If you have attended a workshop, received a consultation or massage or expressed interest in Lunar Healing Arts in the past, I may hold some information about you. This document outlines how that information is used and how I keep it secure. This notice does not provide exhaustive detail. However, I am happy to provide any additional information or explanation needed if I am able. Any requests for this should be sent to me at: firstname.lastname@example.org. I will endeavour to keep this Privacy Notice under regular review. This Privacy Notice was created in May 2018 in preparation for the changes in data protection within the EU.
What I Do
I am an Intuitive Coach, Massage Therapist, and Doula, with particular expertise in pelvic pain conditions, menstrual health, fertility, birthing and also postnatal replenishment. I support women through all stages of life, from menarche to menopause and beyond; offering specialist forms of massage, one-to-one consultations and workshops.
Please see the About Natalie page of the website for more detailed information.
How I Obtain Your Personal Data:
Information provided by you
You may have provided me with personal data in the following ways:
- Through email, over the telephone or by post
- By registering for/attending a workshop
- During a consultation or massage
- By completing a case history
- By signing a terms of engagement form
- By making online payment
- By opting to join my Mailing List. (*Please see new requirements for joining my mailing list below, the previous mailing list has been closed).
This may include the following information:
- Basic details such as name, address and contact details.
- Details of contact I have had with you such as appointment requests and correspondance.
- Health information including your previous medical history, dietary, lifestyle, supplement and medicine details, clinic notes and resources.
- Bank details.
I use this information in order to provide you with the best possible support, tailored to your individual needs. This means that the legal basis of my holding your personal data is for legitimate interest.
If you complete a ‘New client intake form’ I retain your personal data for up to 8 years unless your appointments span a longer time frame and it is relevant to keep your files for that duration. Personal data that I have received for any purpose shall not be kept for longer than is necessary to fulfil its collection purpose or to satisfy a legal purpose. If there has been a long gap between appointments, I may require you to complete a new intake form to ensure that what I offer is still appropriate for you.
From this time forward, all intake forms will include a paragraph on data protection. My current practice is to send the intake form by email and for completed forms to be emailed back to me prior to the appointment, to maximise the time available during the session. If preferred, the form can be printed out, filled in and posted instead, so as long as it arrives in good time for your appointment. You are at liberty to leave any questions on the form blank. However, the more information you give, the more I can tailor the massage/consultation to your particular requirements. The information received is confidential, for my professional use only and I do not share it.
Information I get from other sources
Unless a partner or family member freely shares any information about you, I do not obtain information from any other sources.
How I use your personal data
I act as a data controller for use of your personal data to provide the best service I can. I undertake at all times to protect your personal data, including any health and contact details, in a manner which I understand to be consistent with my duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection.
In rare circumstances, I may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime. Also where there is a legal requirement such as a formal court order.
Prior to the new data protection changes, I had a mailing list and used Mailchimp to send out occasional mailings. If you were on my mailing list, you will have received an email on the 3rd April 2018 explaining that to ensure compliance with the new GDPR regulations my mailing list was being deleted and a new one begun in May. To join the new mailing list going forward you will need to ‘opt in’. If you haven’t done this and would like to, please email me to let me know. You can simply send me an email to email@example.com and cut and paste the following: I would like to join your mailing list. The new mailing list will be started after the 25th May 2018. I also have a Face Book Page where I post upcoming workshops as well as relevant articles: https://www.facebook.com/LunarHealingArts/
Do you share my information with other organisations?
I will keep information about you confidential. I will only disclose your information with other third parties with your express consent with the exception of the following:
- Any legal or crime prevention agencies and/or to satisfy any regulatory request if I have a duty to do so or if the law requires me to do so.
I will seek your express consent before sharing your information with your GP or other healthcare providers. However if I believe that your life is in danger then I may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests.
What are your rights?
Every individual has the right to amend, delete or have a copy of data held that can identify you, with some exceptions.
If you want to access your data you must make a subject access request in writing to me at: firstname.lastname@example.org. In special circumstances, some information may be withheld. I shall respond within 20 working days from the point of receiving the request and all necessary information from you. My response will include the details of the personal data I hold on you including:
- Sources from which I acquired the information
- The purposes of processing the information
You have the right, subject to exemptions, to ask to:
· Have your information deleted
· Have your information corrected or updated where it is no longer accurate
· Receive a copy of any of you personal data that I have.
· Object at any time to the processing of personal data concerning you
I do not carry out any automated processing of your data.
What safeguards are in place to ensure data that identifies me is secure?
I only use information that may identify you in accordance with GDPR. This requires me to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.
As a health professional, I also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. I will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
I also ensure the information I hold is only stored in my email, not on my desktop. My computer is password protected and I do not store files on my desktop other than when I am downloading them to view. Any paperwork is kept in a locked filing cabinet. I am looking into email encryption and will update this policy when I have understood the best way to do this.
How long do you hold confidential information for?
All records held by me will be kept for up to 8 years. Names and emails may be kept beyond this time, unless you ask that they be deleted. Likewise with the mailing list, if you opt in to the new mailing list, you will remain on the mailing list unless you request to be removed from it, which you can do at any time. If in the future the mailing list ceases to exist, your contact details will also be erased.
Website technical details
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout
Like with many websites, I have previously enabled the use of analytics software in order to help understand the trends in popularity of my website and of different sections. I have made no use of this information gathered other than for personal interest. However, in order to comply with the GDPR changes, I have now disabled the Performance and Analytic cookies on this website and disabled the Activity Log. If this changes for any reason in the future, I will update this policy.
If you have a complaint regarding the use of your personal data then please contact me at: email@example.com and I will do my best to help you.
Changes to the policy