This page informs you of Julia Mandle Homeopathy Clinic’s policies regarding the collection, use, and disclosure of personal data when you use this website and the choices you have associated with that data.
Types of Information Collected:
- Personal Information
While using our Website, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Information”). Personally identifiable information may include, but is not limited to:
•First name and last name
•Cookies and Usage Data
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
2. Usage Data
We may also collect information how the website is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
3. Tracking Cookies Data
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Website.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Website.
Use of Information
When you supply any personal information to juliamandleclinic.com (e.g. for request for services or information) we have legal obligations towards you in the way we use that data. We must collect the information fairly, that is, we must explain how we will use it and will tell you if we want to pass the information on to anyone else. In general, any information you provide to Healthy Homeopathy will only be used within Julia Mandle Homeopathy Clinic. Your information will be disclosed where we are obliged or permitted by law.
The collected data is used for various purposes:
•To provide and maintain our Website
•To notify you about changes to our Website
•To allow you to participate in interactive features of our Website when you choose to do so
•To gather analysis or valuable information so that we can improve our Website
•To monitor the usage of our Website
•To detect, prevent and address technical issues
•To provide you with news, special offers and general information through our newsletter.
Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)
Julia Mandle Homeopathy Clinic may process your Personal Data because:
•We need to perform a contract with you
•You have given us permission to do so
•The processing is in our legitimate interests and it’s not overridden by your rights
•To comply with the law
Retention of Information
We will ensure that all personal information supplied is held securely, in accordance with the Data Protection Act, 1998.
Julia Mandle Homeopathy Clinic will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Website, or we are legally obligated to retain this data for longer time periods.
How Long I Retain Your Information for
I will keep your information for the following periods:
- 7 years after cessation of treatment, for insurance purposes
- 8 years after cessation of treatment, for CNHC requirements
Your data will not be transferred outside the EU without your consent.
Transfer Of Information
Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Information, to United Kingdom and process it there.
Disclosure of Information
Disclosure for Law Enforcement
Under certain circumstances, Julia Mandle Homeopathy Clinic may be required to disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Julia Mandle Homeopathy Clinic may disclose your Personal Information in the good faith belief that such action is necessary to:
•To comply with a legal obligation
•To protect and defend the rights or property of Julia Mandle Homeopathy Clinic
•To prevent or investigate possible wrongdoing in connection with the Service
•To protect the personal safety of users of the Website or the public
•To protect against legal liability
Security of Information
The security of your information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
Your Data Protection Rights Under General Data Protection Regulation (GDPR)Rights
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Julia Mandle Homeopathy Clinic aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
GDPR gives you the following rights:
- The right to be informed:
To know how your information will be held and used (this notice).
- The right of access:
To see your therapist’s records of your personal information, so you know what is held about you and can verify it.
- The right to rectification:
To tell your therapist to make changes to your personal information if it is incorrect or incomplete.
- The right to erasure (also called “the right to be forgotten”):
For you to request your therapist to erase any information they hold about you
- The right to restrict processing of personal data:.
You have the right to request limits on how your therapist uses your personal information
- The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
- The right to object:
To be able to tell your therapist you don’t want them to use certain parts of your information, or only to use it for certain purposes.
- Rights in relation to automated decision-making and profiling.
- The right to lodge a complaint with the Information Commissioner’s Office:
To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.
Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
If you wish to exercise any of these rights, please use the contact details given above.
- if you don’t agree to your therapist keeping records of information about you and your treatments, or if you don’t allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you
- Your therapist has to keep your records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed
Website Service Providers
We may employ third party companies and individuals to facilitate our Website (“Service Providers”), to provide the Website on our behalf, to perform Service-related services or to assist us in analyzing how our Website is used.
These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
You can unsubscribe from our newsletter via the ‘Unsubscribe’ link at the bottom of every newsletter. You can also change your preferences using the link at the bottom of every newsletter. You can also write to us at any time and ask us to completely ‘forget’ any information Mailchimp holds in connection with you. Write to us at firstname.lastname@example.org
We use Google Analytics to monitor and analyze the use of our Website. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Website. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/
Links to other websites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Our Website does not address anyone under the age of 16 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 16. If you are a parent or guardian and you are aware that your Children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children without verification of parental consent, we take steps to remove that information from our servers.
By email: email@example.com
DATA PROTECTION POLICY
Scope of the policy
Why this policy exists
This data protection policy ensures that JM:
- complies with data protection law and follows good practice
- protects the rights of patients
- is open about how she stores and processes patients’ data
- protects herself from the risks of a data breach
Data protection principles
The General Data Protection Regulation identifies 8 data protection principles.
Principle 1 – Personal data shall be processed lawfully, fairly and in a transparent manner
Principle 2 – Personal data can only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Principle 3 – The collection of personal data must be adequate, relevant and limited to what is necessary compared to the purpose(s) data is collected for.
Principle 4 – Personal data held should be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate are erased or rectified without delay.
Principle 5 – Personal data which is kept in a form which permits identification of individuals shall not be kept for longer than is necessary.
Principle 6 – Personal data must be processed in accordance with the individuals’ rights.
Principle 7 – Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Principle 8 – Personal data cannot be transferred to a country or territory outside the European Union unless that country or territory ensures an adequate level of protection for the rights and freedoms of individuals in relation to the processing of personal data.
Certain of these principles are expanded upon in the sections that follow.
Lawful, fair and transparent data processing
JM requests personal information from patients and potential patients for the purpose of consulting with them and providing them with advice and guidance on homeopathic treatments. The forms used to request personal information may contain a privacy statement informing patients and potential patients why the information is being requested and what the information will be used for. Patients should be asked to provide consent for their data to be held and a record of this consent along with patient information will be securely held. Patients will be informed that they can, at any time, remove their consent and will be informed as to what to do should they wish to do so.
Processed for Specified, Explicit and Legitimate Purposes
Patients will be informed how their information will be used and JM will seek to ensure that patients’ information is not used inappropriately. Appropriate use of information provided by patients includes:
- Communicating with patients in order to make, change or cancel consultations
- Assessing the conditions and issues reported by patients and devising and prescribing relevant remedies and therapies.
JM will ensure that patients’ information is managed in such a way as to not infringe an individual’rights which include:
- The right to be informed
- The right of access
- The right to rectification
- The right to restrict processing
- The right to data portability
- The right to object.
Adequate, Relevant and Limited Data Processing
JM’s patients will only be asked to provide information that is relevant to support consultations and prescription. This includes:
- Date of birth
- Postal address
- Email address
- Telephone number
- Medical history.
Where additional information may be required, this will be obtained with the specific consent of the patient who will be informed as to why this information is required and the purpose for which it will be used.
There may be occasional instances where a patient’s information needs to be shared with a third party due to an accident or incident involving statutory authorities. Where it is in the best interests of the patient or of JM, in these instances where JM has a substantiated concern then consent does not have to be sought from the individual.
Accuracy of Data and Keeping Data up to Date
JM has a responsibility to ensure that patients’ information is kept up to date. Patients will be required to let JM know if any of their personal information changes.
Accountability and Governance
JM is responsible for ensuring that her practice remains compliant with data protection requirements and can provide evidence that it has. For this purpose, those from whom data is required will be covered by the legal base of ‘legitimate interest’. Where data is to be shared, explicit consent will be obtained from the patient and this consent will be formally recorded. This will be completed prior to any action being taken.
JM has a responsibility to ensure that data is both securely held and processed. This includes:
- using strong passwords for information held within computer systems
- restricting access to computer and paper-based files
- using password protection on laptops and PCs that contain or access personal information
- using password protection or secure cloud systems
- providing adequate virus-protection and firewall software to secure computer-based systems.
Subject Access Request
JM’s patients are entitled to request access to the information that is held by them. The request needs to be received in the form of a written request to JM.
On receipt of the request, the request will be formally acknowledged and dealt with within 14 days unless there are exceptional circumstances as to why the request cannot be granted. JM will provide a written response detailing all information held on the individual. A record shall be kept of the date of the request and the date of the response.
Data Breach Notification
Were a data breach to occur, action shall be taken to minimise the harm. JM will inform any patients where she believes their personal information has been compromised. Where necessary, the Information Commissioner’s Office will be notified.
If a patient contacts JM to say that they feel that there has been a breach by JM, she will ask the patient to provide an outline of their concerns. If the initial contact is by telephone, JM will ask the patient to follow this up with an email or a letter detailing their concern. The concern will then be investigated fully and a response made to the patient. Breach matters will be subject to a full investigation, records will be kept and all those involved notified of the outcome.
Policy review date: Every 2 years