Peter Zealley - Craniosacral TherapistHelping you to heal in body and mind
This policy covers the collection, processing, retention and disposal of data by myself, Peter Zealley, in relation to my craniosacral therapy practice. For the purpose of the General Data Protection Regulations (GDPR), I am the ‘data controller’.
MY COMMITMENT TO YOU
I am committed to protecting your privacy and complying with the data protection regulations in the UK. I collect the minimum amount of data that I require to carry out my work with you effectively. I am happy to answer any questions, or concerns, you may have about the information I hold on you.
WHAT PERSONAL INFORMATION I WILL COLLECT AND PROCESS
I will collect your contact details – name, address and telephone numbers, so that appointments can be arranged and progress reviewed. I do not take email addresses. I also collect date of birth, occupation and GP details. I take a detailed medical case history and some personal details as deemed relevant to your presenting medical complaint and health. I write up paper medical notes after each session in sufficient detail to cover my clinical findings and conclusions, treatment and advice given, your reactions and response to treatment – improvements, concerns, adverse reactions and complaints are noted. I do not make electronic case notes.
HOW I STORE YOUR PERSONAL DATA
All personal data is stored on paper record sheets in a locked filing cabinet and in my locked home office. Email communications are deleted once read. If they contain relevant information to your case history, I may print them before deletion and keep the copy with your paper client records. I do not keep client telephone numbers on my mobile phone, hence if you leave me a text or message I may not know who you are. I do not keep electronic medical records.
HOW LONG I KEEP YOUR PERSONAL DATA FOR
I keep medical record sheets for a minimum of 15 years. If you have not returned to see me within 21 years, I may destroy them. I will not pass your medical records on to a third party after I cease working. They will be destroyed a year after I die.
HOW I WILL DISPOSE OF YOUR PERSONAL INFORMATION
Any personal information will be disposed of securely and confidentially.
SHARING OF YOUR PERSONAL INFORMATION
I will not pass on your personal/medical information to a third party unless this is required by law, for safeguarding, or in a medical emergency. I will pass on copies of my medical notes to an insurance company regarding a claim, if I have your written consent passed onto me by the insurance company concerned.
YOUR RIGHTS REGARDING THE DATA I HOLD ON YOU
You have the right to:
- Be informed that your data and information is held and in what form
- Have access to your personal data on request and without charge
- Have your data updated and corrected
- Object. Have your personal data deleted if there is no reason for its continued storage and processing.
- Appeal. If you are unhappy with how I am holding your data you can appeal, initially to me. The final and legal right is to the Information Commissioners Office (ICO)
Further details about your rights under data protection legislation can be found on the ICO’s website at https://ico.org.uk/
MY ICO REGISTRATION
I am registered with the ICO’s office under the registration reference number: ZA753786
MY WEBSITE AND COOKIES
MY TOPSHAM PRACTICE, X0
If I have ever treated you at X0 (previously called ‘Remedies’), it is most likely that your name and telephone number are held on their data base. XO send out automated reminder texts to your mobile phone the day before a treatment. Please inform them and me if you don’t want this to happen. I have no need for you to leave an email address with X0. Only consent to doing this if you wish to receive offers, newsletter, etc, from their business. There is a CTV camera active in the reception area of X0. The purpose of this camera is for security at night when the clinic is closed, but it is still active during the day. This data should only be available to the clinic owner, Stefan Haderlein, who has his own GDP policy. Contact the clinic if you have concerns and speak to the receptionist if you wish to wait away from the reception area. Technically the clinic is known as the ‘data processor’; unless you are a client of them too, in which case they are also a ‘data controller’.