Louise Bashall Privacy Notice
I come from a country that takes data protection very seriously. Following along that vein, I will continue to uphold the same standards for your data as are the norm in the UK.
Why I collect your data and what I do with it
You as a client, you have a right to know what I do with your data. To communicate this to you in a clear and concise manner, I am providing you with this privacy notice.
Who Am I?
I am Louise Bashall trading as The Body Compass, 142 Richmond Road, Grey Lynn, Auckland, telephone number 021909354, email address email@example.com. For the purposes of processing your personal data I am the Controller.
Data Protection Officer
As I record and use sensitive data I take the protection of this data very seriously. I have therefore appointed myself as Data Protection Officer, I am your first point of contact for any matters regarding your personal data I process. I can be contacted on 021909354, my email address is firstname.lastname@example.org and my postal address is as given above.
The Personal Data I Process and What I Do with It
I record and use the following categories of personal data which may include: name, address, telephone numbers, email address and information about your health.
Why do I collect this data?
I need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide it constitutes a contract. You can, of course, refuse to provide the information, but, if you were to do that, we would not be able to provide treatment.
I have a “Legitimate Interest” in collecting that information, because without it I couldn’t do my job effectively and safely.
I also think it is important that I can contact you in order to confirm your appointment with me or to update you on matters related to your medical care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest. Emails relating specifically to your health will be sent by encrypted email.
I may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let me know by any convenient method.
Where is the data held and who has access to it?
1. Your records are stored on paper in a file that is stored in a locked room out of office hours.
2. Electronically (in the”cloud”) using a software company called Clinko who are fully compliant with GDPR.
3. My accountancy firm will have access to your name and essential contact details during the accounting process, but will not have access to your medical notes, or access beyond that time.
4. Occasionally I use MailChimp to provide a newsletter or information about an event, and that company therefore holds your name and email address. MailChimp is fully compliant with GDPR.
Sharing Your Personal Data
I only share your personal data with your explicit consent, where, for example I need to contact a third party and give them your contact details in order to resolve an insurance issue, or to communicate with your GP or Consultant. Where third parties are used by me to store your personal data, I ensure they are compliant with the data protection law and any such data is not stored outside of the EU.
Retaining Your Personal Data
Whilst you are client with me I will continue to store and use your personal data. Medical records will be held for 8 years after your last appointment, or to the age of 25 for minors. After this time, your records will be erased. Limited information will retained within our accounts systems indefinitely to maintain the integrity of the data.
You Can Exercise These Requests
As I process your personal data, you can have certain requests. These are for access, for rectification, for erasure – provided the minimum time for storage had elapsed, and to restrict processing.
I want you to be absolutely confident I am treating your personal data responsibly, and that I am doing everything I can to make sure the people who can access that data have a genuine need to do so and are GDPR compliant.
Of course, if you feel I am mishandling your personal data in some way, then please let me know. Here are the details you need to do that:
FAO Data Protection Officer
142 Richmond Road
Automated Decision Making and Profiling
I do not use any system which uses automated decision making or profiling in respect of your personal data.