Privacy Notice for Banbury Bowen
Banbury Bowen is committed to protecting and respecting your privacy. For any personal data you provide as a client of Banbury Bowen, Banbury Bowen is the Data Controller and is responsible for storing and otherwise processing that data in a fair, lawful, secure and transparent way.
GDPR gives you the following rights:
- The right to be informed: To know how your information will be held and used (this notice).
- The right of access: To see your therapist’s records of your personal information, so you know what is held about you and can verify it.
- The right to rectification: To tell your therapist to make changes to your personal information if it is incorrect or incomplete.
- The right to erasure (also called “the right to be forgotten”): For you to request your therapist to erase any information they hold about you
- The right to restrict processing of personal data: You have the right to request limits on how your therapist uses your personal information
- The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
- The right to object: To be able to tell your therapist you don’t want them to use certain parts of your information, or only to use it for certain purposes.
- Rights in relation to automated decision-making and profiling.
- The right to lodge a complaint with the Information Commissioner’s Office:
- To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.
Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
If you wish to exercise any of these rights, please use the contact details given above.
If you are dissatisfied with the response you can complain to the Information Commissioner’s Office; their contact details are at: www.ico.org.uk
- If you don’t agree to your therapist keeping records of information about you and your treatments, or if you don’t allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you
- Your therapist has to keep your records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed
- Your therapist can move their records between their computers and IT systems, as long as your details are protected from being seen by others without your permission
FOR NEWSLETTER SUBSCRIBERS:
Name and email address will be collected and stored via Mailchimp if you have signed up via the website to receive my newsletter. This information shared with any third party, and you can opt out at any time.
FOR CLIENTS: THE FOLLOWING INFORMATION IS PROVIDED TO YOU AT YOUR FIRST APPOINTMENT, AND YOU WILL BE REQUESTED TO READ AND SIGN IF YOU AGREE.
Why do I need to collect personal information?
As a healthcare professional, I have a requirement to retain information in order to provide you with the best possible treatment outcomes and advice. I also have a legal requirement via my insurance (Alan Boswell Insurance Group) to keep a record of treatments given.
What information is being collected?
Information may include: your name, date of birth, address, contact phone number, contact email address and relevant information relating to your health and treatment.
How is it collected?
Collection of data will mainly happen via pen and paper note taking during your appointment; or via information you have provided by email or text messages. At times I will use photographs or videos taken during the session – these are strictly with your consent only, and are stored as part of your electronic records in the same way. No personal data will be collected via social media. The premises are monitored by CCTV for security purposes.
Where is it stored?
Written information is stored in a locked filing box.
Electronic records are imputed via my iPad, which is protected by fingerprint access and a 6 digit passcode. Records are stored in password protected files.
Client contact numbers are only stored on my iPhone if you have given me permission to contact you via phone or text, and only saved onto my phone if I need to contact you in this way. The phone is protected by fingerprint access and a 6 digit passcode.
No client files are left on surfaces for other clients / staff to read.
Any data taken whilst on a mobile treatment will be transported in a locked bag, out of sight in the boot. No notes are left unattended in a vehicle at anytime.
How long is it kept for?
In accordance with GDPR regulations, records are kept for 7 years after the last appointment. For children under 17, records will be kept until the child is 25; or if 17 when treated, then 26.
Who is collecting it?
As your practitioner, I will collect data at the start of your first session. Some information maybe requested by email or text message to ensure the smooth running of your treatment. On occasion data from relevant medical notes / letters and scans may also form part of the data collected.
Why is it being collected?
Data is collected to record, guide and supervise your progress, and to be able to communicate effectively with you regarding the best outcomes. It is used to compare any changes as you progress through treatments, to highlight any red flags or cautions, action to be taken and a detailed dialogue of treatment provided.
How will it be used?
Data will be used to inform your treatment plan, communicate appointments, session information, and document progress.
Contact information will be used to send email correspondence, including newsletters, if you have opted to receive this. You can change your preferences regarding newsletter / correspondence at any time.
Who will it be shared with?
I will NOT share your information with anyone else, other than within my own practice, for purpose of referral to another practitioner, or as required for legal process, without explaining why it is necessary, and getting your explicit consent.
Client experiences can be shared with the public via Banbury Bowen social media pages only with full consent from the client themselves, and they will remain anonymous. This will be confirmed in writing by the client prior to sharing.
What will be the effect of this on the individuals concerned?
There should be no data leakage with regards to clients.
No data is shared with third parties without consent.
No data is sold to third parties for business reasons.
No data is held on phones unless encrypted with a pin number / finger print recognition. No phones are left unattended. Lost / stolen phones need to be locked remotely to prevent 3rd parties reading any sensitive information.
No sensitive / identifiable data is sent by email together in the same posting.
All computers / laptops and tablets are locked with pass codes and not left unattended.
PROTECTING YOUR PERSONAL DATA
I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information I collect from you.