a legal/regulatory obligation.
Purpose - To contact others in the case of an emergency.
Legal ground for processing personal data - It is necessary in order to protect your vital interests or of another person.
Legal Ground for processing special category data - It is necessary in order to protect your vital interests or of another person where you are incapable of giving consent.
Retention, storage and security
I will not hold your information in electronic form except for any emails you send me. Your data will be securely destroyed after 7 years. Information stored for the purposes of tax records is pseudonymised, which means that a code will be generated and used instead of your name.
Third Parties
Apart from in limited circumstances where I may contact your emergency contact or GP as set out above, or otherwise where I am permitted to transfer it by law, I will not transfer your personal information to any other third party.
Your rights - You may request copies of your personal information. I will aim to comply with your request within 30 days of receipt.
- If you believe that any information I am holding about you is incorrect or incomplete, or you wish to object to any processing that I undertake, please contact me. If appropriate, I will correct it or cease processing it, as soon as I am able.
- I will keep your records for a maximum period of 7 years after our last communication. You have the right to request that your personal data be erased prior to this date, and I will comply with such a request unless I have a legal right or obligation to keep hold of the data for any reason.
For further information on your rights, please visit the information commissioner's website at www.ico.gov.uk.