Under the new General Data Protection Regulations (GDPR) in force from May 25th 2018, as a sole Practitioner I will assume the roles of both Data Controller and Data Processor, which means that I take full responsibility for collecting my Clients individual data and that I am responsible for managing it and protecting it to the best of my ability.
When you work with me in any capacity you can be assured that any information that you choose to share with me is completely confidential and is stored by me as securely as it possible for me to do. In my role as Data Controller and Processor I undertake to take all reasonable measures to:-
- Comply with data protection law and follow good practice
- Protect the rights of my Clients
- Inform my Clients about how their personal data is collected, stored and used
- Have a contingency plan in place in the event of a data breach
In order to give you a more detailed idea of how I do this, I have put together this document so that you are aware of my committment to treating your data with the utmost care and confidentiality.
As a Health Practitioner I confirm that I collect my Clients data for the sole purpose of assessing and understanding their Health and accordingly determining the most effective treatment plans for each Client. I do not share my Clients data with any third parties, (apart from the online tools listed below), with the exception of where there is compelling evidence to do so by a legal or statutory authority or in the interests of Public Health.
Sign up forms:-
If you choose to sign up with me on my website or any other platform, I ask for your name and your email address in order to either arrange a mutually agreeable time for us to set up my Free phone call offer or to send you my Free email newsletter, if you choose to receive it. In the case of the free phone call I ask you to provide your phone number or your Skype ID so that I can contact you for the free call. These details are currently stored by my contact management system ‘MailChimp’ – an automated system for designing email newsletters and managing subscribers. My account on Mailchimp is password protected. To the best of my knowledge, Mailchimp are GDPR compliant which means that they are legally bound by European Legislation to store your data securely and they are not allowed to pass your data on to any third parties without your permission. You can choose to unsubscribe to the Newsletter at any time by clicking the ‘Unsubscribe’ button at the bottom of each newsletter.
When you work with me I email you an information sheet or QTT Process Agreement for you to complete and email back to me in advance of your booking. I ask for your name, phone number, email address and home address – I do this in order to be able to contact you in case I have to rearrange a consultation or notify you of any changes to bookings you may have made with me.
My policy is, where ever possible, to conduct any communications made to me that include any personal details, via my business email service at firstname.lastname@example.org and email@example.com. I cannot be responsible for the confidentiality of messages via any social media platform so I must point out that this form of communication is at your discretion and is your responsibility. To the best of my knowledge Facebook and Instagram are GDPR compliant. Members of my Closed Facebook support group are to be guided by the pinned post at the top of the group page and can be assured that because the group is a ‘Closed Group’ although it will appear in searches and the membership list is public, all conversations conducted within it are private and therefore can only be seen by other members of the group and the Admin team. You may leave the group at any time.
I currently work with Paypal in order to process online payments for consultations or goods from my website shop. Here is a link to their Privacy Statement. https://www.paypal.com/ie/webapps/mpp/ua/privacy-full.
I also currently use Skype or Zoom to conduct online consultations, I do not record our consultations unless I have obtained the permission of the Client involved, therefore I do not store any recordings. The only record I hold is my handwritten notes of the consultation which are stored in my Clients case notes in a locked filing cabinet within my office which is also locked when I am not present. Here is a link to the two respective Privacy Statements https://privacy.microsoft.com/en-us/privacystatement
My business email is currently hosted by Mozilla, Thunderbird. My Clients use this email account to communicate with me and sometimes a consultation may be conducted via email. I print out all email dialogues and store them in the relevant Case notes, the emails are then deleted, where ever possible this is done within a 14 day period of receiving the emails. Here is a link to Mozilla’s Privacy statement.
My handwritten case notes:-
I take notes during your consultations with me either in person, on line or by telephone for the purposes of record so that I can refer to your notes to clarify details, monitor progress and to have a complete record of every aspect of your health. This is how Homeopathic remedies are prescribed and having this data is a necessary part of my job.
Your case file is kept in a locked filing cabinet in my Clinic room which is also locked and the only key is held by me . Your case file is never removed from my Clinic unless you have requested it to be.
I am obliged by law to keep your case notes on file for a period of 7 years from the time of your last consultation with me. In the case of Minors (under 16), I am obliged to keep records until they reach 18 and then for a further 7 years). I keep a summary of all consultations with clients with details of why you have consulted with me & the date, the prescription given & why it has been given, the follow up date and the cost of the consultation. You may request copies of these summary sheets at any time during the period that your records are being held by me and I will supply them within 14 days.
Currently I do not record consultations even online and promise never to do so without your express permission. I may ask to take a photo or for you to provide me with a photographic record of particular complaints in order to monitor changes, eg skin disorders or for the sake of identification purposes. These photos will be either printed within a 28 day period and added to your case file and the digital form either stored on my laptop in a password protected file or deleted, whichever you request.
In some cases I may need to consult with a professional colleague for a second opinion or for the purposes of personal supervision, (a recognised and valuable industry standard way of working). I promise that in these cases your identity is kept confidential and not revealed to anyone I may be consulting.
In some cases, most particulaly those of my Clients choosing to work with me using Homeopathic detox Therapy, I need to be provided with copies of detailed medical records of all medications, procedures and vaccinations. Copies of these records are stored with your case notes as outlined above. In the case of them being sent to me electronically, they will be printed and stored within 28 days and the electronic form deleted from my email. They are then stored securely electronically in a password protected file on my laptop with your permission.
Your right to update, correct or delete your data:-
If at any time you think that I am storing incorrect information about you or you wish to update, revise or have deleted any of your details please apply to me in writing to Rebecca Atkinson, Rockfield East, Firies, Killarney, Co Kerry, V93 FY91, Ireland. Applications by email, telephone, text or any other online method are not acceptable. Your application must be signed by you, and I may ask for further identification before any further action. Once I have verified your request I will action it within 14 days.
I have the right to refuse your application to delete in the following situations:-
- I need to comply with a legal obligation for the performance of a public interest task or exercise of Legal authority
- For Public Health purposes in the Public interest
- The exercise or defence of Legal claims
In the event of a data breach:-
- I will notify all Clients affected immediately
- I will take all appropriate steps to minimise any damage
- I will change all relevent passwords and secure any affected accounts.
- If applicable I will inform the Data Protection Commissioner
Please contact me at firstname.lastname@example.org if you have any queries regarding this statement.