Respecting your right to privacy is very important to me. That’s why I have set out a Privacy Notice below, in readiness for the introduction of the new data protection law (GDPR) on 25th May 2018.
The new regulations do not in any way alter what I use your personal information for, but the new Notice sets out everything as fully as possible, to make it easier for you to find out how I use and protect your information.
I never have and never will sell your information for marketing purposes to companies, and I use every reasonable means to ensure that I keep any personal information in a secure and confidential environment.
I respect your rights and follow the law. If you have any concerns or questions about how I look after your personal information, please contact me.
Do you know what personal information is?
Personal information can be anything that identifies and relates to a living person. This can include information that when put together with other information can then identify a person. For example, this could be your name and contact details.
Did you know that some of your personal information might be ‘special’?
Some information is ‘special’ and needs more protection due to its sensitivity. It’s often information you would not want widely known and is very personal to you. This is likely to include anything that can reveal your:
- sexuality and sexual health
- religious or philosophic beliefs
- ethnicity
- physical or mental health
- genetic/biometric data
Why do I need your personal information?
I need to use some information about you to carry out the legitimate interest of nutritional therapy, and this is one of the lawful bases on which I rely. Having your information enables me to carry out the work you have asked me to do to help you as part of our contract. That is to say, I need your information in order that I may carry out the contract of agreed services I do for you.
Where I have your consent, I may use your information to:
- Share with another therapist that I have referred you to
- share nutrition information via email
As I have consent to use your personal information, you also have the right to remove it at any time unless it is information that I have to hold by law. If you want to remove your consent, please contact me and tell me.
What you can do with your information.
The GDPR Law gives you a number of rights to control what personal information is used by me.
You have the right to ask for all the information I have about you . When I receive a request from you in writing, I must give you access to everything I have recorded about you.
This applies to personal information that is in both paper and electronic records.
If you can’t ask for your records in writing, I will make sure there are others ways that you can. If you have any queries about access to your information please contact me.
You can ask to change information you think is inaccurate.
You should let me know if you disagree with something written on your file.
You can ask to delete information (right to be forgotten)
In some circumstances you can ask for your personal information to be deleted, for example:
- Where there is no legal reason for the use of your information
- Where deleting the information is a legal requirement
Where your personal information has been shared with others, I will do what I can to make sure those using your personal information comply with your request for erasure.
Please note that I can’t delete your information where:
- I am required to have it by law
- it is necessary for legal claims
You can ask to limit what I use your personal data for
You have the right to ask us to restrict what I use your information for, where:
- you have identified inaccurate information, and have told me of it
- where I have no legal reason to use that information but you want me to restrict what I use it for rather than erase the information altogether
Who do I share your information with?
I never have and never will sell your personal information to anyone else. However, I may need to share your information with:
- a health professional like a doctor, but I will ask your permission first
- other professional health advisors
How do I protect your information.
I will do what I can to make sure I hold records about you (on paper and electronically) in a secure way, and I will only make them available to those who have a right to see them. Examples of my security include:
- Encryption of computer files, meaning that information is hidden so that it cannot be read without special knowledge (such as a password).
- Restricting access to personal information.
- Lockable filing cabinets and cases for all paper records, with access by me only
- A ‘clear desk’ policy, meaning I keep my desk and computer screen clear of all personal information when leaving my desk. At the end of the day, I will file away securely all personal information.
How long do I keep your personal information?
There is a legal reason for keeping your personal information for a set period of time and this relates to insurance, which is to protect you and to protect me. It is usual to keep health records for 7 years.
Where can I get advice?
If you have any worries or questions about how your personal information is handled please contact me on 01453 755483 or 07815 768753 or email hcranston@mac.com
For independent advice about data protection, privacy and data sharing issues, you can contact the information Commissioner’s Officer (ICO) at:
Information Commissioner’s Office:
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Tel: 0303 1231113 (local rate) or 01625 545745 if you prefer to use a national rate number.
Helen Cranston 