GENERAL DATA PROTECTION REGULATION (GDPR)
VitaminBeth nutrition holds some information about you. This document outlines how that information is used, who we may share that information with and how we keep it secure. This notice does not provide exhaustive detail – we are happy to provide any additional information or explanation needed. Any requests for this should be sent to firstname.lastname@example.org.
We keep our Privacy Notice under regular review. This Privacy Notice was last reviewed in November 2022.
WHY DO WE NEED TO KEEP PERSONAL INFORMATION?
Individuals attend the clinic to obtain help, treatment, guidance and advice on health and lifestyle.
Obtaining personal information from the patient in respect of their contact details, their personal and family health histories, and their lifestyle choices are necessary in order to provide the advice and guidance requested. Financial information is necessary in order to process payments for the services provided. All personal information is processed lawfully, fairly and in a transparent manner. Personal data is held at the clinic with the express consent of the patient. Our lawful basis for processing personal information is legitimate interests. Information is collected: via a questionnaire completed by the patient; during a personal consultation; through email; via a website; over the telephone or by post; by taking card and online payments. VitaminBeth nutrition is a data processor and controller for the personal data it processes. No decisions are made by automated means.
WHAT INFORMATION IS HELD?
The personal information held contains the following information: Contact details: name, address, date of birth, landline telephone number, mobile telephone number, email address, preferred method of contact, next of kin, who you live with. Health Information: personal and family health history, lifestyle and social circumstances, physical and mental health details, GP contact details. Financial details: invoices for goods and services provided, payments made and any outstanding debt. Merchant copies of credit card receipts are kept for accounting records. Other information: Employment details. Referrals and appointment records.
Diagnostic information: Diagnosis of the condition and recommended treatments will be recorded. Test results.
WHAT FORM DOES THE INFORMATION HAVE AND IS IT SECURE?
Personal data is held at the clinic in a variety of forms:
- The clinician may make notes using a laptop the data being stored in the cloud.
- Online: personal information is held on digital software programmes for diary/calendar, invoicing and accountancy processing.
- Information may be held in email format, provided by the client and held within the online emailing system.
- Website: Contact details and financial payment information is obtained via our website for ordering books and workshops. The payment for those is processed via Paypal or Stripe.
All online and cloud storage of data is encrypted and protected by logins and passwords. All our external data processors that support us (such as PayPal and our booking and financial software providers) are legally and contractually bound to operate and prove security arrangements are in place to protect personal information.
HOW LONG IS INFORMATION KEPT?
This information is held in accordance with guidelines issued by our professional bodies and in accordance with the requirements of our insurers.
WHO DO WE SHARE DATA WITH?
Personal contact information and financial information provided by the client is processed by reception staff, finance/bookkeeping staff and accountants, and is available to the clinician. The clinician and staff see health and other information necessary for the consultation and they must follow the common law duty of confidence: Where information is given by the patient in confidence it is treated as confidential and protected accordingly. Individual express consent will be obtained to share information with the patient’s GP.
None of the information is shared with other organisations except:
- Contact details will be provided to suppliers of products that the patient wishes us to order on their behalf.
- Contact details will be provided to organisations that provide health testing facilities such as blood testing.
In all cases the patient provides permission to do so. Anonymous information concerning particular health issues and case histories may be shared with peers for the purpose of professional development. This may be at clinical supervision meetings or at conferences. Personal data may be shared where there is an overriding public interest in doing so, for instance, to safeguard an individual, or to prevent a serious crime. We do not share any information for marketing purposes.
WHAT ARE YOUR RIGHTS?
An individual has the right to withdraw from consent to us holding their information and has the right to request that personal data is kept in a particular form. However, that may result in the business relationship being unable to continue as the information in its current form is necessary for the desired outcome. An individual has the right to have their personal information rectified if it is inaccurate or incomplete. An individual has the right to have their personal information deleted, with some exceptions. An individual has the right to access their information. Requests for access must be in writing, by letter or email. We will comply with the request for information within 1 month. Access can be given to examine the records free of charge. If you would like to invoke any of your rights, please contact the office by email at email@example.com. An individual has the right to complain to the Information Commissioner’s Office.
Complaints regarding the use of personal information can be made by contacting the office by email to firstname.lastname@example.org If a complaint is not resolved satisfactorily a more formal complaint can be made to the Information Commissioner’s Office (ICO) on 07946231967