Privacy Policy and General Data Protection Regulations (GDPR) Policy.
Chrissie’s Complementary Therapy
Chrissie Fielden
I am committed to protecting your privacy and your personal data. This privacy policy explains your rights and my obligations to you as someone seeking or using the services of Chrissie’s Complementary Therapy under GDPR. I operate under a strict code of confidentiality.
Your confidential information and how it is used.
In order to give professional treatments/therapy I firstly need to collect certain basic personal information such as name, phone number, email address, postal address. I take this basic contact information to allow me to approach you and handle bookings for treatment/therapy sessions. Depending on which therapy is appropriate for you I may need to take notes during the session which might contain potentially sensitive information about your health, emotional wellbeing and your life. These notes are solely for the delivery of a therapy service for you.
Your rights
You have rights to the information I hold about you to verify its accuracy or to ask for them to be supplemented, updated or corrected. You have the right to request a copy of some or all of the information that I hold about you. Please email or write to me via the contact details at the beginning of this agreement and relevant information will be provided to you within 30 days.
How long I keep your information for
The lawful basis under which I hold your information is “legitimate interest”, that is my requirement to retain the information in order to provide you with the best possible therapy service. Your information is kept for the time necessary to provide the therapy service you have requested, however outside of this I am legally obliged to hold your details and session notes for a period of 7 years following the end of treatment in accordance with the Retention Schedule.
In the case of a child under 13 then records will be kept for 7 years after they reach the age of 18.
After this date, all data will be securely deleted.
Sharing of your data
I will need to ask for and keep information regarding your health and well-being to inform certain treatment/therapy sessions. This will include your contact details, health related information and session details and related notes. There may be exceptional times when your information needs to be shared with 3rd parties. Unless there are legal obligations on me not to do so, I will explicitly ask your consent before doing so and any data sent to 3rd parties will be done securely.
Security of your data
All information will be kept securely and confidentially in line with the data retention policy. I am committed to ensuring your data is secure. In order to prevent unauthorised access and disclosure I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information I collect from you.
Unfortunately the transmission of information via the internet and email may not be completely secure. Although every effort is made to protect your personal data the security of your data cannot be guaranteed and any such transmission is at your own risk.
Any sessions conducted using Zoom and any data transmitted during sessions is encrypted and secure and compliant with GDPR.
Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.