New EU regulations in force from 25th May 2018, known as the General Data Protection Regulation (GDPR now regulate how your personal information is held and used.
This notice tells you what personal information I hold and why and what your rights are. Once you read it please complete and sign the declaration/ statement of consent at the end.
LAWFUL BASIS FOR HOLDING AND USING CLIENT INFORMATION
As a full member of the Scottish Association of Spiritual Healers (SASH), I abide by the SASH Code of Practice and Ethics Framework. The lawful basis under which I hold and use your information is: Consent.
As I hold special category data (i.e. mental and physical health related information), the Additional Condition under which I hold and use this information is: to fulfill my role as a healing practitioner bound by the SASH code of practice and ethical framework.
WHAT INFORMATION I HOLD
I hold your personal details such as full name and contact details. I also hold mental, physical and well being information that you shared with me and gave me consent to hold so as to have access to your wellbeing history. These notes help me to offer you the best healing approach I can and will enable me to reflect and keep a record of the theme of our time together and of my healing interventions. These notes will contain your name without your surname and in some cases your initials.
HOW I USE YOUR PERSONAL INFORMATION
I do all I can to manage and protect your data, which I store only for specific purposes such as to provide you with up to date information on your appointments or to send you invoices and e-mails with booking or cancelation information or requested reading materials or articles. I always ask you what is your preferred mode of contact.
With your consent, I also retain potentially sensitive information on your health and wellbeing. This is treated as strictly confidential information and is kept anonymously. It will only be disclosed anonymously for any supervision purposes and in special cases, with specific written authorisation from you. These purposes may include: the writing and presenting of research and study material that include articles, chapters, book publication, and workshop and public presentations. In these special cases all personal information will be de-identified.
HOW LONG I RETAIN YOUR INFORMATION
I am required to securely retain your information for up to 6 years. After this time I will shred all your files.
PROTECTING YOUR PERSONAL DATA
I am committed to ensure that your personal data is secure. I keep hard copy client notes locked in a filling cabinet and have put in place a security password to prevent unauthorised access to my computers and telephone.
I will contact you using the contact preferences you give me in relation to:
- Appointment times
- Information required by yourself or related to what we discussed in the session.
GDPR gives you the following rights:
- The right to be informed how your information will be held and used.
- The right of access. To see your records of your personal information
- The right to rectification. To have changes made to your personal information if it is incorrect or in
- The right to erasure. You can for any information held about you to be erased.
- The right to restrict processing of personal data. You can request limits on how your personal information is used.
- The right to data portability. Under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
- The right to object. To tell me that you don’t want me to use certain parts of your information, or only to use it for certain purposes.
- Rights in relation to automated decision-making and profiling.
- The right to lodge a complaint to the Information Commissioner’s Office (ICO) if you feel your details are not correct, are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.
Full details of your rights can be found at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/. If you wish to exercise any of these rights, please use the contact details given above.
If you are dissatisfied with the response you can complain to the ICO. Their contact details are: www.ico.org.uk