And as the following website and social media identities:
This policy sets out the basis on which any personal data I collect from you, or that you provide to me will be processed.
Please read the following carefully to understand how I will treat and regard your personal data.
Information that you provide by filling in the contact form on requesting services. This will include such information as full name (you and any child/children/other family members wishing to receive therapy), DOB, home address, telephone number and email address.
Therapy notes are kept of each appointment, as well as initial assessment/consultation notes.
I will also be holding any consent, agreement or risk documents that will be collected through the length of treatment.
If you contact me by phone, letter or email, records of the correspondence may be kept. My phone is password protected.
Payment - Payment will be made through PayPal or using BACS. Information needed for this will be collected and stored within the sites own security settings.
The booking system used for face to face appointments uses Fresha, delivered by Shedul who are GPDR compliant and only store information necessary to book and pay for the appointment.
Why do I collect this information?
So that I have a record of your attendance and a note of important factual information that may be of significance in your sessions. (It is a requirement of my insurance provider.)
It is also a requirement of EFT International to uphold Accreditation that notes are kept under GDPR guidelines.
In order to be able to communicate via phone, e-mail or post if necessary.
How do I store information?
Each client has their own identifiable folder within the secure setting. Initials and date are recorded as identifiable inform
Phone numbers and any messages received/sent will be stored on my phone’s own hard drive. My phone is password protected.
Disclosure of your information
There are a limited number of circumstances in which I may share personal data and other information with third parties.
Where required by the court of law,
If a client’s safety or that of a vulnerable adult or child is imminently at risk,
If a client requests and/or gives me consent to share their information with another health professional for the purposes of improving their care,
I may discuss some aspects of my client work with my supervisor who is an experienced practitioner also bound by the rules of confidentiality.
My insurance provider requires me to keep any client records for 7 years after completing treatment. After 7 years from completion of treatment sessions, all electronic data will be permanently deleted, and any hard copies shredded and disposed of.
Third Party information
Zoom/Skype are compliant with the EU-US Privacy Shield agreement. They also have a GDPR compliance statement on their websites. All sessions will be encrypted to include the video, audio and screen sharing.
Paypal may share minimal details that are needed to complete payment. These are stored securely on both sides of the transaction.
All Social Media sites, such as FB, Twitter and Instagram state that they are also GDPR compliant.
If you would like to: access, correct, amend or delete any personal information I have about you, you are invited to contact me at email@example.com and I will send the information to you within 40days of receiving your request.