Touchwood Spirit GDPR Privacy Statement
GDPR: General Data Protection Regulation Policy. From 25th May 2018.
What information is being collected?
As part of visiting me as a complementary therapist, I will need to have a record of your personal details, date of birth, address, telephone numbers, email and relevant health information relating to your session. Only occasionally will it be appropriate to have social media account information as well as part of your profile.
A unique reference number will also be allocated to you.
Personal data about your presenting symptoms and treatment provided will also be documented. You have access to this information.
All data will be held in a locked cupboard or similar.
No client files are left out for other clients / people to read.
All data taken whilst on a mobile treatment will be transported in a locked bag, out of sight in a boot. No notes are left unattended in a vehicle at anytime.
All notes being transported will use the unique reference codes to identify you as a client. In the rare event they are stolen or lost, you cannot be identified or traced.
All notes will be kept secure for a period of 8 years for adults and will then be destroyed if you are no longer attending clinic. All children’s notes will be kept until adult age ( 21 ), and then destroyed if no longer attending.
Who is collecting it?
I will be collecting data at the start of your first session (sometimes before). Some information maybe requested by email or text message to ensure the smooth running of your treatment. On occasion data from relevant medical notes / letters and scans may also form part of the data collected and held by myself.
How is it collected?
Collection of data will happen via pen and paper note taking; secure email; possibly, in future by text messages; occasionally photographs, videos, and letters by mail. No personal data will be collected via social media.
Why is it being collected?
Data is collected to record, guide and supervise your session and/or progress and be able to communicate effectively with the you for the best outcomes. If relevant it is also used to compare progress over time and to highlight changes, red flags, yellow flags, action to be taken and a detailed dialogue of treatment provided.
Data also helps practitioner bodies to carry out relevant research/case studies from time to time. All clients can opt in or opt out of this. Again unique reference codes will be used to transfer data.
How will it be used?
Data will be used to communicate appointments, session information, progress, relevant referrals, and relevant consented media.
Who will it be shared with?
Data is rarely used to communicate and be shared outside of the clinical environment. On occasion you maybe asked for permission for the information to be shared with another practitioner or medical service for referred treatment (case studies when I train in new/updated therapies would be a typical example):
Full permission will be requested first.
Personal data will be sent by post or email separately to your treatment information and a personal allocated reference code will be used to ensure the individual cannot be identified without the 2 pieces of data recording being put together.
Client experiences can be shared with the public with full consent from the client themselves. This will be taken in on a consent form signed by the client prior to sharing.
What will be the effect of this on the individuals concerned?
There should be no data leakage with regards to clients.
No data is shared with 3rd parties without consented permission.
No data is sold to third parties for business reasons.
No data is held on phones unless encrypted with a pin number / finger print recognition. No phones are left unattended. Lost / stolen phones need to be locked remotely to prevent 3rd parties reading any sensitive information.
No sensitive / identifiable data is sent by email together in the same posting. Unique reference codes are used.
All computers / laptops and tablets are locked with passcodes and not left unattended. Only individuals with permission to read notes can access this data.
Is the intended use likely to cause individuals to object or complain?
Complementary therapists & practitioners' take data protection and privacy seriously and promote this philosophy to all the industry in relation to protecting client data.
The data mapping in place should never cause a client to object or complain. Any queries and requirements are taken seriously and honoured.
1 Heol Elfed, Gorseinon, Swansea SA4 4GH
Grateful thanks to the College of Bowen Studies for the use of their template for GDPR. I have adapted it accordingly to make Touchwood Spirit fit this Privacy Statement.
Carrie is a member of the Federation of Healers. http://website.lineone.net/~gordon.bagshaw/FoHmain.htm
Therefore, she is bound by the Code of Conduct of the UK Healers, for full Code please see:
Under the Code of Conduct of the
Carrie promises the client that all information provided will be kept strictly confidential, except where mutually agreed. However, examples may be used anonymously from time to time for the purpose of helping and inspiring other clients. Therefore, please specify anything that you wish to keep completely unspoken.
Touchwood will also keep basic information (eg name, address, e-mail and telephone) of clients in order to contact people as necessary regarding the provision of information, products and services. All information is kept confidential and is not shared with any other people or companies.
Data Protection registration
number: PZ 9651647
Data Protection registration number: PZ 9651647
Carrie Thomas May 2018