General Data Protection Regulation (GDPR) Privacy Notice
Under the current data protection law, you, as a client of EnerQi Acupuncture & Reiki Clinic, have specific rights. To communicate these rights to you in a clear and concise manner, I am providing you with this privacy notice.
The personal data I process and what I do with it
All of the information you share with me is stored in a paper format, in your patient file, locked in a storage cabinet.
The only electronic data is that which you send to me via a mobile phone or email. This is printed out or noted in your patient file and then deleted from my mobile phone or laptop. My mobile phones and laptops are password protected.
Whose information does this privacy notice apply to?
This applies to my current clients, prospective clients and former clients.
What is personal data?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in my possession or likely to come into such possession. Examples of personal data I may hold about you include your contact and appointment details.
What information do I store and collect?
I use your name, telephone number and email address to make and rearrange appointments. I am unable to send or receive encrypted emails so you should be aware that any emails I send or receive might not be protected in transit. I will also monitor any emails sent to me, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send me is within the bounds of the law.
I keep an electronic diary, which records all appointments in my clinic, for tax purposes and to secure potential evidence in the event of a criminal prosecution, civil litigation, insurance claim or complaint to The British Acupuncture Council.
I may use your date of birth and address to help identify patients with the same name to avoid mistakes being made, as to safe and appropriate treatment, for identification purposes if referring a patient to another health practitioner, and for identification purposes if writing to a registered medical practitioner (with your permission) so that they correctly identify the patient.
For the purposes of making a full traditional diagnosis, formulating a treatment strategy and treatment planning I collect your presenting complaint, symptoms, medical and family history as you report. I review these records to see how you are progressing. I record any advice or information I have given you
I record your GP’s name and address in the event that I may need to contact your GP in an emergency and because it is a mandatory requirement in the British Acupuncture Code of Professional Conduct
Before any treatment is carried out, clients are made fully aware of what to expect from treatment and will be asked to sign an informed consent form, which includes the current GDPR regulations. Only after consent is given will treatment be carried out. All consent forms are stored to secure evidence in the event of a civil claim, criminal prosecution, insurance claim or complaint.
When someone visits my website I do not collect personally identifiable information. No user-specific data is collected. I use a third party service to help maintain the security and performance of my website.
Sharing your personal data
Your personal data will be treated as strictly confidential, and will only be shared with:
named third parties with your explicit consent;
relevant authority such as the police or a court, if necessary for compliance with a legal obligation to which we are subject e.g. a court order;
your doctor or the police if necessary, to protect yours or another person’s life;
the police or a local authority for the purpose of safeguarding a children or vulnerable adults;
my insurance company in the event of a complaint or insurance claim being brought against me;
my solicitor in the event of any investigation or legal proceedings being brought against me.
For further details about the situations when information about you might be shared please see the Information Commissioner’s website at https://ico.org.uk/for-the-public/personal-information/sharing-my-info/
I can give you a copy of your patient questionnaire, consent form & treatment notes, if you put your request in writing. This request will be stored in your paper notes for a period of 7 years.
How long do I keep your personal data?
I keep patient records for a period of 7 years in accordance with the British Acupuncture Code of Professional Conduct. Paper notes will then be shredded if you have ceased visiting the clinic.https://www.acupuncture.org.uk/public-content/effective-practice/bacc-professional-codes.html
If there are any changes to your personal data your patient questionnaire form will be up dated.
Please contact me in the first instance if you have a query about your personal data
57 Basepoint Business Centre
Tel: 01793 608776
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.