GDPR Privacy Policy

 General Data Protection Regulation (GDPR) Privacy Policy

I am committed to protecting and respecting the privacy of all my clients. This policy should answer your questions about the data that I hold on file for you.

This policy has been prepared in accordance with GDPR and may be changed from time to time as updates are required. It is effective from 25th May 2018 and has had minor updates in July 2019.

Why is my data being collected?

As a therapist, I collect and process your data to ensure I provide you with a good standard of service, care and treatment. Data is collected to keep in contact, record your progress and to compare progress week to week. It is also used to highlight changes, concerns, action to be taken and to form a record of treatment provided. It also allows me to comply with my insurance requirements.

Who is collecting it?
I am a self-employed qualified Bowen Therapy Practitioner trading as Bowen by Danielle.

What information is being collected?
A record of your personal details, date of birth, address, telephone numbers, email and your next of kin (if provided) is held on file. I also need to record relevant medical information including medication along with any health problems and concerns.

Personal data about your presenting symptoms and treatment provided will also be documented in detail for each session. I may also keep on file pictures I have taken for assessment or comparison purposes. These pictures will not be used in any marketing material and will not be shown to anyone else without your consent.

Any notes that you provide from your doctor or other health professional will also be part of the data I hold on file.

How is it collected?
Any information I hold on file has come directly from you, the person who booked the appointment or a parent/guardian of a client under the age of 16.

Collection of data may happen via online clinic software, email, text messages, occasional photographs and letters.  No personal data will be collected via social media.

Where do I keep your information?
From September 2012 – October 2014 I operated with a paper-based system. All notes from this time have been scanned and are now held electronically.

Since October 2014 I have used an online or ‘cloud based’ client record system called ‘WriteUpp’ to store all the data I hold on file for you. This information is not held locally on my computer or backed up to any physical device in my possession.

WriteUpp is classified as my data processor and have policies and procedures in place to keep your data safe, to allow me to process it in the most efficient way and to comply with GDPR.

How will I use your information?
Data will be used to communicate appointments, session information, progress, relevant referrals, a record of treatment and to contact you with marketing information such as an email newsletter. I use an online company called Mail Chimp that are compliant with GDPR.

You are welcome to opt out of email or text reminders regarding your appointment and the newsletter at any time. The information you provide along with details of your treatments are treated as confidential.

Who will it be shared with?
I do not share your personal data with third parties unless specifically asked to by you. This could include being asked to write a letter of treatment for your doctor, insurance company or other such like request.

No data is sold to third parties for business reasons. I may share good results and outcomes from treatments via social media, but no identifying personal data will ever be added.

How long will I keep your data?
I will keep your details and supplementary information for as long as necessary. As a minimum this will be 7 years following the last occasion on which treatment was given. In the case of a minor, 7 years after they reach the age of 18 years old.

Security
All computers, laptops, tablets and phones are locked with passcodes. Online software is password protected. No client files are left on surfaces or open on a computer for other clients / staff to read.

In the unfortunate event of a data breach such as stolen paper records or if the online cloud-based system is infiltrated, I will notify you as soon as reasonably possible

Persons under the age of 16 years old
The data I collect for persons under that age of 16 years old is within the same categories for adults. In addition, a parent or guardian is required to read and sign a consent form for bowen therapy treatment.

A parent or guardian is required to be present at the time of treatment for any person under that age of 16 years old.

Your Rights
Under GDPR you have certain rights. These include the right to…

Consent for Treatment
You will be required to read and consent to this privacy policy before treatment can commence. If you choose not to give consent, treatment will not be carried out and the initial details provided will be deleted.