MAGGIE RICHARDS WEBSITE PRivacy policy
Last updated May 28 2018.
MY COMMITMENT TO YOU
Under data protection legislation, all organisations that handle personal information must comply with a number of important principles about the privacy and disclosure of this information. Maggie Richards Ltd. (“me”, “I”) operates http://www.maggierichards.co.uk, the “Site”, and is committed to these ethical principles. This Privacy Policy complies with the privacy legislation of the United Kingdom and EU General Data Protection Regulation (GDPR). I am registered with the ICO.
WHO IS MAGGIE RICHARDS?
Maggie Richards is the data controller and processor. This means I decide how your personal data is processed and for what purposes.
YOUR DATA
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. Examples of personal data I may hold about you include your contact and appointment details. The provision of personal information is voluntary. I only collect and process the personal information needed to carry out my work or to comply with any legal requirements.
Special category data is a sub-category of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Examples of special category data I may hold about you include your client notes.
The personal data I hold is collected in electronic form and stored on EU-US Privacy Shield-certified secure servers, currently in the US.
My site is built on the fully GDPR-compliant Weebly platform, while my booking terms consent and self-assessment forms are completed via Wufoo, owned by MailChimp, who are looking into opening a data centre in the EU. Please note: no method of transmission over the internet, or method of electronic storage, is 100% secure.
WHOSE DATA DOES THIS PRIVACY NOTICE APPLY TO?
HOW I PROTECT YOUR PERSONAL DATA
I comply with my obligations under the GDPR by keeping personal data up to date; by storing (if electronic then password protected; if hardcopy then held in a locked secure place) and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. Some further detail:
I use your personal data for the purposes set out below:
Sections 1 – 7 apply to my clients, prospective clients, and former clients
1. I use your name, telephone number and email address to make, cancel and rearrange sessions. I am unable to send or receive encrypted emails or texts so you should be aware that any emails or texts we send or receive may not be protected in transit. I will also monitor emails or texts sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send me is within the bounds of the law.
2. I use your name, address, telephone number and email address, only if I have your explicit consent, to send you marketing emails.
3. Some clients and prospective clients complete a self-assessment questionnaire or tell me about their medical conditions and medication by email or mobile phone text. I am unable to send or receive encrypted emails or texts so you should be aware that any emails I send or receive may not be protected in transit.
4. I use your presenting symptoms reported by you for the purposes of formulating a therapeutic treatment and/or meditation guidance strategy.
5. I use any relevant medical and family history you have told me also for formulating a therapeutic treatment strategy and treatment planning.
6. In the event of an adverse incident occurring to any of my clients, I will report the matter to the Complementary Therapists Association, (CThA) and my insurance company to enable the insurance company to deal with any potential claims and to help the Complementary Therapists Association to develop its safe practice guidelines.
7. Where relevant I keep records of the patient’s, the guardian's or next of kin's consent to working with me to be able to prove that the client (and/or parent/guardian/next of kin) has given informed consent to being professionally assisted by me to secure evidence in the event of a civil claim, criminal prosecution, insurance claim or complaint.
Section 8 applies to those who complain about our services
If I receive a complaint from a person, I will only use the personal information I collect to process the complaint and to check on the level of service I provide. I usually have to disclose the complainant’s identity to whoever the complaint is about. If a complainant doesn’t wish information identifying him or her to be disclosed, I will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis. I may need to provide personal information collected and processed in relation to complaints to the Complementary Therapists Association, or my insurance company, or the Somatic Experiencing Association UK.
Information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment, (if electronic then password protected; if hard copy then held in a locked secure place) and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to me I will only use the information supplied to to deal with the enquiry and any subsequent issues.
NON-DISCLOSURE TO THIRD PARTIES
Maggie Richards Ltd. does not transfer personal information to third parties or service providers. Unless required or permitted by law, I won’t use or disclose your personal information for a new purpose not identified here.
YOUR RIGHTS
Unless subject to an exemption under the GDPR, you have certain rights:
USE AND RETENTION
I keep your personal data for no longer than reasonably necessary. Client records are kept for up to 7 years post-conclusion of our therapeutic relationship, in accordance with the Complementary Therapists Association's Code of Professional Conduct. At the end of the 7 years all electronic records relating to the client will be deleted, and any/all paper hard copy material relating to the patient will be shredded.
During the mandated retention period of 7 years, clients will be required to notify me in writing of any changes to their personal data to enable their records to remain up to date. Such changes can be made at any time at maggie@maggierichards.co.uk.
COOKIES
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive. Like many sites, mine uses “cookies” to collect information. You can instruct your browser to refuse or disable all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of my site. By using this website, you accept the use of cookies.
Opting out of cookie usage
To control which cookies you accept, you can configure your browser to accept all cookies or to alert you every time a cookie is offered by a website’s server. Most browsers automatically accept cookies. You can set your browser option so that you will not receive cookies and you can also delete existing cookies from your browser. You may find that some parts of the site will not function properly if you have refused cookies. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, here.
CHANGES TO THIS PRIVACY POLICY
This Privacy Policy may change from time to time to reflect legislation or industry developments. I will not explicitly inform my clients or website users of these changes. Instead, I recommend that you check this page occasionally for any policy changes. Specific policy changes and updates are listed in the change log here:
Change log
28 May 2018: Addition of 'Whose data does this Privacy Policy apply to?'
28 May 2018: Update to 'Use and Retention'
For ease, your continued use of this website after I post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.
QUESTIONS?
Please contact maggie@maggierichards.co.uk
MY COMMITMENT TO YOU
Under data protection legislation, all organisations that handle personal information must comply with a number of important principles about the privacy and disclosure of this information. Maggie Richards Ltd. (“me”, “I”) operates http://www.maggierichards.co.uk, the “Site”, and is committed to these ethical principles. This Privacy Policy complies with the privacy legislation of the United Kingdom and EU General Data Protection Regulation (GDPR). I am registered with the ICO.
WHO IS MAGGIE RICHARDS?
Maggie Richards is the data controller and processor. This means I decide how your personal data is processed and for what purposes.
YOUR DATA
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. Examples of personal data I may hold about you include your contact and appointment details. The provision of personal information is voluntary. I only collect and process the personal information needed to carry out my work or to comply with any legal requirements.
Special category data is a sub-category of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Examples of special category data I may hold about you include your client notes.
The personal data I hold is collected in electronic form and stored on EU-US Privacy Shield-certified secure servers, currently in the US.
My site is built on the fully GDPR-compliant Weebly platform, while my booking terms consent and self-assessment forms are completed via Wufoo, owned by MailChimp, who are looking into opening a data centre in the EU. Please note: no method of transmission over the internet, or method of electronic storage, is 100% secure.
WHOSE DATA DOES THIS PRIVACY NOTICE APPLY TO?
- current clients
- former client
- people who send a message through this site's contact form
- people who subscribe to Maggie Richards' newsletters and/or Daily Mind Detox;
- visitors to Maggie Richards' website.
HOW I PROTECT YOUR PERSONAL DATA
I comply with my obligations under the GDPR by keeping personal data up to date; by storing (if electronic then password protected; if hardcopy then held in a locked secure place) and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data. Some further detail:
- To contact me through this site, users must check a box confirming their express consent to me storing their personal data
- My phone, computer and email lists are all password-protected
- I am willing to communicate with clients via three secure methods only – email, text and phone call (no Skype, or What’s App, for example)
- Where you agree to work with me online, we will do so solely using GDPR and HIPPA-compliant telehealth service Clocktree
- I have written a Therapeutic Will that means that - in the event of my death or longterm incapacity - the client data I hold will be respectfully processed by a trusted executor.
I use your personal data for the purposes set out below:
Sections 1 – 7 apply to my clients, prospective clients, and former clients
1. I use your name, telephone number and email address to make, cancel and rearrange sessions. I am unable to send or receive encrypted emails or texts so you should be aware that any emails or texts we send or receive may not be protected in transit. I will also monitor emails or texts sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send me is within the bounds of the law.
2. I use your name, address, telephone number and email address, only if I have your explicit consent, to send you marketing emails.
3. Some clients and prospective clients complete a self-assessment questionnaire or tell me about their medical conditions and medication by email or mobile phone text. I am unable to send or receive encrypted emails or texts so you should be aware that any emails I send or receive may not be protected in transit.
4. I use your presenting symptoms reported by you for the purposes of formulating a therapeutic treatment and/or meditation guidance strategy.
5. I use any relevant medical and family history you have told me also for formulating a therapeutic treatment strategy and treatment planning.
6. In the event of an adverse incident occurring to any of my clients, I will report the matter to the Complementary Therapists Association, (CThA) and my insurance company to enable the insurance company to deal with any potential claims and to help the Complementary Therapists Association to develop its safe practice guidelines.
7. Where relevant I keep records of the patient’s, the guardian's or next of kin's consent to working with me to be able to prove that the client (and/or parent/guardian/next of kin) has given informed consent to being professionally assisted by me to secure evidence in the event of a civil claim, criminal prosecution, insurance claim or complaint.
Section 8 applies to those who complain about our services
If I receive a complaint from a person, I will only use the personal information I collect to process the complaint and to check on the level of service I provide. I usually have to disclose the complainant’s identity to whoever the complaint is about. If a complainant doesn’t wish information identifying him or her to be disclosed, I will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis. I may need to provide personal information collected and processed in relation to complaints to the Complementary Therapists Association, or my insurance company, or the Somatic Experiencing Association UK.
Information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment, (if electronic then password protected; if hard copy then held in a locked secure place) and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to me I will only use the information supplied to to deal with the enquiry and any subsequent issues.
NON-DISCLOSURE TO THIRD PARTIES
Maggie Richards Ltd. does not transfer personal information to third parties or service providers. Unless required or permitted by law, I won’t use or disclose your personal information for a new purpose not identified here.
YOUR RIGHTS
Unless subject to an exemption under the GDPR, you have certain rights:
- The right to request a copy of your personal data which I hold about you.
- The right to request that I correct any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary for us to retain such data.
- The right to withdraw your consent to the processing at any time. This right does not apply where we are processing information using a lawful purpose other than consent.
- The right to request that I provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [This right only applies where the processing is based on consent or is necessary for the performance of a contract with you and in either case I am processing the data by automated means].
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of personal data, (where applicable) [This right only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics].
- The right to be informed if your data is lost or exposed to an unlawful data breach. I will also inform the Information Commissioner’s Office in accordance with the time limits in the GDPR.
- The right to lodge a complaint with the Information Commissioner’s Office.
USE AND RETENTION
I keep your personal data for no longer than reasonably necessary. Client records are kept for up to 7 years post-conclusion of our therapeutic relationship, in accordance with the Complementary Therapists Association's Code of Professional Conduct. At the end of the 7 years all electronic records relating to the client will be deleted, and any/all paper hard copy material relating to the patient will be shredded.
During the mandated retention period of 7 years, clients will be required to notify me in writing of any changes to their personal data to enable their records to remain up to date. Such changes can be made at any time at maggie@maggierichards.co.uk.
COOKIES
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive. Like many sites, mine uses “cookies” to collect information. You can instruct your browser to refuse or disable all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of my site. By using this website, you accept the use of cookies.
Opting out of cookie usage
To control which cookies you accept, you can configure your browser to accept all cookies or to alert you every time a cookie is offered by a website’s server. Most browsers automatically accept cookies. You can set your browser option so that you will not receive cookies and you can also delete existing cookies from your browser. You may find that some parts of the site will not function properly if you have refused cookies. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, here.
CHANGES TO THIS PRIVACY POLICY
This Privacy Policy may change from time to time to reflect legislation or industry developments. I will not explicitly inform my clients or website users of these changes. Instead, I recommend that you check this page occasionally for any policy changes. Specific policy changes and updates are listed in the change log here:
Change log
28 May 2018: Addition of 'Whose data does this Privacy Policy apply to?'
28 May 2018: Update to 'Use and Retention'
For ease, your continued use of this website after I post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.
QUESTIONS?
Please contact maggie@maggierichards.co.uk