The policy sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website and website owners. Furthermore the way this website processes, stores and protects user data and information will also be detailed within this policy.
This policy also outlines the use and handling of client information should you choose to see Caiti Buck Acupuncture for treatment.
This notice is to explain why I collect your personal data and what I do with, in accordance with the General Data Protection Act 2018 (GDPR).
Your privacy is of utmost importance. I am currently taking steps to become fully GDPR compliant.
Why I hold your data
I need to collect personal information about your health in order to provide you with acupuncture treatment. Your requesting treatment and our agreement that I provide it constitutes in law an unwritten contract
I have a legitimate interest in collecting that information as with it I couldn’t practice acupuncture effectively and safely. This is covered by GDPR Special Category (article 9)
I keep records of your contact details because I need to be able to contact you regarding appointments or update you on matters related to your health care which I will do by either phone, text or email.
What I do with the data I hold
Personal data and case notes are hand written and stored in a lockable filing cabinet. When on the move, they are kept safe.
I hold a paper diary for appointments and bookkeeping purposes. This is kept safe.
I have a legal obligation to keep these records for 7 years for an adult or until the age of 25 in the case of a minor. If I am no longer seeing you beyond this time records are disposed of by shredding. This is a mandatory requirement by the British Acupuncture Council.
Information which you supply on the forms on the website is emailed directly to me, not stored on the website. I keep the emails for up to a year after treatment finishes.
The contact details form and email communication is cloud based and encrypted, provided by a reputable company and computers and mobile phone are both password protected and encrypted. No personal information is held on my computer.
With your permission your contact details only will be held at reception at Hambledon Health and on the MindBody booking system at Neal’s Yard. This is for the sole purpose of booking/cancelling appointments.
If you pay by debit card or credit card at Neal’s Yard, Salisbury they take your name for monitoring of payment purposes.
Apart from these exceptions your personal data will be treated as strictly confidential, and will be shared only
- with named third parties with your explicit consent usually if I am referring you to another complementary health practitioner
- with the relevant authority such as the police or a court, if necessary for compliance with a legal obligation to which we are subject e.g. a court order
- with your doctor or the police if necessary to protect yours or another person’s life
- with the police or a local authority for the purpose of safeguarding a children or vulnerable adults; or
- with my regulatory body, the British Acupuncture Council, or my insurance company in the event of a complaint or insurance claim being brought against me; or
- if my solicitor in the event of any investigation or legal proceedings being brought against me.
With your permission I may occasionally send you individualised health information by phone, text or email.
With you permission I may occasionally I may send you information regarding change of clinic details; a newsletter or marketing material regarding special offers.
Accessing your data
You may at any time request access to the personal data held on you and we are obliged to provide that information to you with a period of one month.
You can visit this page to request to view, update your consent for emails or report a data breach, if you are concerned that one a has taken place.
Hambledon Health firstname.lastname@example.org
If you feel I have dealt with or managed your personal data inappropriately, you have the right to lodge a complaint with the Information Commissioners Office (ICO)
This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.
Contact and communication
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. I also adhere to the General Data Protection Regulations (GDPR) 2018. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.
Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website. External links are clickable text / banner / image links to other websites.
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
To exercise all relevant rights, queries of complaints please in the first instance contact email@example.com . You can contact the Information Commissioners Office on 0303 123 1113 or via email ico.org.uk/global/contact-us/email or at the Information Commissioner’s Office
Date: February 2019
Edited and customised by: Caiti Buck