General Data Protection Regulation (GDPR)
Your privacy is important to me, and I want to communicate with my patients in a way which has their consent, and which is in line with UK law on data protection including the General Data Protection Regulation (GDPR).
This Privacy Notice and consent refer to personal data. Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data includes your name, address, email address and phone number.
A cookie is a piece of data sent from a website and stored on your computer’s hard drive. When you use the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of your previous activity.
In order to be able to purchase online, you need to have your cookies enabled.
These cookies do not store information such as your name, address or payment details. However, cookies allow us to access this information once you are logged into your account.
To identify you automatically when you sign in to the website
To remember your preferences and your activity in the past (like items added in your shopping basket)
To allow you to share products and information with social networks
To improve the use of the website, the content and services
To offer you the best customer experience
How can you manage cookies?
If you prefer to limit, block or delete your cookies from herbalenergetix.co.uk you need to use your browser by accessing the “Help Menu”. To check your cookies setting, you need to access your “Managing cookies” section.
When you supply your personal details to me during a consultation they are stored and processed for four key reasons:
1. I need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment from me and my agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that I would not be able to provide treatment to you.
2. I have a “Legitimate Interest” in collecting that information, because without it I cannot do my job effectively and safely.
3. I also may need to contact you in order to confirm your appointment to see me/us, or to update you on matters related to your medical care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.
4. Provided I have your consent, I may occasionally send information in the form of marketing materials You may withdraw this consent at any time – see below. Such requests will be acknowledged.
I have a legal obligation to retain your electronic records for at least 8 years after your most recent appointment (or age 25 if this is longer). After this period, you can ask me to delete your electronic records if you wish. Otherwise, I will retain your records indefinitely in order that I can provide you with the best possible care should you need to see me at some future date. I am legally advised to keep paper records indefinitely.
Your records are stored:
· On paper, in locked filing cabinets and my office is always locked out of working hours.
· Electronically on my computer which has up-to-date security software. Access to this data is strictly password protected, and the passwords are changed regularly. Any back-ups of this data are all password protected as well.
I will never share your data with anyone who does not need access to it without your written consent. Only the following people/agencies will have routine access to your data:
· Me, in order that I can provide you with treatment
· My reception staff will have access to your name, address, email address and phone number, as they need to organise my diaries, coordinate appointments and reminders. Such staff will not have access to your medical history or sensitive personal information.
· If part of your prescription is sent to you directly from a second party supplier, then your name and address will need to be given to that supplier. Such a supplier would have to be GDPR compliant as well, so your data will be safe.