I am committed to protecting and respecting the privacy of all my clients. This policy should answer your questions about the data that I hold on file for you.
This policy has been prepared in accordance with GDPR and may be changed from time to time as updates are required. It is effective from 25th May 2018 and has had minor updates in July 2019.
Why is my data being collected?
As a therapist, I collect and process your data to ensure I provide you with a good standard of service, care and treatment. Data is collected to keep in contact, record your progress and to compare progress week to week. It is also used to highlight changes, concerns, action to be taken and to form a record of treatment provided. It also allows me to comply with my insurance requirements.
Who is collecting it?
I am a self-employed qualified Bowen Therapy Practitioner trading as Bowen by Danielle.
What information is being collected?
A record of your personal details, date of birth, address, telephone numbers, email and your next of kin (if provided) is held on file. I also need to record relevant medical information including medication along with any health problems and concerns.
Personal data about your presenting symptoms and treatment provided will also be documented in detail for each session. I may also keep on file pictures I have taken for assessment or comparison purposes. These pictures will not be used in any marketing material and will not be shown to anyone else without your consent.
Any notes that you provide from your doctor or other health professional will also be part of the data I hold on file.
How is it collected?
Any information I hold on file has come directly from you, the person who booked the appointment or a parent/guardian of a client under the age of 16.
Collection of data may happen via online clinic software, email, text messages, occasional photographs and letters. No personal data will be collected via social media.
Where do I keep your information?
From September 2012 – October 2014 I operated with a paper-based system. All notes from this time have been scanned and are now held electronically.
Since October 2014 I have used an online or ‘cloud based’ client record system called ‘WriteUpp’ to store all the data I hold on file for you. This information is not held locally on my computer or backed up to any physical device in my possession.
WriteUpp is classified as my data processor and have policies and procedures in place to keep your data safe, to allow me to process it in the most efficient way and to comply with GDPR.
How will I use your information?
Data will be used to communicate appointments, session information, progress, relevant referrals, a record of treatment and to contact you with marketing information such as an email newsletter. I use an online company called Mail Chimp that are compliant with GDPR.
You are welcome to opt out of email or text reminders regarding your appointment and the newsletter at any time. The information you provide along with details of your treatments are treated as confidential.
Who will it be shared with?
I do not share your personal data with third parties unless specifically asked to by you. This could include being asked to write a letter of treatment for your doctor, insurance company or other such like request.
No data is sold to third parties for business reasons. I may share good results and outcomes from treatments via social media, but no identifying personal data will ever be added.
How long will I keep your data?
I will keep your details and supplementary information for as long as necessary. As a minimum this will be 7 years following the last occasion on which treatment was given. In the case of a minor, 7 years after they reach the age of 18 years old.
All computers, laptops, tablets and phones are locked with passcodes. Online software is password protected. No client files are left on surfaces or open on a computer for other clients / staff to read.
In the unfortunate event of a data breach such as stolen paper records or if the online cloud-based system is infiltrated, I will notify you as soon as reasonably possible
Persons under the age of 16 years old
The data I collect for persons under that age of 16 years old is within the same categories for adults. In addition, a parent or guardian is required to read and sign a consent form for bowen therapy treatment.
A parent or guardian is required to be present at the time of treatment for any person under that age of 16 years old.
Under GDPR you have certain rights. These include the right to…
- be informed – the information above explains how I collect and use your data.
- have access – you have the right to request (verbally or in writing) access your personal data and supplementary information free of charge within one month of the request. A fee may be charged for repeated access or for copies of the same information. The request will be logged within your file.
- rectification – You have the right to have inaccurate or missing information corrected or completed. Requests can be verbal or written and will be carried out within a month of the request. The request will be logged within your file.
- erasure – In this case you DO NOT have the right to erasure as your data is classified as a special category data for health care. I must keep your treatment history on record which is in the best interests of both yourself as the client and myself as your therapist.
- restrict processing – you can request to place a specific restriction on your personal data verbally or in writing. This request will be completed within one month. This is not an absolute right. Processing may be restricted but the data will be stored. You are welcome to opt out at any time of any marketing, newsletters, emails and text messages should you wish to. The request will be logged within your file.
- data portability – you may obtain and reuse your personal data for your own purposes or if you wish to pass it onto another professional. This information will be provided free of charge within one month of the request. The request will be logged within your file. The information will be provided in electronic format and will be emailed.
- object – to processing of data for direct marketing or for research and statistics. You can object at any point verbally or in writing. The request will be logged within your file and your details removed from any marketing, research or statistical lists.
decide on matters relating automated decision making and profiling – I do not use any form of this
- complain – Please contact me if you have a complaint relating to your treatment or the way I handle your data. You can complain to the ICO if you think I am not handling your data correctly
Consent for Treatment