Types of data I collect
I collect personal identification data such as your name, address, telephone number, email address and date of birth. I also gather information about your medical history and lifestyle. This provides me with information which may impact on your treatment.
How your data is collected
You directly provide the data I collect through my online booking system, any email or telephone exchanges, my consultation form and COVID-19 screening forms. By doing this you give your consent for this data to be collected.
When you buy a gift voucher online the system I use is Square. This is encrypted and security is regularly updated. I store a record of the name and address of the person who purchased the voucher, with a code so that the gift voucher can be traced in the event of loss or theft.
How I will use your data
I do not use your personal information unless I need to contact you about your appointment. Medical history and lifestyle information allows me to assess whether you are safe to receive treatment and to formulate a treatment plan. This information is not used outwith these reasons. However, I may disclose this information in instances required by law.
How your data is stored
The systems I use are Acuity and Cognito Forms, both of which have an encrypted storage system. Updates are regularly carried out on these systems to ensure security.
For insurance purposes I am required to keep client notes for 7 years. Inactive client notes will be destroyed 7 years after your last treatment. You have the right to request that your data be deleted from my files at any time. If you request this I will archive your notes and destroy them 7 years after your last treatment.
Gift voucher information is stored electronically in a secure cloud. I do not store credit/debit card details. This information is held by a third party (Square) who I use to manage card sales.
If you have signed up to the mailing list you grant me consent to use your email address to send out newsletters. You have the right to unsubscribe from this mailing list at any time.
What are your data protection rights?
You have the right to:
1. access copies of your personal data. I may charge you a fee for this.
2. request that I rectify any inaccurate or incomplete information.
3. request that I erase your personal data, under certain conditions.
4. object to me processing your personal data, under certain conditions.
5. request that I transfer the data I have collected to another organisation, or directly to you, under certain conditions.
If you make a request, I have one month to respond to you.
If you would like to exercise any of these rights please contact me on firstname.lastname@example.org
Contacting an appropriate authority
Should you wish to report a complaint or if you feel that I have not addressed your concern in a satisfactory manner, you may contact the Information Commissioners Office.