PRIVACY STATEMENT (UK)
General Data Protection Regulation (GDPR)
This privacy statement was last updated on 15th October, 2021 and applies to citizens and legal permanent residents of the United Kingdom.
In this privacy statement, we explain what we do with the data we obtain about you via www.wholistic-health.co.uk and via any subsequent purchased services. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:
we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
we first request your explicit consent to process your personal data in cases requiring your consent;
we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
we respect your right to access your personal data or have it corrected or deleted, at your request.
If you have any questions, or want to know exactly what data we keep of you, please contact us on firstname.lastname@example.org
Why Do We Need To Keep Personal Information?
Individuals attend the clinic to obtain help, treatment, guidance and advice on health and lifestyle.
Obtaining personal information from the patient in respect of their contact details, their personal and family health histories, and their lifestyle choices are necessary in order to provide the advice and guidance requested. Financial information is necessary in order to process payments for the services provided. All personal information is processed lawfully, fairly and in a transparent manner. Personal data is held by Wholistic Health by Lara with the express consent of the client. Our lawful basis for processing personal information is legitimate interests. Information is collected: via a questionnaire completed by the patient; during a personal consultation; through email; via a website; over the telephone or by post; by taking card and online payments. Wholistic Health by Lara is a data processor and controller for the personal data it processes. No decisions are made by automated means.
What Information Is Held?
The personal information held contains the following information:
Contact details: name, address, date of birth, landline telephone number, mobile telephone number, email address, preferred method of contact, next of kin, who you live with.
Health Information: personal and family health history, lifestyle and social circumstances, physical and mental health details, GP contact details, any testing and reports provided by the client, or ordered on behalf of the client. Details as to conditions / diagnoses and recommended natural and nutritional support.
Financial details: invoices for goods and services provided, payments made and any outstanding debt. Merchant copies of credit card receipts are kept for accounting records.
Other information: Employment details. Referrals and appointment records. Similarly related details in order to best support your goals and service you.
What Form Does The Information Have And Is It Secure?
Personal data is held in a variety of forms:
The clinician may make notes using a laptop or written notes: data is stored on a secure hard drive or in a locked file.
Online: personal information is held on digital software programmes for diary/calendar, invoicing and accountancy processing.
Information may be held in email format, provided by the client and held within the online emailing system.
Website: Contact details and financial payment information is obtained via our website for ease of contacting you.
All online , cloud storage and external hard drive data is encrypted and protected by logins and passwords. All of our external data processors that support us (such as Paypal and our booking and financial software providers) are legally and contractually bound to operate and prove security arrangements are in place to protect personal information – we recommend you review their terms and conditions independently.
How Long Is Information Kept?
This information is held in accordance with guidelines issued by our professional bodies, including GDPR, and in accordance with the requirements of our insurers.
With Whom Do We Share Data?
Personal contact information and financial information provided by the client is processed by your Naturopathic and Nutritional Therapist and finance/book keeping staff and accountants. The Therapist manages health data , personal data and other information necessary for the consultation and they have to follow the common law duty of confidence: Where information is given by the patient in confidence it is treated as confidential and protected accordingly. In specific circumstances, the Therapist may need to contact your GP. By engaging with Wholistic Health by Lara, you are consenting to the sharing of specific information with your GP where deemed necessary, throughout the duration of our professional relationship. You may discontinue your engagement with Wholistic Health by Lara at any time and must notify us in writing.
None of the Information is Shared with Other Organisations Except:
Contact details will be provided to suppliers of products that the patient wishes us to order on their behalf.
Contact details will be provided to organisations that provide health testing facilities such as blood testing.
In specific circumstances, the Therapist may need to contact your GP. By engaging with Wholistic Health by Lara, you are consenting to the sharing of specific information with your GP where deemed necessary, throughout the duration of our professional relationship. You may discontinue your engagement with Wholistic Health by Lara at any time and must notify us in writing.
In all cases the patient provides permission to do so. Anonymous information concerning particular health issues and case histories may be shared with peers for the purpose of professional development or during the writing of anonymous case studies.
Personal data may be shared where there is an overriding public interest in doing so, for instance, to safeguard an individual, or to prevent a serious crime. We do not share any information for marketing purposes.
What Are Your Rights?
An individual has the right to withdraw from consent to us holding their information and also has the right to request that personal data is kept in a particular form. However, that may result in the business relationship being unable to continue as the information in its current form is necessary for the desired outcome. An individual has the right to have their personal information rectified if it is inaccurate or incomplete. An individual has the right to have their personal information deleted, with some exceptions. An individual has the right to access their information. Requests for access must be in writing, by letter or email. We will comply with the request for information within 1 month. Access can be given to examine the records free of charge. If you would like to invoke any of your rights please contact email@example.com