Rowan Holistic Health is committed to ensuring that your privacy is protected. Should you provide certain information by which you can be identified, it will only be used in accordance with this privacy statement.
This privacy notice sets our how Rowan Holistic Health collects, processes and protects any personal data that you provided via this website, by telephone, SMS text, email/electronic mail or clinic form. This is in accordance with the General Data Protection Regulation (GDPR) that came into force on May 25th 2018.
This policy is effective from May 1st 2018. It may change from time to time by updating this page, and you can check our website for the latest version or ask for a copy of the policy at any time by emailing [email protected] to ensure that you are happy with any changes.
Data controller: Judith Crook
Contact details: [email protected]
Telephone number: 07763 185413
What We Do
We provide holistic and complementary therapies including but not limited to clinical reflexology, aromatherapy and therapeutic massage to clients who wish to improve their physical, mental and emotional health We focus on preventative healthcare, and supportive and palliative care management of chronic conditions. We provide these services within the scope of our practice and qualifications. We do not treat, diagnose or cure medical conditions and do not give advice on prescribed medication. Our approach is holistic and complementary to health and wellbeing and can be applied alongside conventional treatment methods/care.
What Data We Collect - personal data provided by you
Personal data means any information that can directly or indirectly identify and individual. It does not include and anonymised data.
We may collect the following personal data from you:
We collect and process this data in accordance with the 'legitimate interest' condition. This means that the lawful basis of our holding your personal data is for legitimate interest.
Special Category Data/Sensitive Data
Special category data is personal data which according to the GDPR is considered more sensitive and therefore needs more protection.
Such data includes details about your race or ethnic origin, religious views and beliefs, sex life or sexual orientation, political opinions, trade union membership, information about your health and genetics and biometric data.
We collect the following sensitive data about you:
We use this information to provide you with healthcare support. Even though, we may seek your explicit consent for processing, our primary condition for processing is 'preventative healthcare and health management', and the lawful basis of our holding your personal data is for legitimate interest.
On occasions, we may also obtain sensitive data form other healthcare providers or individuals authorised by you to give out such information. The provision of this information is subject to you giving us your express consent. If we do not receive this consent form you, we will not be able to co-ordinate your healthcare with these providers.
We also understand that collecting, processing and holding your special category data requires us to comply with the "common law of confidentiality", independently of the GDPR regulations.
How We Collect Your Personal Data
We may collect your personal data in the following ways:
Our purpose of collecting your data through the above ways is to provide you with supportive healthcare, and the legal basis of our holding your personal data is for legitimate reasons.
Email: We use Gmail by Google, which is based outside of the UK. They have committed to complying with all applicable privacy laws, and details of their commitment can be found here: https://policies.google.com/privacy
Website: Our website is provided through PhD Interactive and their WebHealer solution. They do not hold any personal data on our behalf, and while any emails received via our website are done so via the WebHealer mail system, for privacy reasons they are not accessible to staff at WebHealer and are not stored on any of their systems. The full privacy statement form PhD Interactive can be found here> http://www.phdinteractive.co.uk/privacy/
How Long We Hold Your Personal Data
Following completion of your therapy treatment, we will hold records of your personal data for at least 7 years following the last occasion on which treatment was given. In the case of treatment to minors, we will keep the records at least 7 years after they reach the age of maturity(18)
This is in accordance with our profession association's and insurance company's policy, and it enables us to process any complaint you may make. In this case the lawful basis of our holding your personal data is for legitimate interests.
You have the right to object and the right to request your data to be erased. However, such requests will be declined under provisions of the General Data Protection Regulation (GDPR) which gives us the overriding right to hold your data in order to comply with legal obligations.
How We Use Your Personal Data
We act as a data controller for the use of your personal data to provide supportive healthcare. We also act as a controller and processor in regard to the processing of your data from third parties such as other healthcare providers.
We undertake at all times to protect your personal data, including any health, medical, identity and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data storage.
We may use your personal data where there is an overriding public interest in using information e.g. in order to safeguard an individual, or to prevent a serious crime. We will do this in accordance of the "vital interest" condition. We will also be obliged to share your data when there is a legal requirement such as a formal court order. This will be on the basis of "legal obligation"> We may use your data for marketing purposes such as newsletters, but this would be subject to you giving us your express consent.
Disclosure of Your Personal Data
We will keep information about you strictly confidential and will not disclose your data with other third parties without your express consent.
Exceptions to this apply for the following categories of third parties:
On occasions, we may share a brief summary of your health problems in an anonymised form for the purpose to seek a professional health opinion in order to provide you with better healthcare, or for the purpose of professional development. This may be at clinical supervision meetings, conferences, private and professional health forums. In such cases your personal data and identity will not be disclosed and will remain fully confidential. We will seek your explicit consent before processing your data in this way.
Your Legal Rights
Every individual has the right to see, amend, delete or have a copy of data held that can identify you, with some exceptions. You do not need to give a reason to see your data.
The General Data Protection Regulation (GDPR) defines the following rights in relation to your personal data:
To know how your information will be held and used (this notice).
To see your therapist's records of your personal information, so you know what is held about you and can verify it.
To tell your therapist to make changes to your personal information if it is incorrect or incomplete.
For you to request your therapist to erase any information they hold about you
Your have the right to request limits on how your therapist uses your personal information
Under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
To be able to tell your therapist you don't want them to use certain parts of your information, or only to use it for certain purposes.
To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don't have to be.
Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
If you wish to exercise any of these rights, please use the contact details given above.
If you are dissatisfied with the response you can complain to the Information Commissioner's Office; their contact details are at: www.ico.org.uk
Data Protection and Security
We only use information that may identify you in accordance with the GDPR. This requires us to process personal data only if there is a lawful basis for doing so and that any processing must be fair and lawful.
We have put in place appropriate security measures to prevent your personal data from being accessed, changed or used in an unauthorised way. We keep a paper copy of your personal data, including sensitive data in a secure filing system accessible only by us. We may also keep a copy of such data electronically on a laptop with encryption (which masks data so that unauthorised users cannot see or make sense of it). We use email providers who use encryption to secure cyber transit of your personal data and we take responsibility for the protection of your data upon receipt.
However, we do not take responsibility for the security measures you are taking when you provide your data to us electronically.
We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
Cookies are small pieces of data stored in encrypted text files and located in browser directories. Their purpose is to make the website easier to use, help analyse web traffic or remember your preferences for a single visit (through session cookies) or for repeated visits (through persistent cookies).
Our website contains links to third party websites operating their own terms and conditions and privacy policies. Rowan Holistic Health is not responsible for any content on third party websites.