MAGGIE RICHARDS WEBSITE PRivacy policy
Last updated May 12 2023.
OUR COMMITMENT TO YOU
Under data protection legislation, all organisations that handle personal information must comply with a number of important principles about the privacy and disclosure of this information. Smiley Minds Ltd. (“we”, ) operates http://www.maggierichards.co.uk, the “Site”, and is committed to these ethical principles. This Privacy Policy complies with the privacy legislation of the United Kingdom and EU General Data Protection Regulation (GDPR). We are registered with the ICO.
WHO IS SMILEY MINDS LTD?
Smiley Minds Ltd. is the data controller and processor. This means we decide how your personal data is processed and for what purposes.
YOUR DATA
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. Examples of personal data we may hold about you include your contact and appointment details. The provision of personal information is voluntary. We only collect and process the personal information needed to carry out our work or to comply with any legal requirements.
Special category data is a sub-category of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Examples of special category data we may hold about you include your client notes.
The personal data we hold is collected in electronic form and stored on EU-US Privacy Shield-certified secure servers, currently in the US.
My site is built on the fully GDPR-compliant Weebly platform, while my booking terms consent and self-assessment forms are completed via Wufoo, owned by MailChimp, who are looking into opening a data centre in the EU. Please note: no method of transmission over the internet, or method of electronic storage, is 100% secure.
WHOSE DATA DOES THIS PRIVACY NOTICE APPLY TO?
HOW WE PROTECT YOUR PERSONAL DATA
We comply with our obligations under the GDPR by keeping personal data up to date; by storing (if electronic then password protected; if hardcopy then held in a locked secure place) and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. Some further detail:
W use your personal data for the purposes set out below:
Sections 1 – 7 apply to Maggie's clients, prospective clients, and former clients
1. We use your name, telephone number and email address to make, cancel and rearrange sessions. We am unable to send or receive encrypted emails or texts so you should be aware that any emails or texts we send or receive may not be protected in transit. We will also monitor emails or texts sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send me is within the bounds of the law.
2. We use your name, telephone number and email address, only if I have your explicit consent, to send you marketing emails.
3. Some clients and prospective clients complete a self-assessment questionnaire or tell Maggie about their medical conditions and medication by email or mobile phone text. We are unable to send or receive encrypted emails or texts so you should be aware that any emails we send or receive may not be protected in transit.
4. We use your presenting symptoms reported by you for the purposes of formulating a therapeutic treatment and/or meditation guidance strategy.
5. We use any relevant medical and family history you have told me also for formulating a therapeutic treatment strategy and treatment planning.
6. In the event of an adverse incident occurring to any of Maggie's clients, we will report the matter to the Complementary Therapists Association, (CThA) and my insurance company to enable the insurance company to deal with any potential claims and to help the Complementary Therapists Association to develop its safe practice guidelines.
7. Where relevant we keep records of the patient’s, the guardian's or next of kin's consent to working with me to be able to prove that the client (and/or parent/guardian/next of kin) has given informed consent to being professionally assisted by me to secure evidence in the event of a civil claim, criminal prosecution, insurance claim or complaint.
Section 8 applies to those who complain about our services
If we receive a complaint from a person, we will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. If a complainant doesn’t wish information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis. We may need to provide personal information collected and processed in relation to complaints to the Complementary Therapists Association, or my insurance company, or the Somatic Experiencing Association UK.
Information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment, (if electronic then password protected; if hard copy then held in a locked secure place) and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to Maggie we will only use the information supplied to to deal with the enquiry and any subsequent issues.
NON-DISCLOSURE TO THIRD PARTIES
Smiley Minds Ltd. does not transfer personal information to third parties or service providers. Unless required or permitted by law, we won’t use or disclose your personal information for a new purpose not identified here.
YOUR RIGHTS
Unless subject to an exemption under the GDPR, you have certain rights:
USE AND RETENTION
We keep your personal data for no longer than reasonably necessary. Client records are kept for up to 7 years post-conclusion of our therapeutic relationship, in accordance with the Complementary Therapists Association's Code of Professional Conduct. At the end of the 7 years all electronic records relating to the client will be deleted, and any/all paper hard copy material relating to the patient will be shredded.
During the mandated retention period of 7 years, clients will be required to notify me in writing of any changes to their personal data to enable their records to remain up to date. Such changes can be made at any time at [email protected].
COOKIES
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive. Like many sites, mine uses “cookies” to collect information. You can instruct your browser to refuse or disable all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of my site. By using this website, you accept the use of cookies.
Opting out of cookie usage
To control which cookies you accept, you can configure your browser to accept all cookies or to alert you every time a cookie is offered by a website’s server. Most browsers automatically accept cookies. You can set your browser option so that you will not receive cookies and you can also delete existing cookies from your browser. You may find that some parts of the site will not function properly if you have refused cookies. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, here.
CHANGES TO THIS PRIVACY POLICY
This Privacy Policy may change from time to time to reflect legislation or industry developments. We will not explicitly inform my clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes.
For ease, your continued use of this website after I post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.
QUESTIONS?
Please contact [email protected]
OUR COMMITMENT TO YOU
Under data protection legislation, all organisations that handle personal information must comply with a number of important principles about the privacy and disclosure of this information. Smiley Minds Ltd. (“we”, ) operates http://www.maggierichards.co.uk, the “Site”, and is committed to these ethical principles. This Privacy Policy complies with the privacy legislation of the United Kingdom and EU General Data Protection Regulation (GDPR). We are registered with the ICO.
WHO IS SMILEY MINDS LTD?
Smiley Minds Ltd. is the data controller and processor. This means we decide how your personal data is processed and for what purposes.
YOUR DATA
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. Examples of personal data we may hold about you include your contact and appointment details. The provision of personal information is voluntary. We only collect and process the personal information needed to carry out our work or to comply with any legal requirements.
Special category data is a sub-category of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Examples of special category data we may hold about you include your client notes.
The personal data we hold is collected in electronic form and stored on EU-US Privacy Shield-certified secure servers, currently in the US.
My site is built on the fully GDPR-compliant Weebly platform, while my booking terms consent and self-assessment forms are completed via Wufoo, owned by MailChimp, who are looking into opening a data centre in the EU. Please note: no method of transmission over the internet, or method of electronic storage, is 100% secure.
WHOSE DATA DOES THIS PRIVACY NOTICE APPLY TO?
- current clients
- former client
- people who send a message through this site's contact form
- visitors to maggierichards.co.uk.
HOW WE PROTECT YOUR PERSONAL DATA
We comply with our obligations under the GDPR by keeping personal data up to date; by storing (if electronic then password protected; if hardcopy then held in a locked secure place) and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. Some further detail:
- To contact Maggie Richards through this site, users must check a box confirming their express consent to us storing their personal data
- Maggie's phone, computer and email lists are all password-protected
- We are willing to communicate with clients via three secure methods only – email, text and phone call (no Skype, or What’s App, for example)
- Where you agree to work with me online, we will do so solely using GDPR and HIPPA-compliant telehealth service Clocktree
- Maggie has written a Therapeutic Will that means that – in the event of my death or longterm incapacity – the client data we hold will be respectfully processed by a trusted executor.
W use your personal data for the purposes set out below:
Sections 1 – 7 apply to Maggie's clients, prospective clients, and former clients
1. We use your name, telephone number and email address to make, cancel and rearrange sessions. We am unable to send or receive encrypted emails or texts so you should be aware that any emails or texts we send or receive may not be protected in transit. We will also monitor emails or texts sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send me is within the bounds of the law.
2. We use your name, telephone number and email address, only if I have your explicit consent, to send you marketing emails.
3. Some clients and prospective clients complete a self-assessment questionnaire or tell Maggie about their medical conditions and medication by email or mobile phone text. We are unable to send or receive encrypted emails or texts so you should be aware that any emails we send or receive may not be protected in transit.
4. We use your presenting symptoms reported by you for the purposes of formulating a therapeutic treatment and/or meditation guidance strategy.
5. We use any relevant medical and family history you have told me also for formulating a therapeutic treatment strategy and treatment planning.
6. In the event of an adverse incident occurring to any of Maggie's clients, we will report the matter to the Complementary Therapists Association, (CThA) and my insurance company to enable the insurance company to deal with any potential claims and to help the Complementary Therapists Association to develop its safe practice guidelines.
7. Where relevant we keep records of the patient’s, the guardian's or next of kin's consent to working with me to be able to prove that the client (and/or parent/guardian/next of kin) has given informed consent to being professionally assisted by me to secure evidence in the event of a civil claim, criminal prosecution, insurance claim or complaint.
Section 8 applies to those who complain about our services
If we receive a complaint from a person, we will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. If a complainant doesn’t wish information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis. We may need to provide personal information collected and processed in relation to complaints to the Complementary Therapists Association, or my insurance company, or the Somatic Experiencing Association UK.
Information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment, (if electronic then password protected; if hard copy then held in a locked secure place) and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to Maggie we will only use the information supplied to to deal with the enquiry and any subsequent issues.
NON-DISCLOSURE TO THIRD PARTIES
Smiley Minds Ltd. does not transfer personal information to third parties or service providers. Unless required or permitted by law, we won’t use or disclose your personal information for a new purpose not identified here.
YOUR RIGHTS
Unless subject to an exemption under the GDPR, you have certain rights:
- The right to request a copy of your personal data which I hold about you.
- The right to request that we correct any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary for us to retain such data.
- The right to withdraw your consent to the processing at any time. This right does not apply where we are processing information using a lawful purpose other than consent.
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [This right only applies where the processing is based on consent or is necessary for the performance of a contract with you and in either case we are processing the data by automated means].
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of personal data, (where applicable) [This right only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics].
- The right to be informed if your data is lost or exposed to an unlawful data breach. We will also inform the Information Commissioner’s Office in accordance with the time limits in the GDPR.
- The right to lodge a complaint with the Information Commissioner’s Office.
USE AND RETENTION
We keep your personal data for no longer than reasonably necessary. Client records are kept for up to 7 years post-conclusion of our therapeutic relationship, in accordance with the Complementary Therapists Association's Code of Professional Conduct. At the end of the 7 years all electronic records relating to the client will be deleted, and any/all paper hard copy material relating to the patient will be shredded.
During the mandated retention period of 7 years, clients will be required to notify me in writing of any changes to their personal data to enable their records to remain up to date. Such changes can be made at any time at [email protected].
COOKIES
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive. Like many sites, mine uses “cookies” to collect information. You can instruct your browser to refuse or disable all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of my site. By using this website, you accept the use of cookies.
Opting out of cookie usage
To control which cookies you accept, you can configure your browser to accept all cookies or to alert you every time a cookie is offered by a website’s server. Most browsers automatically accept cookies. You can set your browser option so that you will not receive cookies and you can also delete existing cookies from your browser. You may find that some parts of the site will not function properly if you have refused cookies. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, here.
CHANGES TO THIS PRIVACY POLICY
This Privacy Policy may change from time to time to reflect legislation or industry developments. We will not explicitly inform my clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes.
For ease, your continued use of this website after I post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.
QUESTIONS?
Please contact [email protected]