I know that there’s a lot of information here, but I want you to be fully informed about your rights and how I intend to use your data.
Who is the Data Controller?
I, Samantha Richardson am the Data Controller and responsible for your personal data.
How do I gather data?
The basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for me to fulfili the contract that we have together (i.e. to provide therapies) and that it is data that you would reasonably expect me to hold and use.
For those who inquire about the services I offer, the data I hold includes any information you have sent me via the automated contact form on my website and by email or text.
What data do i collect and how it is used:
Personal data is that which can identify you as an individual and data I collect about you is for my legitimate business interests. This includes contact data when you make an inquiry regarding the services I offer, either via my website (iamcre8ing), telephone, text, email or by social media (Instagram/Facebook).
I process personal sensitive data in the form of collecting a completed client questionnaire relating to your health history and other relevant information for the purpose of identifying areas of concern for healing or personal development strategies to enable an increase in well- being. This information is recorded and securely stored on a password protected computer or, if on paper, in a securely locked filing cabinet.
Financial data: Payment for services made via direct transfer and data is encrypted by my bank, HSBC, and bank details stored electronically on the account page.
For those who book and attend at least one session, the data I hold may include:
Details about you such as your full name, date of birth, address, email, telephone number (home and/or mobile), GP contact details;
More detailed information will be kept about you regarding your past and present mental/emotional/spiritual and physical health and well-being, as well as your family medical history, all of which are necessary in order to provide the most effective therapy;
Any contact we have with you, such as appointments (in person, by phone or by zoom or any other method of communication);
Notes and reports about your health and well-being created by us;
Details of current/past illness and any medications currently taking, prescribed by your GP or over the counter remedies;
Reasons for treatment may be disclosed by yourself via email or text message before the consultation has taken place;
Childhood illnesses, major diseases, accidents, hospitalisations etc;
Life traumas you have experienced.
Where is your information stored?
Your information is contained on a client questionnaire form (completed before your first appointment), containing health and personal information, and stored securely either electronically or on paper and locked in a filing cabinet. This form is updated during subsequent visits.
Contact details are stored for the purpose of contacting you about legitimate business with you, such as feedback after an appointment or making further appointments.
Any emails sent between us are held on my computer’s hard drive. My computer is password protected.
Any text messages sent between us are held on my mobile phone. Any relevant information is then transferred to your paper file and locked securely away in a filing cabinet. The text is then deleted. My mobile phone is password protected.
Your paper notes are securely stored in a locked filing cabinet.
A coding system enables me to know whose notes are whose, but a stranger seeing the notes would not be able to identify who they referred to.
If you use PayPal or online banking, then clearly these systems will hold your data. I will download from these systems for accounting purposes.
I am not in control of data (including emails and texts) which you send me;
Social media platforms such as Facebook routinely access information held on their site and this is beyond my control.
How long is your personal and sensitive personal data is kept for?
As per legal requirements by my insurer (Federation of Holistic Therapists), I am obliged to keep your data for 10 years from the date of your first session. Records will be kept while you continue to have sessions with me. After 10 years your information is deleted from my computer and any paper data is shredded.
Sharing your data:
I take measures to protect client confidentiality always. This means that no identifiable information about a client is passed to any third parties (anyone or any agency) without the express permission of that client, except when it is essential to providing care or necessary to protect someone’s health, safety or well-being. If a client or another person is at grave risk of serious harm, then I can take advice from a professional/regulatory/defense body, in order to decide whether disclosure without consent is justified to protect the client or another person.
I may need to discuss details of your case with a supervisor in order to ensure you are receiving the best possible care, in which case only information about your mental/emotional/Spiritual and physical health will be disclosed – any personal information that may identify you or your family (names, address, date of birth, telephone number, email etc.) will not be disclosed.
Zoom, Face-time Sessions:
Sessions with myself are confidential and are never recorded. The only information that will be kept by the system is the time, date, duration and contact information which is required to create the appointment.
Additional information and homework maybe sent via email. All of this is deleted after the session has ended. Email information stays with the email server until such a time as emails are deleted. All emails and website form responses are on a secure server and any information that you send in an email about your session with myself is confidential and only seen by me, and totally voluntary on your behalf. I cannot be held responsible for the integrity of email travel over the internet. CONFIDENTIAL INFORMATION IS NEVER SHARED WITH ANYONE
Opt-out or removal of your information:
You always have the option of removing your personal data from any communications list to discontinue any such future communications.
To ensure immediate removal from any list, please follow the specific instructions set forth within the communications you receive from myself, which you no longer wish to receive.
If you are unsuccessful in completing the instructions specified in any such communication, please email me at firstname.lastname@example.org and simply request to be unsubscribed.
Under the Data Protection Act: May 2018 you have the following rights in relation to the use of your personal data. These include:
1. The right to be informed;
2. The right of access;
3. The right to rectification;
4. The right to erasure;
5. The right to restrict processing;
6. The right to data portability;
7. The right to object; and
8. The right not to be subject to automated decision-making, including profiling.
You can exercise your rights at any time. There will not be a fee to process these requests. However, a reasonable administration fee may be charged if requests are repetitive or excessive. If you wish to exercise any of these rights, please email myself on email@example.com.
If you are not happy with any aspect of the way in which I process your personal data, you have the right to complain to the Information Commissioner’s Office (www.ico.org.uk) the UK supervisory authority for data protection issues. However, I would appreciate the chance to resolve any concerns you may have before contacting the (ICO), so please contact me for further assistance.
If there is any breach of data security, I will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and will do everything possible to minimise any potential impact.
My Data Protection Registration Number: ZA460286.
Access to personal information
You have the right to request access to view or to obtain copies of the information held by myself and to have it amended should it be inaccurate. You should receive this information no later than 28 days after the request has been made.
However, there are several grounds on which I can refuse to erase client information, such as:
Our need to comply with a legal obligation for the performance of a public interest task, or exercise legal authority;
For public health purposes in the public interest;
The exercise or defense of legal claims.
Changes to your information
It is important to let me know if any of your details have changed, such as your name or address so that it can be amended. You have a responsibility to inform me of any changes so our records are up to date. Please contact me via firstname.lastname@example.org to let me know of any such changes.
There are various ways for you to add your personal information to my database on my website: www.iamcre8ing.com, by clicking on “Submit” “Sign-up” “Buy now” “Purchase” and/or any other button that has a similar meaning, you are providing your explicit consent to be added to my communication system.
By entering information into the contact form, you must be aware that anything you send is sent to myself via a secure email system. You will not be added to any email listing without an opt-in form.
You may opt-out of emails from Samantha at any time by clicking “unsubscribe” found on all communication.
I respect the privacy concerns of the users of my website (www.iamcre8ing.com) and the services and/or goods provided there. I provide this privacy statement to explain what information is gathered during a visit to the site and how such information may be used.
Use of information
As a general policy, no personally identifiable information (“personal data”), such as your name, address, or e-mail address, is automatically collected from your visit to the site. Any personal data collected by the site must be voluntarily entered by the subscriber.
“Special Data” is data that is sent voluntarily by the subscriber via use of the contact form to Samantha Richardson and is treated as confidential.
Non-personal data is recorded by the standard operation of my internet servers. Information such as the type of browser being used, its operating system, and your IP address is gathered to enhance your online experience.
PERSONAL DATA is information that specifically identifies you (name, email address, ship to/bill to address, phone number) and can be used to specifically locate you from within my database and or filing system.
SENSITIVE DATA is information that you supply voluntarily to me when applying to meet me for a therapy session or to obtain more information about the services I offer using the contact form provided on (www.iamcre8ing.com).
Anything that is sent to myself via the contact form (www.iamcre8ing.com) is deemed confidential and not shared with any third party. Any queries you may also send to my email address (email@example.com), which is also deemed confidential and is not shared with any third party.
Information submitted in the general contact form or via email will be used by myself to:
Email the subscriber the requested information;
Provide the subscriber access to the requested content;
Should the subscriber request to be unsubscribed from any email listing they can click on the unsubscribe button supplied with any email correspondence from myself and they will automatically be unsubscribed.
Use to third parties
Personal data and Sensitive data is never sold, leased, or shared with any third parties.
My site does not store any credit card information it may receive regarding a specific transaction and/or billing arrangement except as necessary to complete and satisfy its rights and obligations about such transaction, billing arrangement, and/or as otherwise authorised by a user.
Payment for services is made via direct transfer and data is encrypted by my bank HSBC plc. Bank details are stored electronically on the account page.
I may disclose subscriber information in special cases when required by legal and or law enforcement and only when required by law.
If I have reasonable reason(s) to believe that disclosing personal data held by myself is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference (either intentionally or unintentionally) with my rights or property, other users of the site, and or anyone else that could be harmed by such activities, then I will work with the appropriate and legitimate law enforcement and or legal authorities to make sure that the personal data is handled in accordance with the applicable laws.
As a Subscriber and/or user of the site, you have the following rights:
Transparent information from myself regarding how I communicate and interact with the subscriber;
The right to hear back from myself regarding any inquiry into subscribers personal data;
To request correction of personal data from myself;
Access to subscriber’s personal data including knowing the purposes that the data is used for;
To request erasure from my records if there are not overriding legal, public interest, or legitimate interests;
To a restriction on the processing of the personal data;
Data portability of personal data (having a record provided to you that is readable and commonly used that outlines the personal data I hold on you);
To object to processing of personal data – I shall no longer process the subscriber’s personal data unless I demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the subscriber or for the establishment, exercise or defense of legal claims;
To file a complaint with the supervisory authority;
The right to unsubscribe at any time (withdraw consent).
Profiling Personal Data
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a subscriber, to analyse or predict aspects concerning that subscriber’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
I DO NOT ENGAGE IN ANY SORT OF PROFILING OF ITS SUBSCRIBERS BASED ON PERSONAL DATA.
Children under the age of 16
I recognise the special obligation to protect personal data obtained from children aged 16 and under. IF YOU ARE 16 YEARS OLD OR YOUNGER, I REQUEST THAT YOU NOT SUBMIT ANY PERSONAL INFORMATION TO THE SITE OR TO myself.
If I discover that a child aged 16 or younger has signed up on the SITE and/or provided myself with personal data, I will delete that child’s personal data from my records straight away. Adult supervision is required always. If the client is a child, records must be kept for at least 10 years after they reach adulthood.
Cookies are pieces of information that a website transfers to an individual’s computer hard drive for record keeping purposes. Cookies make using my site easier by saving your passwords and preferences for you.
These cookies are restricted for use only on the company’s site, and do not transfer any personal data to any other party. Most browsers are initially set up to accept cookies. You can, however, reset your browser to refuse all cookies or indicate when a cookie is being sent. Please consult the technical information relevant to your browser for instructions. If you choose to disable your cookies setting or refuse to accept a cookie, some parts of the site may not function properly or may be considerably slower.
Malware, Spyware, Viruses
Neither myself nor the site knowingly permit the use of malware, spyware, viruses, and/or other similar types of software.
Links to external sites
Links and references to other websites, organisations or people beyond our website are provided for convenience and information purposes only and should not be taken as an endorsement of such website, organisation or person by myself.
Security for all personal data is extremely important to myself. Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while I strive to protect subscriber’s personal data, I cannot ensure or warrant the security of any personal data the subscriber transmits via the internet. By transmitting any such information to my site the subscriber accepts that he or she does so at their own risk.
Your acceptance of these terms