PRIVACY POLICY

This document has been written to help you understand what data I collect; why I collect it and what I do with it.  I also hope to inform you of your rights in obtaining copies of your records and how to address any concerns you may have.  I hope to be completely transparent and clear.  If you have any queries please contact me on any of the above methods and I will deal with your request as promptly as possible. In all circumstances ‘I’, Annaliese Phillips, am the ‘data controller’.



WHO AM I?


Annaliese Phillips of MiBoSo. 


Place of Work:

73 Eastern Road, Haywards Heath, Sussex, RH16 3NQ


Registered Business Address:

73 Eastern Road, Haywards Heath, Sussex, RH16 3NQ


Contact Telephone Number: 07725 266199


Email Address: annaliese@miboso.co.uk



WHEN DO I COLLECT INFORMATION?


When you contact me:

Phone

Email

Contact form via website

Text message


Occasions that I may collect information from you

Taster Events

Consultation Form



WHAT INFORMATION MIGHT I COLLECT?


When you have contacted me:

Phone- Name and Telephone Number

Email- Name, Email Address and the Correspondence

Contact Form via Website- Name and Email Address and Correspondence

Text Message- Name and Telephone Number and Correspondence

Occasions that I may collect information from you

Taster Events- Name and Email Address

Consultation Form- Name; Address; Email; Telephone Number; Date of Birth; A brief Medical History; Details of current complaints; And details of treatment.



WHY AM I COLLECTING AND STORING THIS DATA?


I am collecting this data on the Basis of Contract.  When you contact me by any of the above methods, unless directed otherwise I may store your contact information- i.e if you have called to enquire about the services I offer.  I do this so that I can offer a personalised service whereby I recognize your number if you call again.  If this is your only point of contact I will not contact you.  It is solely for the purpose of recognizing we have previously made contact should you make contact at a future date.


Likewise if you contact me by text message I may store your name and number for the purposes of future communication you may make.  I may also keep the messages themselves for my records and as a recollection of how things were left. 


I send out appointment reminders.


Occasionally post treatment I may make contact using this data to see how you are post treatment and for feedback.  This is invaluable to my practice.  I hope to offer a very personal service.  Within the professional boundaries I aim to provide a tailor made treatment, to allow this, post treatment feedback is helpful to me developing my practice as a therapist and your future treatments. 


I may also inform you of ways that you can leave reviews.  Again this is invaluable to me as a small business where the best recommendations come from those who have received a treatment and can give honest feedback of their experience.  


Data that I collect via the consultation form is considered to be collecting ‘Special Category Data’. My basis for this is as follows:


(h) processing is ‘necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3’


The nature of massage therapy is that I need to have a basic understanding of a client’s medical history in order to ensure that treatment is safe and to ascertain how to proceed- what can I do to best address areas of pain and discomfort?  Is the client anxious?  I need to retain these records to monitor progression and to keep a record of treatment details.  It is also a legal obligation of my insurers.



HOW DO I STORE YOUR INFORMATION?


Smart Phone- this is locked with a passcode.

Webhost- I store email addresses and communication.  Please consult https://www.wix.com/about/privacy for further information.

Locked Filing Cabinet- I DO NOT store client notes online.



WHO HAS ACCESS TO THIS DATA?


I am a sole trader.  I am the only person who is able to access this data. 



HOW LONG DO I STORE YOUR INFORMATION FOR?


Contact Details (stored on smart phone and webhost)

As mentioned above on the lawful basis of contract I may store your phone number, email address and correspondence as means of recording our interaction.  I may hold this data until I cease to trade at which point I will delete it from both my webhost and smartphone.  This will be down to my discretion.


Client Notes

I have a legal obligation, a condition of my insurance policy provided by Balens Health Professionals, underwritten by Zurich Insurance plc, to take and retain client records. The policy wording notes:


The records shall be kept for at least 7 years following the last occasion on which treatment was given. In the case of treatment to minors, it is advisable that records should be kept or at least 7 years after they reach the age of majority (18). 

Record Keeping - Condition 14 c, on page 35


Given the above I currently keep my client records for at least 7 years from the date of the last treatment or 7 years from the date the client turns 18 if they have received the treatment as a minor.  There are also instances, for example if treating a vulnerable client, where it will be for me to determine that I may chose to hold the records for longer than the 7 years noted in the policy wording.


In the event of my death, a named person will be responsible for the destruction of client notes according to the above timeframe.


ACCESSING YOUR DATA


If at any point you wish to obtain a copy of your notes I will gladly provide them and will do so promptly.  I am legally obliged to do this within one calendar month of the request.  In some circumstances it may be necessary for me to ask for identification.


This document should satisfy any questions with regards to how I process client’s data.  Should you wish to know more about these procedures please contact me directly at annaliese@miboso.co.uk and I will endeavor to answer any queries as soon as possible.


I will record all requests in your client notes.



SHARING YOUR DATA


Should you wish for me to collaborate with another medical practitioner I will do so but only with your signed consent which will be kept with your client notes.


In the event that I sell my business I will notify everyone in my database and ask for consent for his or her details to be passed on.  I will not pass client notes on unless this is permissioned by the individual. 


I will never sell you personal data to a third party. 



RIGHT OF ERASURE (RIGHT TO WITHDRAW CONSENT)


Contact Details

Should you wish for me to remove your contact details from my database- held on my smartphone and webhost- please contact me directly via any of the contact details at the top of this document.  The GDPR states a maximum duration of one calendar month from the date requested.


Client Notes

As I am storing data due to a Legal Obligation- compliance with my insurance Terms and Conditions, I am unable to comply with the Right of Erasure.


The GDPR specifies the below circumstance where the right to erasure will not apply to special category data:


●        if the processing is necessary for the purposes of preventative or occupational medicine (eg where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This only applies where the data is being processed by or under the responsibility of a professional subject to a legal obligation of professional secrecy (eg a health professional).


WHAT HAPPENS IN THE EVENT OF A DATA BREACH?


In the unlikely event of a data breach- I will inform the ICO as soon as I am aware.  When possible I will also notify the individual(s) affected.



WOULD YOU LIKE TO MAKE A COMPLAINT?


In the event that you would like to make a complaint please do so If you are dissatisfied with the way in which I process your personal data, you have the right to complain to the UK’s Data Protection Supervisory Authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns , by live chat or by calling their helpline on 0303 123 1113.



HOW TO CONTACT ME

If you have any questions regarding the use of your data and your Individual rights, please contact me on 07725 266199 or annaliese@miboso.co.uk