Louise Bashall Privacy Notice
Why I collect your data and what I do with it
Under data protection law you, as a client, you have specific rights. To communicate these rights to you in a clear and concise manner, I am providing you with this privacy notice.
Who Am I?
I am Louise Bashall trading as The Body Compass Ltd, 26 Berkeley Square, Bristol, BS8 1HP telephone number 07909677434 or 0117 3701177, email address firstname.lastname@example.org. For the purposes of processing your personal data I am the Controller.
Data Protection Officer
As I record and use sensitive data I take the protection of this data very seriously. I have therefore appointed myself as Data Protection Officer, I am your first point of contact for any matters regarding your personal data I process. I can be contacted on 07909677434 or 0117 9744186, my email address is email@example.com and my postal address is as given above.
The Personal Data I Process and What I Do with It
I record and use the following categories of personal data which may include: name, address, telephone numbers, email address and information about your health.
Why do I collect this data?
I need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide it constitutes a contract. You can, of course, refuse to provide the information, but, if you were to do that, we would not be able to provide treatment.
I have a “Legitimate Interest” in collecting that information, because without it I couldn’t do my job effectively and safely.
I also think it is important that I can contact you in order to confirm your appointment with me or to update you on matters related to your medical care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest. Emails relating specifically to your health will be sent by encrypted email.
Provided I have your consent, I may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let me know by any convenient method.
Where is the data held and who has access to it?
1. Your records are stored on paper in a file that is stored in a locked room out of office hours.
2. Electronically (in the”cloud”) using a software company called Clinko who are fully compliant with GDPR.
3. My accountancy firm will have access to your name and essential contact details during the accounting process, but will not have access to your medical notes, or access beyond that time.
4. Occasionally I use MailChimp to provide a newsletter or information about an event, and that company therefore holds your name and email address. MailChimp is fully compliant with GDPR.
Sharing Your Personal Data
I only share your personal data with your explicit consent, where, for example I need to contact a third party and give them your contact details in order to resolve an insurance issue, or to communicate with your GP or Consultant. Where third parties are used by me to store your personal data, I ensure they are compliant with the data protection law and any such data is not stored outside of the EU.
Retaining Your Personal Data
Whilst you are client with me I will continue to store and use your personal data. Medical records will be held for 8 years after your last appointment, or to the age of 25 for minors. After this time, your records will be erased. Limited information will retained within our accounts systems indefinitely to maintain the integrity of the data.
As I process your personal data, you have certain rights. These are a right of access, a right of rectification, a right of erasure – provided the minimum time for storage had elapsed, and a right to restrict processing.
I want you to be absolutely confident I am treating your personal data responsibly, and that I am doing everything I can to make sure the people who can access that data have a genuine need to do so and are GDPR compliant.
Of course, if you feel I am mishandling your personal data in some way, you have the right to complain. Here are the details you need to do that:
FAO Data Protection Officer
22 North View
If you are not satisfied with my response, you then have the right to raise the matter with the Information Commissioner’s Office.
Automated Decision Making and Profiling
I do not use any system which uses automated decision making or profiling in respect of your personal data.