Emma Leeson-Kings and Wellspring Traditional Acupuncture are committed to respecting and protecting your privacy.
What Is the Purpose of this Privacy Notice?
The ‘Processing’ of ‘Personal Data’ is governed by the General Data Protection Regulation 2016/679 (GDPR). This legislation will replace current data privacy law, giving you more rights as an individual and more obligations to organisations holding your ‘Personal Data’.
You have a right to be informed about your increased rights in relation to the information I hold on you - about the way in which I use, share and store your personal information and the legal basis on which I am using it.
This new privacy notice comes into effect and will be published on my website on 25th May 2018.
Who Am I?
Emma Leeson-Kings at Wellspring Traditional Acupuncture is the ‘Data Controller’. This means I decide how your ‘Personal Data’ is ‘Processed’ and for what purposes.
What Is 'Personal Data'?
‘Personal Data’ relates to a living individual who can be identified from that data. Identification can be by the information alone, or in conjunction with any other information in the ‘Data Controller’s’ possession or likely to come into such possession. Examples of ‘Personal Data’ I may hold about you include contact and appointment details.
‘Special Category Data’ is a sub-category of ‘Personal Data’ concerning a person’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sexual orientation. Examples of ‘Special Category Data’ I may hold about you include health history notes.
Why Do I Collect Your 'Personal Data' and How Do I 'Process' It?
I comply with obligations under the GDPR by keeping ‘Personal Data’ up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting ‘Personal Data’ from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect ‘Personal Data’. My ‘Legitimate Interest’ for ‘Processing’ your ‘Personal Data’ is as follows:
• I keep a diary as a permanent attendance register, which records all appointments to keep a record of when you were treated for tax purposes and to secure potential evidence in the event of a criminal prosecution, civil litigation, insurance claim or complaint to my regulatory body, the British Acupuncture Council.
• Collecting your name, address, mobile and landline telephone numbers and email addresses to make and rearrange appointments or if contact is needed. Your email or text numbers may be used to forward information which may be useful or interesting to you. Collecting and recording health data (‘Special Category Data’), date of birth and other personal information (which may include family history) including reviews and details of progress and clinical findings of your case, is to enable a full traditional diagnosis, treatment strategy and planning to be made and appropriate treatment to be administered and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint. Date of Birth is also for identification purposes. Your GP’s name and contact details are required in case I need to contact your GP, including in an emergency, and because it is a mandatory requirement in the British Acupuncture Council’s Code of Professional Conduct.
• I record any information and advice that I have given, especially when referring patients to any other health professionals, to ensure you to receive the most appropriate treatment and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
• I may hold your email and telephone number (both landline and mobile) data on my mobile telephone to contact you about appointments (to arrange/rearrange) and to occasionally send you information, which I think might be of interest. I am unable to send or receive encrypted emails so any emails I send or receive may not be protected in transit. I will monitor any emails sent to me, including file attachments, for viruses or malicious software. You have a responsibility to ensure that any email you send me is within the bounds of the law.
I use a third party service (LCN.com) to host my website. This site is hosted at www.healingwellspring.co.uk which is run by LCN.com on UK based servers. LCN.com uses AWStats software to collect anonymous information about users' activity on the website, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help me improve it. For more information about how LCN.com ‘Processes’ data, please see www.lcn.com/privacy.
How Is Your 'Personal Data' Shared?
Your ‘Personal Data’ will be treated as strictly confidential, and will only be shared:
• with named third parties with your explicit consent;
• with the relevant authority such as the police or a court, if necessary for compliance with a legal obligation to which I am subject e.g. a court order;
• with your doctor or the police if necessary to protect yours or another person’s life;
• with the police or a Local Authority for the purpose of safeguarding children or vulnerable adults; or
• with my regulatory body, the British Acupuncture Council, or my insurance company, in the event of a complaint or insurance claim being brought against me; or
• my solicitor in the event of any investigation or legal proceedings being brought against me.
How Is Your 'Personal Data' Stored?
I have a legal obligation to retain your records for a minimum 7 years after your most recent appointment (In the case of minors, records must be kept until the patient reaches the age of 25 (7 years after reaching the age of 18)), but after this period you can ask me to delete your records if you wish. I will retain your records so that I can provide you with the best possible care should you return at some future date and in case of legal claims or complaints.
Your records are stored on paper, in a locked cupboard. Your name and telephone numbers may be recorded in a paper diary. Access to my mobile telephone, for texts and email access, is by passcode.
You have the right to request a copy of your ‘Personal Data’ I hold and you can also ask me to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask me to erase your records.
If you have any questions, feedback or complaints, please contact The ‘Data Controller’ at Wellspring Traditional Acupuncture:
Wellspring Traditional Acupuncture
Little Down Orchard
01395 567 976
07966 250 328
You can, of course, withdraw consent as any time but this may affect my ability to continue treatment.
For a PDF copy of the Privacy Notice, please click here