top of page

Record Keeping & Confidentiality

Subscribing to my website or booking a service

​​

When you book a service on my website, or if you subscribe to my website, you will enter your personal details. These details are kept in the strictest privacy in accordance with the GDPR.  I will never share your data with any third parties.

​​​

From 25th May 2018 the GDPR brought in new legal protection for personal information and collection/holding of data.  This tells you what personal information I may hold, and why, and what your rights are.

​​

What information do I hold?

​​

In order to provide a service to you, I need to request some information from you. I will use this information for contact purposes (by email, text, phone call etc), and to understand your request better, as well as any concerns or issues you may have, in order to assist you in the session.  The information I hold comprises your contact details, any issues you may be having (should you provide me with this information). If you choose to subscribe to my website, you will be prompted to enter some login details so you can gain access to my site and receive my emails and newsletter. Subscribing to my website provides me with your name, email address and contact details.

​​​

What is the purpose for storing this information?

​​​​

The purpose for processing your personal data is due to my insurance.  The lawful basis for this processing is ‘legitimate business reason’. I am required, under this insurance policy, to retain your information for a period of six years after your booking. After this time, the data will be destroyed. I also need to retain your email address to keep you on my mailing list and for you to be able to obtain access to my website.

​​​​

Obtaining your information

​​​​

If you wish to see the data I hold about you at any time, then you can request these from me by sending an email to melaniestevens106@hotmail.com Please simply contact me and I will send this information to you.
 

As the sole proprietor of my business, I am the data controller and the data protection officer.  My contact details are listed in the footer of all pages on my website. 

​​​

Third party sharing

​​​

I will never share the information you provide me with during your session with any third party (unless required for legal process) without explaining why it is necessary, and getting your explicit consent.

​​

How is your information stored and how long for?

​​​

I am required, under my insurance policy, to retain your information for six years after your treatment. After this period of time has lapsed, I will destroy it securely.

​​​

What rights do you have under the GDPR?

​​​

GDPR gives you the following rights:

​​

  • The right to be informed - to know how your information will be held and used (this notice).

     

  • The right of access - to see your therapist’s records of your personal information, so you know what is held about you and can verify it.

     

  • The right to rectification - to tell your therapist to make changes to your personal information if it is incorrect or incomplete.

     

  • The right to erasure (also called “the right to be forgotten”) - for you to request your therapist to erase any information they hold about you.

     

  • The right to restrict processing of personal data - you have the right to request limits on how your therapist uses your personal information.

     

  • The right to data portability - under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.

     

  • The right to object - to be able to tell your therapist you don’t want them to use certain parts of your information, or only to use it for certain purposes.

     

  • The right to lodge a complaint with the Information Commissioner’s Office - to be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.

     

​​

Full details of your rights can be found on the ICO's website. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

​​

If you wish to exercise any of these rights, please use the contact details given above.

​​

If you are dissatisfied with the response you can complain to the Information Commissioner's Office; their contact details are at: www.ico.org.uk​

bottom of page