How do we collect your personal information?
We collect your personal information from:
1 Contacting us through our contact page
2 subscribing to our newsletter
3 Making a booking for a therapy on our booking page
If you are under 16 please do not provide us with any of your information unless you have the permission of your parent or guardian to do so.
WHAT INFORMATION MAY BE COLLECTED ABOUT YOU?
The following types of personal information about you may be collected:
• Phone numbers
• Email address
• Services or treatment enquired about
• Information you provide us about your interests
• Information you have requested on a service and/or product and/or treatment
HOW YOUR PERSONAL INFORMATION MAY BE USED.
Use of personal information under EU data protection laws must be justified under one of a number of legal grounds and we are required to set out the grounds in respect of each use in this policy.
The main uses of your information are:
Customer Marketing – to respond to enquiries and to bring you news and offers.
Your personal data is not shared or used with third parties for use of third party marketing or applications.
HOW DO WE KEEP YOUR PERSONAL INFORMATION SAFE.
We use a variety of security measures, including encryption and authentication tools, to help protect and maintain security, integrity and availability of your information.
Although data transmission over the Internet or website cannot be guaranteed to be secure, we and our business partners work hard to maintain physical, electronic and procedural safeguards to protect your information in accordance with applicable data protection requirements. Our main security measures are:
• tightly restricted personal access to your data on a ‘need to know’ basis and for the communicated purpose only
• transferred collected data only in encrypted form
• highly confidential data stored only in encrypted form – e.g. credit card information
• firewalled IT systems to prohibit unauthorised access e.g. from hackers
• Permanently monitored access to IT systems to detect and stop misuse of personal data.
If you have a personal password which enables you to access certain parts of our websites or any other portal, app or service we operate, do not forget your responsibility for keeping this password confidential. We ask you not to share your password with anyone.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR.
We have a legal obligation to retain your records for 7 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish. Otherwise, we reserve the right to retain your records indefinitely in order to provide you with the best possible care should you need to see us at some future date.
Your records are stored-
- On paper, in locked filing cabinets, and the offices are always locked and covered by CCTV out of working hours.
- Electronically on our office computers. These are password-protected, backed up regularly, and the office(s) are locked and covered by CCTV out of working hours. Data is backed up at a secure external data site provider. This provider has given us their assurances that they are fully compliant with the General Data Protection Regulations. Access to this data is password protected, and the passwords are changed regularly.
- We also have CCTV cameras in operation in common parts of the clinic to protect staff, visitors, our computers and the premises. They are not used to store or record medical data or positioned within treatment rooms. Recordings are stored on cloud-based systems again under GDPR for a limited time. Access is only available by The Data Controller
- Administrative staff will not have access to your medical notes, just your essential contact details.
Use for marketing and Support:
We retain your personal information for as long as is necessary, but only for the relevant purpose that we collected it for. You retain the right to remove this consent at any point.
WHO MAY WE SHARE YOUR INFORMATION WITH?
Your information is kept secure and safe and will not be shared with any third parties.
Only the following people/agencies will have routine access to your data:
- The medical records service who store and process our files
- Your practitioner(s) in order that they can provide you with treatment
- Our reception staff, because they organise our practitioners’ diaries, and coordinate appointments and reminders (but they do not have access to your medical history or sensitive personal information)
- Other administrative staff, such as our bookkeeper.
Again, administrative staff will not have access to your medical notes, just your essential contact details.
How can I see what information you have about me?
Get in touch to ask for a copy of your information and have any mistakes corrected.
You will need to provide certified proof of ID such as:
Our therapists are self-employed and not employees of Nature Healing Nature Ltd t/a Fountain Therapies.
Your name and contact details will be passed to the therapist before your treatment. All medical records will be held by your therapist, unless otherwise stated, and held for 7 years to comply with insurance policies.
More details are available when you have your first appointment
HOW TO CHANGE YOUR PRIVACY PREFERENCES.
You can change your preferences, or withdraw your consent in relation to how we use your personal information in one of the following ways:
- by clicking on the unsubscribe link provided in the footer of the emails. Note that this removes you from the list but does not remove your personal data. For this you need to complete one of the following:
- email us directly at firstname.lastname@example.org
- by contacting us on +44 (0)1444 401 271
- by writing to us at
4 Fountain Mews, High Street, Handcross
West Sussex. RH17 6BH