The following is in relation to and in compliance with General Data Protection Regulations (GDPR) 2018.
Who am I?
Email – firstname.lastname@example.org
My website address is: catmanasa.co.uk
Please email me for telephone number and postal address.
What personal data I collect and why I collect it
To enable me to answer requests for information, book my services via my contact form or by direct email, you must provide me with certain information to allow me to process your request. This includes your name, email address and mobile phone number. I’ll use your email address/mobile number to respond to enquiries and to arrange bookings. Any information shared with me in your initial enquiry will be kept confidential whether you decide to book a treatment or not. I’ll keep this information for 1 year unless requested sooner. After 1 year, I delete any email enquiries that didn’t result in a treatment. After initial contact has been made, if you choose not to book a treatment with me, any information that has been shared with me by email can be deleted immediately by request.
Enquiries through Facebook, either via my Facebook Page or my Personal Profile will be treated the same as outlined above.
If you enter into a contract of service with me (make and attend a booking) I’ll use your email address to respond to your enquiry and arrange bookings. If you wish to discuss details of a personal or sensitive nature through email, I’m happy to respond, however, please be aware that no email provider is 100% secure.
Any information given will be kept confidential and only used to help provide you with the best treatment.
Your email address will not be added to any mailing list. If you would like to be on my mailing list, you will have to sign up separately.
I will never share your email address with anyone.
If you choose to enter into a contract of services with me (i.e. come for a treatment) you’ll need to provide me with more in-depth information to ensure a safe treatment and fulfil my insurance requirements. This will require you to have a full consultation with me prior to treatment.
The consultation form is an essential pre-requisite to treatment and will provide me with an overview of your medical history past and present. I am also required to ask for information about your lifestyle and any other health information relevant to your treatment. This is to enable me to offer the most effective and safe treatment I can in accordance with my training, the Federation of Holistic Therapy Code of Conduct and Professional Practice and insurance requirements. This is my lawful basis for collecting the information I need to perform my service.
How do I collect your information?
Google form, digital PDF or paper form.
When possible, I’ll post you the relevant paper consultation forms for you to fill in prior to our initial session. Your consultation will take place face to face during our initial session where I’ll discuss your consultation form and add any other information given. All forms and notes are handwritten. Alternatively, I may send you a PDF that can be filled out online or printed and written.
If you choose to share personal information in an email or Facebook message or via WhatsApp, I may include a printed copy to add to your notes if it’s relevant and helpful to your treatment. By request, I can delete my copy of any email or message you have sent to me.
If we speak on the phone to arrange our initial session, I’ll write down your name and I might take notes about your situation. I’ll ask for your address and phone number if you’re making a booking with me. I’ll use your address to send you your consultation form and phone number if I need to contact you quickly. If our call does not result in a booking, I will destroy any notes and details written down.
Why do I need this information and who might I share it with?
The information you provide will give me an overview of your health and lifestyle. As a holistic therapist, I work to understand the bigger picture of your health and well-being needs. The consultation process is an essential part of your treatment and has to be completed before treatments can take place. You will also be required to update me on any new relevant information at each session throughout our treatment sessions. Any new information will be added to your notes. You may request to see your consultation form and treatment notes at any time. If you would like a copy of these, please let me know in writing and allow up to 30 days for delivery.
If you’re already under the care of a specialist health professional, or are pregnant, I may need to seek a referral from your health specialist/GP/midwife. This will be done with your knowledge and permission. In these cases, treatment can only commence once permission has been granted. This is to ensure you are given the most appropriate and safest treatment possible. I will never share your details with anyone without your permission.
In the case of treating children and young people under the age of 18 or vulnerable adults, a parent or guardian’s signature is required on the consultation form. The parent or guardian must be present throughout the consultation and treatment. The child, teen or vulnerable adult must give consent for the treatment to be given. As before, all information given is confidential and will not be shared with anyone. The only exception to this is if the child or vulnerable adult is deemed to be in danger. In those cases the relevant authorities will be notified and if it is required to disclose personal details to safeguard a child then I will disclose them. This is in keeping with the Children Act 1989 and 2004, and the Safeguarding Vulnerable Groups Act 2006.
How do I use the information I collect?
I will use the information I collect during our consultation and subsequent treatments to provide you with the most suitable and safe treatments within my scope of practice. This is in accordance with my training, FHT codes of conduct and insurance requirements.
How long will I store your information?
If you have a treatment with me, all personal data and information gathered will be confidentially and securely stored for 7 years after your last treatment. All email enquiries that don’t result in a treatment will be held for one year before deletion. This is to ensure potential clients have plenty of time to decide if I’m the therapist for them and that all non-clients data is eventually deleted and forgotten.
Where will I store this information?
All consultation forms and notes will be kept in a securely locked box to which I am the only key holder. Emails are kept in my inbox which is password protected. The devices I use to access my emails are also all password protected. I don’t use any shared devices when accessing my emails.
How will I destroy this information?
If you have been a client, after 7 years, paper records will be shredded and burnt. All email correspondence and Facebook messages will be deleted. If you have made enquiries but not become a client, all emails and messages will be deleted one year after the last email received.
With regard to email and Facebook messages, both clients and non-clients can request that I delete any messages I’ve received from them at any time.
The lawful basis for requiring this information is as follows;
- Consent: the clear consent for me to process your personal data for the specific purpose of giving safe and responsible holistic treatments.
- Contract: the processing is necessary to uphold the contract you have with me as your holistic therapist. By signing the consultation form you are agreeing to my Terms of Service and will agree to abide by the necessary requirements for me to provide safe treatments, abide by my professional code of conduct and insurance obligations.
- Legal obligation: the processing of your information is necessary for me to comply with the law.
- Special category data: I hold health related special category data to enable me to work within the Federation of Holistic Therapists Code of Conduct and Professional Practice and validate my insurance. I adhere to client confidentiality rules as taught throughout my training and only use this information to ensure best practices as a holistic healthcare professional.
You have the right to:
- Be informed – I will inform you of the reasons I need your information and how I will use it.
- Access – You can have access to all information I hold about you. Please request copies of your notes verbally or in writing and allow up to 30 days for processing. I prefer to hand these notes over in person to avoid any identification issues.
- Rectification – You can update and correct any information I hold about you if it is incorrect. Please inform me of any amendments you’d like to be made verbally or in writing and allow up to 30 days for processing.
- Erasure/be forgotten – You can request that I delete any emails you have sent me if they’re no longer relevant, along with your email address from my address book. If you are, or have been a client, I am required to hold your treatment records for a period of seven years after the date of your last treatment to comply with legal obligations and to establish, exercise or defend any legal claims.
- Restrict processing – If you choose not to return for treatment your information will be stored securely for seven years. That information will not be used or shared. After seven years it will be destroyed. If you have been a client, I am required to hold your treatment records for a period of seven years after the date of your last treatment to comply with legal obligations and to establish, exercise or defend any legal claims.
- Data portability – if you would like copies of your consultation form and treatment notes sent to another holistic therapist, in particular, another Arvigo® therapist for continuity of care, please request this in writing and allow up to 30 days for processing. I don’t store your notes on a computer. Photocopies will be made, the envelope will be clearly marked Private and Confidential and they’ll be sent by registered post.
- Object – I will never use your email address for direct marketing. I will only email you if you have emailed me asking for a reply. If you’ve signed up to my mailing list (which you’ll have to do separately) you’ll receive the occasional seasonal update from me containing offers and information about new blog posts. If you no longer wish to receive any newsletter style emails from me, please unsubscribe from my mailing list.
- Not be subject to automated decision-making – I do not use any automated decision-making services on this website.
How my website collects information
No information is collected or stored on my website if you use my contact form to contact me. This form simply sends your message direct to my email inbox.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
When you visit my website I use third party services, Exactmetrics and Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. I use Google Analytics so that I can continually improve my service to you – read the Google Analytics privacy notice.
Who I share your data with.
My website is built with WordPress. WordPress does not share data with anyone.
I use some third-party plugins. These plugins do not track or collect any personally identifiable information. The plugins I use are:
Akismet – collects information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).
How long I retain your data.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data.
Visitor comments may be checked through an automated spam detection service. I use Akismet. Akismet collects information about visitors who comment on Sites that use our Akismet anti-spam service. The information collected depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).
How we protect your data.
All devices I use to access and update my website are password protected and I am the only user.
What data breach procedures we have in place.
This website does not collect or retain any identifiable data therefore a data breach that affects users is highly unlikely. If a data breach does occur that puts any identifiable data at risk, users will be informed immediately.
What third parties we receive data from.
This website does not receive any data from third parties.
What automated decision making and/or profiling we do with user data.
This website does not use any automated decision making or profiling.
Last updated 27/08/2023