Greene Homoeopathy Privacy Policy

 

About this document

This document will help you understand how I collect, use and protect your personal information. If you have any queries about the Greene Homeopathy privacy policy, or how I process your personal information, please contact me on 07884 147443, or email me on caroline@greenehomoeopathy.co.uk

 

 

Who I am

I am the practicing homoeopath at: Greene Homoeopathy, The Natural Clinic, 4 Comrie Road, Crieff, Perthshire, PH7 3NX.

I am a ‘data controller’ and ‘data processor’ under the Data Protection Act 1998 and (once in force), under GDPR. I am registered with the Information Commissioner’s Office.

 

The information I collect about you

I require you to provide me with the following information:

  • name, address, occupation, date of birth

  • next of kin

  • contact details, including telephone numbers and email address

  • health details and medical history including family medical history

  • medication you are taking and have taken in the past plus vaccination history

  • Information pertinent to your presenting physical and mental symptoms

  • in the event of a professional conduct investigation, I may require additional information such as criminal convictions

 

How I collect information about you

I collect and update personal information from you directly:

  • when you come for an appointment

  • when you contact me outwith appointments by text, email or telephone/videocall

  • when you inform me of a change of contact, medication (or other) details

  • I will amend information pertinent to your presenting physical and mental symptoms

 

How I use your information

I store and use your personal information, as is necessary for my legitimate interests:

  • to make a diagnosis regarding the appropriate prescription

  • communicating with you including responding to your enquiries

  • informing you of events the Clinic is organising or workshops I am running

  • fulfilling any obligations owed to a relevant regulator, tax authority or revenue service.

  • I have one laptop used exclusively for your personal information which is password protected, backed up weekly to a disk stored in a locked cupboard.  

  • our personal information is stored in code 

 

Who I share your data with

I share your information with:

  • No one, unless required (see next bullet)

  • If required (for legal and/or professional conduct issues), with authorised regulators and law enforcement agencies

  • Only with your permission, I will occasionally seek the professional opinion on my method or prescription, of Michael Smith Lic ISH, ISHom, MSc, Chairman European Central Council of Homeopaths - my case supervisor based in Co Wicklow, Ireland.  If this happens I send a summary of my treatment and your presenting symptoms and any reference to names/places is deleted.

 

How I store your data

My data is securely stored electronically and hard copy is cross-shredded as soon as it has been typed up. Only I have access to your data, and all electronic systems are password protected. I do not use any cloud-based storage. I back-up data on a weekly basis to reduce the likelihood of accidental loss or damage to files.

 

How long do I keep your information

I will retain your personal information for reference and analysis to allow me to make the best prescription for you.  Your information will be kept for up to 7 years, following your last appointment or your 18th birthday if you are a minor.  After which time it will be archived or deleted. Any retention of personal data will be done in compliance with legal and regulatory obligations. Please note data retention periods may be subject to change without further notice as a result of changes to associated law or regulations.

 

Your rights

Under GDPR you have the following rights:

  • to obtain copies of the personal information I hold about you

  • to require I cease processing your personal information if the processing is causing you damage or distress

  • to request I do not send you news or marketing communications

  • to require me to correct the personal information I hold about you if it is incorrect 

  • to require me to erase your personal information – this must be a written request, with your reasons for requesting erasure clearly stated.

 

Please note that these rights may be limited by Data Protection legislation, Contract law, Criminal law and Human Rights legislation, and I may be required to refuse requests where exemptions apply.

 

A data breach

In the event of a data breach occurring, I would immediately inform everyone affected, and take whatever steps necessary to minimise impact. I would also report the breach to the ICO.