In order to give professional Reiki and other Holistic Therapies I will need to gather and retain potentially sensitive information about your health and your contact details in order to contact you regarding appointments.
I also give you the option of receiving a monthly newsletter with information about my treatments, special offers and tips for holistic wellbeing. You may opt out of this at any time by replying to the email ‘no thank you’, upon receipt of this email I will delete your email address from my email contact list.
What information I hold and what I do with it.
Medical history and other health-related information (which I will take from you on or before first consultation and update as necessary). I will only use this for informing Holistic treatments and any advice I give as a result of your treatment.
This personal information will be held for a period of three years after the cessation of our reiki or holistic therapy relationship, except where there is a mutually agreed decision to retain it for longer or where I believe that it is in my best professional interests to do so.
I will hold your name, email address, telephone number and health-related information on your paper consultation form for a period of three years after our reiki or holistic therapy relationship ends and then I will destroy them.
If you are receiving treatments provided through your work place you may be asked by your employer to fill in my consultation form via email. This is usually then printed and given to me. You have the option to print the form and fill it in manually and hand it to me at the beginning of your treatment, avoiding the need to pass this information via your employer. Please discuss any concerns you have regarding this process with the person within your place of work who forwarded my consultation form to you.
My phone may retain summary records of calls made to or from your number (date and duration) and any recorded messages for a period of time. If you choose to receive monthly emails from me your email address will be stored on my yahoo contact list. The yahoo account is password protected.
If we communicate by text or by email, these records may be kept by my mobile phone provider for the period maintained by them. My mobile phone is a smart phone and could therefore also have your texts on it. The phone is password protected and details are stored in ‘the cloud’ so they can be restored if my phone is lost or stolen.
I will not share your information with anyone else (other than as required for legal process) without explaining why it is necessary and getting your explicit consent.
Lawful Basis for holding and using Client information
The lawful basis under which I hold and use your information is
my legitimate interests i.e. my requirement to retain the information in order to provide you with the best possible treatment options and advice
my requirement to hold your information for the legal reason of complying with my insurance
Protecting your Personal Data.
I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information I collect from you.
You have the right to ask to see any information held by me about you. To do this please either ask me or submit a request in writing. You also have the right to ask for information that you believe to be incorrect to be rectified. I will endeavour to provide you with the information requested within four weeks.
If I become aware of a situation where your personal information may have accidentally or maliciously been obtained by a third party I will notify you within three days of this coming to my attention.
If you are concerned about the way that your information is being held please discuss this with Stephanie Drane via email: email@example.com. If you are still unhappy you have the right to complain to the Information Commissioners Office. https://ico.org.uk
The GDPR provides the following rights for individuals:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.