Like me, you have been probably overwhelmed by the amount of recent emails bombarding inboxes across the Euro Zone in regards to the latest development in data protection law.
Belfast Herbalist has been already following GDPR regulations since forever, but now it seems I am obliged to have to tell you all about it, in case you didn't know. In a nutshell, I hold info relating to patients on password protected computers or under lock and key in filing cabinets. I even use encrypted email services on request. Nobody can see this information without your written consent, with some exceptions. You may see you data on request, or ait to be erased with some exceptions. Full GDPR guidelines can be found here.
Belfast Heerbalist Privacy Policy
It is our policy to collect, process and share your Data provided to
us by you in order to carry out the services requested by you and any
contact in relation to those services only. Your Data will not be used
for any other purposes other than those explicitly stated in this policy
or requested by you in your dealings with us.
This Privacy
Policy describes how we collect, use, protect, process and share your
personal data (Data) when you book appointments online with us, directly
with us and avail of treatments with us or otherwise interact with us.
This Privacy Policy does not apply to the information processed by
third parties on behalf of Belfast Herbalist, however we have reviewed their
Privacy Policies and are happy they meet General Data Protection
Regulations 2018 (GDPR) standards.
We may update this Privacy
Policy at any time to ensure we can carry out the services we provide in
the most effective and efficient way possible. If we make changes we
will notify you by revising the date on our published document on our
website and in clinic, or for more substantial changes by contracting
you via email or text to seek consent.
1. The identity of the controller:
You
are hereby informed that the Data that you provide is collected, used,
protected, processed and shared by the clinic director.
2. Collection of Data:
We may collect Data about our patients, prospects and visitors.
Your Data are collected when you browse our website, contact us via email, phone or in person or through our website.
Data we collect fall into the following categories:
* Identification information
* Contact information
* Medical information
* Browsing information
These
Data are gathered directly from you via online booking and from direct
communication with us, i.e. client intake form. Browsing history is
collected via automated methods.
2.1. Information you provide to us
We process Data you provide directly to us, in particular when you complete a client intake form or book online.
For
example, we collect Data when you create a booking, use the services,
participate in a contest or promotion, register for an event or an
online course, apply for a job, request customer support or otherwise
communicate with us.
The Data may include the following data as
well as any other type of information that we specifically request you
to provide to us through our client intake forms, such as:
* Names
* Address
* Date of Birth
* Phone no
* Email
* Doctor’s details
* Next of kin
* Medical history
* Medical red flag
* Treatment notes
* Relationship data
* Browsing data
2.2. Data We collect automatically when you use our online services:
When you access or use our online services, we automatically collect the following information about you:
*
Log Information: We log information about your use of the Services,
including the type of browser you use, access times, pages viewed, your
IP address and the page you visited before navigating to
Our Services.
*
Device Information: We collect information about the computer or mobile
device you use to access Our Services, including the hardware model,
operating system and version, unique device identifiers and mobile
network information.
* Location Information: We may with your
consent collect information about the location of your device each time
you access or use one of Our mobile applications. If you initially
consent to Our collection of location information, you may be able to
subsequently stop the collection of these Data through your device
operating system settings. You may also stop Our collection of location
information by following the standard uninstall process to remove Our
mobile applications from your device.
2.3. Information we collect automatically through Cookies and other tracking technology
We
may use cookies, web beacon and other similar technologies on our
online Services to collect information and provide you with the services
or products that you have requested.
A “cookie” is a small text
file that is placed onto an Internet user’s web browser or device and
which is used to record information related to the navigation or the use
of a device or a website.
A “web beacon” is a small object or
image that is embedded into a web page, application, or email and is
used to track activity. They are also sometimes referred to as pixels
and tags (also known as “tracking pixels”). It may be used in Our
Services or emails and help deliver cookies, count visits,
understand
usage and campaign effectiveness and determine whether an email has
been opened and acted upon. For more information about cookies, and how
to disable them, please see “Your Choices” below.
We use cookies
and other similar technologies to collect information for the purposes
described in this Privacy Policy. We may also combine the information
collected by these technologies with information we have collected about
you by other means that are described in this Privacy Policy.
Some
of the cookies are used for the exclusive purpose of enabling or
facilitating communication or are strictly necessary for the provision
of our online services.
These are essentially of session cookies
for authenticating and connecting to our online services, as well as
memorizing navigation items during a session.
You have the
ability to decline cookies by changing the settings on your browser but
this might prevent you from benefiting from some elements of our online
services. You can also consult or destroy cookies if you wish, since
they are stored on your hard disk.
We may also use these technologies for other purposes than our online service operation such as:
* To improve our online services;
* To remember you, for your convenience, when you use our online services.
We
inform you, in particular, that We use Google Analytics to collect
information about use of our online services. We do not combine the
information collected through the use of Google Analytics with
personally identifiable information. We inform you that Google Analytics
plants a permanent cookie on your web browser to identify you as a
unique user the next time you visit our site, the cookie cannot be used
by anyone but Google. Google’s ability to use and share information
collected by Google Analytics about your visits to this site is
restricted by the Google Analytics Terms of Use and the Google Privacy
Policy. You can prevent Google Analytics from recognizing you on return
visits to this site by disabling cookies on your browser. For more
information on Google Analytics, please visit Google Analytics.
2.4. Third Party Cookies
When you access or use our online services, one or more cookies from third party are likely to be placed on your equipment.
We
inform you that we have no access and cannot exercise any control over
third party cookies. However, we shall ensure that the partner companies
agree to process the information collected on our online services in
compliance with the GDPR and undertake to implement appropriate measures
for securing and protecting the confidentiality of the Data.
3. How we use the Data
We may use information about you for the following purposes:
* provide, maintain and improve our services
*
provide and deliver the service you request, process transactions and
send you related information including confirmations and invoices
* send you technical notices, updates, security alerts and support and administrative messages
* respond to your comments, questions, requests and provide customer service
* monitor and analyse trends, usage and activities in connection with our services
* personalize and improve the services we provide
According to the GDPR, each Data processing is performed on one of the following legal basis:
* your consent
* the performance of the service requested by you
4. How we share your Data
*
We share your Data with our online booking system to help us provide
our service including bookings, transactions, booking confirmations.
*
In response to a request for information if we are required by, or
believe disclosure is required by, any applicable law, regulation or
legal process, including in connection with lawful requests by law
enforcement, national security, or other public authorities.
5. The period of Data retention
Our
insurance providers require us to retain all records for a period of 7
years after the last appointment, or in the case of minors, for 7 years
after their 18th birthday. We work off this for all data. (GDPR states
that clients have a right to be forgotten and can request data deleted –
queries have been put to the Data Protection Commissioners in regards
to the conflict here).
Card details when card payments are taken
over the phone. The card number is typed directly into the terminal and
is never written or stored anywhere.
6. Data transfer
Upon
receiving a written request from you seeking Data transfer, we will
provide a hardcopy copy of your original treatment notes with no
alterations from the original. These will be handed in person or sent by
registered post.
7. Data amendments
Upon receiving a
request from you in regards to updating Data held by us, we will seek to
correct our records at the earliest possible time.
8. Security
We
are committed to taking appropriate measures designed to keep your Data
secure. Our technical, administrative and physical procedures are
designed to protect Data from loss, theft, misuse and accidental,
unlawful or unauthorized access, disclosure, alteration, use and
destruction. We follow generally accepted standards to protect the
personal information submitted to us, both during transmission and once
it is received.
9. Your rights
Under the General Data Protection Regulations 2018 (GDPR) individuals have the significantly strengthened rights to:
* obtain details about how their data is processed by an organisation or business;
* obtain copies of personal data that an organisation holds on them;
* have incorrect or incomplete data corrected;
*
have their data erased by an organisation, where, for example, the
organisation has no legitimate reason for retaining the data;
* obtain their data from an organisation and to have that data transmitted to another organisation (Data Portability);
* object to the processing of their data by an organisation in certain circumstances;
* not to be subject to (with some exceptions) automated decision making, including profiling.
10. In the event of a Breach
Every
precaution will be taken to avoid a breach of your Data, but if such a
breach should occur, it will be documented, assessed as to its severity
and appropriate action taken. The Data Proctection Commissioner will be
informed, An Garda Siochana and financial institutions will be contacted
for assistance and you will be contacted to help you take steps to
mitigate the risks to yourself, if it is deemed a severe enough breach
as to put you, your identity, your financial means etc. at risk
No comments:
Post a Comment