GDPR Policy
General Data Protection Regulation (GDPR) Policy
I am committed to protecting and respecting the privacy of all my clients.
This policy has been prepared in accordance with GDPR and may be changed from time to time as updates are required. It is effective from 25th May 2018 and has had minor updates in July 2019, November 2021, June 2022
Consent for Treatment
You will be required to read and consent to this privacy policy before treatment can commence. If you choose not to give consent, treatment will not be carried out and the initial details provided will be deleted.
Why is your data being collected?
As a therapist, I collect and process your data to ensure I provide you with a good standard of service, care and treatment and to comply with my insurance requirements.
Who is collecting it?
I am a self-employed qualified Bowen Therapy Practitioner trading as Bowen by Danielle.
What information is being collected?
A record of your personal details, date of birth, address, telephone numbers, email, your next of kin (if provided), relevant medical information including medication, health problems, symptoms and concerns along with treatment information is kept on file.
Pictures taken for assessment or comparison purposes are also kept on record. These pictures will not be used in any marketing material and will not be shown to anyone else without your consent.
How is it collected?
Any information I hold on file has come directly from you, the person who booked the appointment or a parent/guardian of a client under the age of 16.
Where do I keep your information?
From September 2012 – October 2014 I operated with a paper-based system. All notes from this time are now held electronically and the original has been destroyed.
Since October 2014 I have used an online or ‘cloud based’ client record system called ‘WriteUpp’ to store all the data I hold on file for you. This information is not held locally on my computer or backed up to any physical device in my possession.
WriteUpp is classified as my data processor and have policies and procedures in place to keep your data safe, to allow me to process it in the most efficient way and to comply with GDPR.
How will I use your information?
Data will be used to communicate appointments, session information, progress, relevant referrals, a record of treatment and to contact you with marketing information such as an email newsletter. I use an online company called Mail Chimp that are compliant with GDPR.
You are welcome to opt out of email or text reminders regarding your appointment and the newsletter at any time. The information you provide along with details of your treatments are treated as confidential.
Who will it be shared with?
I do not share your personal data with third parties unless specifically asked to do so by you.
How long will I keep your data?
I will keep your details and supplementary information for as long as necessary. As a minimum this will be 7 years following the last occasion on which treatment was given. In the case of a minor, 7 years after they reach the age of 18 years old.
Security
All computers, laptops, tablets and phones are locked with passcodes. Online software is password protected with MFA.
In the unfortunate event of a data breach, I will notify you as soon as reasonably possible.
Persons under the age of 16 years old
The data I collect for persons under that age of 16 years old is within the same categories for adults. In addition, a parent or guardian is required to read and sign a consent form for bowen therapy treatment. A parent or guardian is required to be present at the time of treatment for any person under that age of 16 years old.
Your Rights
Under GDPR you have certain rights. These include the right to…
be informed – the information above explains how I collect and use your data.
have access – you have the right to request (verbally or in writing) access your personal data and supplementary information free of charge within one month of the request. A fee may be charged for repeated access or for copies of the same information. The request will be logged within your file.
rectification – You have the right to have inaccurate or missing information corrected or completed. Requests can be verbal or written and will be carried out within a month of the request. The request will be logged within your file.
erasure – In this case you DO NOT have the right to erasure as your data is classified as a special category data for health care. I must keep your treatment history on record which is in the best interests of both yourself as the client and myself as your therapist.
restrict processing – you can request to place a specific restriction on your personal data verbally or in writing. This request will be completed within one month. This is not an absolute right. Processing may be restricted but the data will be stored. You are welcome to opt out at any time of any marketing, newsletters, emails and text messages should you wish to. The request will be logged within your file.
data portability – you may obtain and reuse your personal data for your own purposes or if you wish to pass it onto another professional. This information will be provided free of charge within one month of the request. The request will be logged within your file. The information will be provided in electronic format and will be emailed.
object – to processing of data for direct marketing or for research and statistics. You can object at any point verbally or in writing. The request will be logged within your file and your details removed from any marketing, research or statistical lists.
decide on matters relating automated decision making and profiling – I do not use any form of this
complain – Please contact me if you have a complaint relating to your treatment or the way I handle your data. You can complain to the ICO if you think I am not handling your data correctly