GDPR is bringing in new legal protection for personal information from 25th May 2018. The stills you what personal information I hold and why, and what your rights are.
I can also confirm that I will not hold any of your health or medical details electronically, I will only store your preferred contact detail and name. These are stored on my encrypted phone, iPad and laptop. This means:
Therapists Name : Claire Barns
Telephone Number: 07935205124
Data Controller Contact Details : Claire Barns
Data Protection Officer: Claire Barns
I hold and use client data in order to provide you with the best possible treatment options support and advice
The lawful basis under which I hold and use for information:
My legitimate interests i.e my requirement to retain the information in order to provide you with the best possible treatment options and advice
My requirement to hold your information for the following legal reasons:
1) 'claims occurring' insurance (records to be kept for 7 years since last treatment)
2) Law regarding children records( records to be kept until child is 25 or if 17 when treated then 26)
As I hold special category data (i.e health related information) the ADDITIONAL CONDITION under which I can hold and use this information is: for me to fulfil my role as a health care practitioner bound under the AoR confidentiality as defined in the AoR Code of Practice and Ethics.
In order to give professional reflexology treatments, I will need to ask for and keep information about your health. I will only use this for informing reflexology treatments and any advice I give as a result of your treatment. The information to be held is :
- Your Contact Details
- Medical History and other health related information
- Treatment details and related notes
I will NOT share your information with anyone else (other than within my own practice, or as required for legal process) without explaining why it is necessary, and getting your explicit consent.
I am committed to ensuring that your personal data is secure. In order to prevent unauthorized access or disclosure, I have put into place appropriate technical, physical, and managerial procedures to safeguard and secure the information we collect from you.
-All medical and treatment records are stored on paper and kept in a locked filling cabinet.
-All details relating to your chosen method of contact are stored on an encrypted phone, iPad and laptop.
-Any pre-treatment questionnaires returned by email are printed upon receipt and the email is deleted permanently form our account
I will contact you using the contact preferences you have given me.
GDPR gives you the following rights:
Full details of your rights can be found at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individuals-rights/.
If you wish to exercise any of these rights , please email: email@example.com
If you are dissatisfied with the response you can complain to the Information Commissioners Office; their contact details can be found at : www.ico.org.uk
We will collect all your medical details and personal information at your first appointment. At this appointment you will also be asked to sign a copy of this agreement and we will complete contact preferences form. Both of these will be kept on your file.
You will be offered a hard copy to take away with you too.