THE PURPOSE OF THIS NOTICE
This Notice is designed to help you understand what kind of information I collect in connection with my services and how I will process and use this information. In the course of providing you with services I will collect and process information that is commonly known as personal data.
This Notice describes how I collect, use, share, retain and safeguard personal data. These activities are also referred to as processing data.
This Notice sets out your individual rights; I explain these later in the Notice but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
WHAT IS PERSONAL DATA?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.
The personal data I collect may contain information which is known as special categories of personal data. This may be information relating to and not limited to, your health, racial or ethnic origin, religious or philosophical beliefs, or data relating to sexual orientation.
For the purposes of safeguarding and processing health data responsibly, I will treat them in the same manner as special categories of personal data, where I am legally required to comply with specific data processing requirements. For example I will not hold sensitive data electronically and destroy them as soon as I am no longer legally required to hold them.
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
The right to be informed about the personal data being processed;
The right of access to your personal data;
The right to object to the processing of your personal data;
The right to restrict the processing of your personal data;
The right to rectification of your personal data;
The right to erasure of your personal data;
The right to data portability;
Individuals can exercise their Individual Rights at any time. As mandated by law I will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, I am entitled to charge a reasonable administration fee.
In exercising your Individual Rights, you should understand that in some situations I may be unable to fully meet your request, for example if you make a request for me to delete all your personal data, I may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes such as malpractice insurance.
PERSONAL DATA I COLLECT
In order for me to provide you with Reiki, Energy Healing, EFT, NLP, Mindfulness and Wellness training and Change Facilitation, I will collect and process personal data about you.
I will also collect your personal data where you request information about my services, such as one to one sessions, courses or other events and when you sign up for my newsletter.
You may provide me with personal data when completing my website contact form, when you contact me via the telephone, when writing to me directly or where I provide you with a paper or digital client intake form for completion before a first session. In my client questionnaire I take a detailed medical and personal history which is necessary in order to give you the very best tailored, safe and effective treatment.
When you sign my client form you give consent to your data and case file being kept in accordance with the requirements of my malpractice insurance (i.e. for a minimum of 7 years from the date of the last treatment).
I will keep your data completely confidential and under lock and key and will never share your personal data with anyone, apart from where it would be required to do so by law. Examples for disclosure by law include the presence of notifiable disease or danger to self or others.
WHY I NEED YOUR PERSONAL DATA?
I only collect and store information necessary to establish or maintain safe and high quality support for you that is tailored to your personal needs or to provide general health and wellbeing advice and inform you about my services. I will only share client information with client consent or where required by law.
I have different categories of data I collect which reflect the different types of interaction I have with newsletter subscribers, prospective clients, clients or course participants:
If you subscribe to my newsletter or contact me directly with an enquiry about my services, I will keep your data in an email programme such as Mailchimp and only collect and store your name and email address for marketing and information purposes. You can unsubscribe at any time.
For course participants, I will keep a register of your name, email and phone number and information on which courses you attended and when for archiving purposes. I ask for your consent to contact you about future services and developments and you can opt out any time.
For clients of one to one sessions, I will keep your name, address, phone number, and GP details as well as your consent and the medical and personal history you have provided in your client questionnaire. I will also keep a handwritten record of case notes I made in every session, which are kept under lock and key for 7 years from our last session date.
THIRD PARTY ACCESS TO YOUR PERSONAL DATA
I do not sell, trade or rent your personal data to others. I may use third party service providers such as for example the Mailchimp email newsletter service provider. I also keep a record of client sessions for tax purposes which I would make accessible to HMRC if audited for tax.
In supervision I will share anonymized information about cases to guarantee a continuously high ethical professional standard of my client work. I may share some of your information with these third parties for those limited purposes only and will deem that by accepting my Privacy Notice that you have given me your permission to do so.
Where I collect data directly from you, I am considered to be the controller of that data. A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
The retaining of data is necessary where required for contractual, legal or regulatory purposes, for example it is required that I retain your client file and case notes for a minimum of seven years after our last session in order to comply with the legal requirements of my malpractice insurance.
Paper client files and case notes shall be kept for at least 7 years following the last occasion on which treatment was given. In the case of treatment to minors, I have been advised by my insurance that records should be kept for at least 7 years after they reach the age of majority (18). After expiration of the 7 years, I will shred any paper files and only keep your name and email address in my general mailing list from which you can opt out at any time.
I also keep an EXCEL file record of client sessions and course participants with name and contact as proof of sessions for tax purposes as well as proof of client hours for accreditation bodies.
Please contact me at firstname.lastname@example.org if you object to the use of, or you have any questions relating to the use or retention of your personal data.
You can opt out of receiving marketing or information services at any time by e-mailing email@example.com.
PROTECTING YOUR DATA
I will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data. This includes storing your sensitive health data as paper data in a lockable filing cabinet and keeping electronic data in specialized cloud based software or password protected folders on my personal computer.
If you are dissatisfied with any aspect of the way in which I process your personal data please contact me. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.
Version: April 2018