This document refers to:
- Written Documents
- Hardcopy case notes and files
- Text messages
- Supervision notes
- Visits to this website
- Social media communication
Aim and Purpose
The purpose of this document is to ensure that Caroline Wildman Holistics has a framework that ensures the rights and freedom of individuals in relation to their personal data and adheres to best practice in the management of client information and records. It sets out the way in which information collated by us is managed and ensures that any information collected:
- Is the right information
- Is in the right place
- At the right time
- With the right people
- For the right reasons
This is a live document and may be updated from time to time to reflect changes in the law and should therefore be revisited regularly to check for any updates.
Caroline Wildman Holistics is fully committed to ensuring clients’ privacy and data protection rights.
- Any data collected is solely for the purpose of providing a person-centred service to an individual client and stored ensuring any risks to personal and sensitive information are minimised.
- All records are identifiable, locatable, retrievable and intelligible according to regulations set out by GDPR.
- Any electronic devices where personal or sensitive, confidential information is held are password protected.
- Procedures have been put in place to ensure GDPR legislation is met.
Information may include:
- Personal details, including name, contact email address and telephone number
- Family, lifestyle and social circumstances
- Employment details
- Physical or mental health details
Data that is given to us by you
Caroline Wildman Holistics will collect your Data in a number of ways, for example:
- When you contact us through the Website, by telephone, e-mail or through any other means;
- When you enter a promotion through a social media channel;
- When you elect to receive marketing communications from us;
- When you use our services;
Data that is collected automatically
To the extent that you access the Website, data will be collected automatically, for example:
- Some information is automatically collected about your visit to the Website. This helps us make improvements to Website content and navigation, and includes your IP address, the date, times and frequency with which you access the Website and the way you use and interact with its content.
- Your Data will be collected automatically via cookies, in line with the cookie settings on your browser.
Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website. Specifically, Data may be used by us for the following reasons:
- internal record keeping;
- improvement of our products / services;
- transmission by email of marketing materials that may be of interest to you;
We may use your Data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances.
For the delivery of direct marketing to you via e-mail, we’ll need your consent, whether via an opt-in or soft-opt-in:
- Soft opt-in consent is a specific type of consent which applies when you have previously engaged with us (for example, you contact us to ask us for more details about a particular product/service, and we are marketing similar products/services). Under “soft opt-in” consent, we will take your consent as given unless you opt-out.
- For other types of e-marketing, we are required to obtain your explicit consent; that is, you need to take positive and affirmative action when consenting by, for example, checking a tick box that we’ll provide.
- If you are not satisfied about our approach to marketing, you have the right to withdraw consent at any time.
Please see the section headed “Your rights” below.
Privacy Notice: Use of information
In accordance with this data retention schedule there may be occasions when data is not destroyed due to ongoing investigation, ligation or enquiry. The data will be deleted upon confirmation that it is no longer required. On some occasions anonymised personal data will be retained when a client has provided a testimonial for use on Caroline Wildman Holistics’ website. When data is non-identifiable GDPR law is no longer applicable.
The lawful basis for processing data is where consent has been given in relation to communication; the individual has given clear consent for their data to be processed for the specific purpose/s detailed in the consent form stored in their personal file. Caroline Wildman Holistics does not require consent to hold your data to provide a service but does require your consent to contact you for specific purposes. Participating in the service by attending more than one appointment implies that you agree with the Terms and Conditions provided to you at the commencement of service delivery.
When an individual visits the website www.carolinewildmanholistics.co.uk, we use Google analytics who are considered a third party service, to collect information about what visitors do when they click on the website. Google analytics only collect non-identifiable data which means neither I nor they can identify who is visiting.
This Website may place and access certain Cookies on your computer. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law. Before the Website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling us to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.
Subject Access Request
A Subject Access Request (SAR) permits individuals to request a copy of their personal information. A SAR must be acted upon within one month, at the most within two months, any longer and reasonable reason must be provided. Applications for a SAR should be held alongside session records, unless application was made after six years of the end of treatment in which case the SAR will be held for a further two years after closure of SAR. A SAR request will include information we hold about you, Caroline Wildman Holistics will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
SAR requests should be put in writing to Caroline Wildman Holistics. A response may be provided informally over the telephone with your agreement, or formally by letter or email. If any information held is noted to be incorrect an individual can request a correction be made to their own personal information.
Under GDPR legislation (2018) regarding how your personal data is processed and stored, all individuals have:
- Right to access – the right to request (i) copies of the information we hold about you at any time, or (ii) that we modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is “manifestly unfounded or excessive.” Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.
- Right to correct – the right to have your Data rectified if it is inaccurate or incomplete.
- Right to erase – the right to request that we delete or remove your Data from our systems.
- Right to restrict our use of your Data – the right to “block” us from using your Data or limit the way in which we can use it.
- Right to data portability – the right to request that we move, copy or transfer your Data.
- Right to object – the right to object to our use of your Data including where we use it for our legitimate interests.
Right to Erasure
Any person may put in a request for their personal data to be removed (the ‘right to be forgotten’ or the ‘right to erasure’). Upon receipt of a request the data will be reviewed in accordance with the principles and details of the legislation as well as in accordance with statutory and insurance requirements. Caroline Wildman Holistics maintains the right to retain data where there is a clear statutory or insurance obligation to do so.
If there are no good reasons to retain the data then hard copy data will be shredded using a cross shredding machine and any electronic data will be permanently deleted. The client will be notified of the completion. The request for deletion of data and the confirmation of completion will be held securely until eight years after the request was made.
To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your data (where consent is our legal basis for processing your data), please contact us via: firstname.lastname@example.org
If you are not satisfied with the way a complaint you make in relation to your data is handled by us, you may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner’s Office (ICO). The ICO’s contact details can be found on their website at https://ico.org.uk.
It is important that the data we hold about you is accurate and current. Please keep us informed if your data changes during the period for which we hold it.
DEFINITIONS AND INTERPRETATION
Data collectively all information that you submit to Caroline Wildman Holistics via the Website. This definition incorporates, where applicable, the definitions provided in the Data Protection Laws.
Cookies a small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website.
Data Protection Laws any applicable law relating to the processing of personal Data, including but not limited to the Directive 96/46/EC (Data Protection Directive) or the GDPR, and any national implementing laws, regulations and secondary legislation, for as long as the GDPR is effective in the UK.
GDPR the General Data Protection Regulation (EU) 2018.
UK and EU Cookie Law the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.