FutuReflexology is a complementary healthcare studio whose sole therapist
Eni’s Privacy policy outlined below is a formal statement of the principles and guidelines concerning the protection of personal information provided to FutuReflexology, by its clients. With this privacy policy Eni wants to ensure her clients that she will constantly review all of her practices concerning the protection of personal information, and remain current with all legislation and technology, to meet both today’s and tomorrow needs of all her clients.
Client Personal Confidentiality
FutuReflexology provides complementary therapy whose success relies on collecting health- and lifestyle related information from clients.
The information to be held is:
- Contact details (email address, phone number, social media contacts)
- Medical history and other health-related information (which I will take from you at first consultation)
- Treatment details and related notes (which I will take after each consultation)
Eni will never reveal any of the information of an individual to anyone. Therefore any information related to any client including name, phone number, email address, or any other identifying information is never revealed to anyone. The data collected is used only for the purposes of the therapy and to collect supporting evidence for the success of the therapy for which it was collected and is not used for any other purpose.
Accountability
FutuReflexology is responsible for personal information under its control and sole practitioner Eni will be the data controller responsible for compliance with:
- Ensuring compliance with the provisions of the GDPR
- Implementing procedures to protect personal information (i.e. locked storage cabinet, shredder, limited access of third parties to the treatment premises)
- Establishing procedures to respond to any inquires or complaints made – through any means of communication – i.e. phone, internet, face-to-face.
- Allowing public access to FutuReflexology Privacy Code
Identifying Purposes for Collection of Personal Information
Eni shall identify the purposes for which personal information is collected at the beginning of the first session:
FutuReflexology collects potentially sensitive personal information to understand clients needs, lifestyle, attitudes, and preferences for complimentary therapy methods. This information sole purpose is to inform reflexology treatments, which Eni will offer, and associated recommendations concerning aspects of health and well being.
Obtaining Consent for Collection, Use or Disclosure of Personal Information
The knowledge and consent of a client is required for the collection, use or disclosure of personal information. FutuReflexology may only use or disclose personal information without the knowledge or consent in the case of an emergency where the life, health or security of an individual is threatened.
- In obtaining consent, Eni shall use reasonable efforts to ensure that the client is advised of the identified purposes for which the personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the client.
- Generally, Eni will seek consent to use and disclose personal information at the same time it collects the information;
- Eni will require clients to consent to the collection, use or disclosure of personal information, and will document proof of collection of consent.
Limiting Collection of Personal Information
FutuReflexology shall limit the collection of personal information to only that which is necessary for the purposes of best practice of reflexotherapy. FutuReflexology shall only collect personal information by fair and lawful means.
Limiting Use, Disclosure and Retention of Personal Information
FutuReflexology will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual. FutuReflexology will only retain personal information for as long as necessary for fulfillment of those purposes (7 years, as established by insurer).
FutuReflexology will maintain reasonable and systematic controls, schedules, and practices for information and records retention and destruction which applies to personal information that is no longer necessary or relevant for the identified purposes or required by law. Such information will be destroyed, erased, or made anonymous.
Accuracy of Personal Information
Personal information shall be as accurate, complete and up to date as is necessary for the purposes for which it is to be used.
Eni will update personal information about clients as and when necessary to fulfill the identified purposes or upon notification by the individual.
Security Safeguards
FutuReflexology shall protect personal information by security safeguards appropriate to the sensitivity of the information (paper records are kept in locked filing cabinet contact details are kept in password protected devices).
FutuReflexology will protect all personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction through appropriate security measures.
FutuReflexology will protect all data, regardless of the form in which it is held.
Openness Concerning FutuReflexology Privacy Policies and Practices
FutuReflexology shall make available its policies and practices relating to the management of personal information.
FutuReflexology will make information about its privacy policies and practices easy to understand.
Client Access to Personal Information
- Upon request, FutuReflexology shall afford clients a reasonable opportunity to review personal information in the individuals file. All personal information should be provided in an understandable form within a reasonable time and at a minimal or no cost to the individual.
- Upon request FutuReflexology will provide an account of the use and disclosure of the personal information, and where reasonably possible, shall state the source of the information.
- FutuReflexology shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy shall be noted in that individuals file.
Challenging Compliance
Eni shall be able to address a challenge concerning compliance with the above principles
- FutuReflexology shall maintain procedures for addressing and responding to all inquiries or complaints about FutuReflexology’s handling of personal information.
- FutuReflexology shall inform its clients about the existence of these procedures as well as the availability of complaint procedures
- The person(s) accountable for compliance with FutuReflexology’s Privacy Code (Eni) may seek external advice where appropriate before providing a final response to the individual
- FutuReflexology will investigate all complaints concerning compliance with the FutuReflexology Privacy Code. If a complaint is found to be valid, FutuReflexology shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures.
- A client shall always be informed of the outcome of the investigation regarding their complaint.
- A client may seek advice from GDPR expert at https://www.itgovernance.co.
uk/speak-to-a-gdpr-expert or by phone: +44 (0)333 800 7000