The General Data Protection Regulation, which comes into force on 25 May 2018, is good news for UK & EU consumers. How a company collects, uses and shares personal data becomes much more transparent and the process more open – after all, information is power!
At Brighton Community Acupuncture our only direct contacts are people with people with a genuine interest in acupuncture and our acupuncture clients. We therefore do not hold a significant amount of data. However, we have made sure we are compliant where appropriate.
WHEN AND HOW WE COLLECT DATA
We currently have a carefully managed and appropriately segmented database. The acupuncture database holds simple records of patients – name, email address, postal address, phone number.
We will collect data through our contact form asking users for their name and email address.
If you wish to be removed from our database, please email us at email@example.com.
We will also hold CVs from applicants who have contacted us about advertised positions up to a period of 12 months from the application closing date. If you wish to remain on our CVs’ database beyond this period, please email us at firstname.lastname@example.org.
HOW AND WHY WE USE YOUR DATA
We will only use your data for marketing purposes (with your consent) by sending you emails about future classes, workshops and events from time to time. We do not share data with Third parties.
Any client records are held purely for the purposes of receiving the right treatment and are confidential and are covered by our code of ethics as a trained, qualified therapist.
1. You can choose not to provide us with personal data
2. You can ask us not to use your data for marketing
We will inform you (before collecting your data) if we intend to use your data to contact you in future about our services. You can opt out from marketing by emailing us at email@example.com.
3. You have the right to access information we hold about you
4. We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of other (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.
5. You have the right to make us correct any inaccurate personal data about you
6. You have the right to be ‘forgotten’ by us You can ask us to erase any personal data we hold about you, please email us at firstname.lastname@example.org.
7. You have the right to lodge a complaint regarding our use of your data
Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or on their website at www.ico.org.uk
HOW SECURE IS THE DATA WE COLLECT?
We will only store data electronically that is password protected on Google docs with the exception of confidential Integral Core Therapy Client records which will be kept in a locked room and will only be accessed by the therapist in relation to the Client's therapeutic appointments.
HOW LONG DO WE STORE YOUR DATA?
We will delete your personal data from our archives no later than 6 years from the last time you contacted us either in person, by phone, text message or email.