GDPR: General Data Protection Regulation Policy. May 2018
This is the privacy notice of Nadapriya Yoga & Therapies LTD (company number 10715491).
Charlie (Charlotte) Merton, Yoga Teacher, Music Therapist & Crystal/ Sound Healer
Introduction
1 This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
2 We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website immediately.
3 We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party.
4 We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
5 Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
6 The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data. We do this now, by requesting that you read the information provided at knowyourprivacyrights.org
7 Except as set out below, we do not harvest, share, sell, or disclose to a third party, any information collected through our website.
What information is being collected?
As part of visiting me as a Yoga Teacher/Music Therapist/ Healing Practitoner we will need to have a record of your personal details, date of birth, address, telephone numbers, email and relevant medical information relating to your session. I do not keep any social media account information as part of your profile.
Personal data about your presenting symptoms and treatment provided will also be documented in detail. You have access to this information at all times.
All data will be held in a locked filing cabinet and kept for 6 years (up to 23 years of age in the case of children) as per the terms of my Professional and Public Liability insurance.
No client files are left on surfaces for other persons to read.
Who is collecting it?
Only I, Charlie Merton, will be collecting data at the start of your first session. Some information maybe requested by email or text message to ensure the smooth running of your appointment. On occasion data from relevant medical notes / letters and scans provided by you or with your express permission may also form part of the data collected and held by me.
How is it collected?
Collection of data will happen via pen and paper note taking, secure email, text messages, occasionally photographs, videos, and letters by mail. No personal data will be collected via social media.
Why is it being collected?
Data is collected to record, guide and supervise your progress and be able to communicate effectively with the you for the best outcomes. It is also used to compare progress week to week and to highlight changes, red flags, yellow flags, action to be taken and a detailed dialogue of treatment provided.
How will it be used?
Data will only be used to communicate appointments, session information, progress, relevant referrals, and relevant consented media.
Who will it be shared with?
Data is rarely used to communicate and be shared outside of the clinical environment. On occasion you maybe asked for permission for the information to be shared with another practitioner or medical service for referred treatment:
Full permission will be requested first.
Personal data will be sent by post or email separately to your treatment information and a personal allocated reference code will be used to ensure the individual cannot be identified without the 2 pieces of data recording being put together.
Client experiences (testimonials) can be shared with the public anonymously with full consent from the client themselves. This will be taken in on a consent form signed by the client prior to sharing.
What will be the effect of this on the individuals concerned?
There should be no data leakage with regards to clients.
No data is shared with 3rd parties without consented permission.
No data is sold to third parties for any reason.
No data is held on phones unless encrypted with a pin number / finger print recognition. No phones are left unattended. Lost / stolen phones need to be locked remotely to prevent 3rd parties reading any sensitive information.
All computers / laptops and tablets are locked with passcodes and not left unattended. Only individuals with permission to read notes can access this data.
Is the intended use likely to cause individuals to object or complain?
Nadapriya Yoga & Therapies LTD take data protection and privacy seriously and promote this philosophy to all the industry in relation to protecting client data.
The data mapping in place should never cause a client to object or complain. Any queries and requirements are taken seriously and honoured.