Effective date: [[ Display date goes here ]]
In accordance with the General Data Protection Regulation (GDPR) act of 2018, I have a duty to explain the collection, use and storage of the highly sensitive data you provide to me as your wellbeing and legacy coach.
I, Roberta Weber, am the data controller for any of the services I provide. It is my professional duty to collect information regarding you, the client, for this work. This information may include name, date of birth, birthplace, race, ethnic or country origin, health history and status, genetic information, sexual orientation or gender alignment, criminal record, my traditional diagnosis, treatment provided, further notes reflecting on the treatment progress and diagnosis changes as well as home and email addresses, phone numbers, medical health centre/GP details. Most of this information is regarded as falling under the ‘special categories’ aspect of GDPR and requires both a robust legal basis for collecting the data as well as an explicit purpose. The legal basis I declare is CONSENT (that is explicit consent from you, the client) and LEGITIMATE INTEREST (specifically for “special category” information) for the purposes of providing the wellbeing care you have engaged my services to receive (this is seen as article 9(2)).
What happens to the data collected from you as described above?
- Handwritten notes and intake forms, including all of the above information, are kept in an individual file and locked in a filing cabinet that is located in my home office. Some personal information is kept online in an online diary Acuity (see below). Information in the notes are kept private and not shared with anyone else unless with your strict permission (e.g. referral to another practitioner) or in the case of a professionally recognised emergency. With a client’s explicit permission, some notes/client information may be stored, and/or transferred utilising Google’s Classroom/One Drive feature, which has robust encryption and security measures in place.
- Phone numbers and email addresses are kept on a contact list and stored on my encrypted and password protected phone, ipad tablet, computer, email marketing management software (Kajabi) and on an encrypted iCloud server. Email addresses and phone numbers are only used for clinic services (eg to provide intake forms or make appointments) unless permission is specifically given for marketing use. Kajabi is the current email marketing provider.
- Appointment information is also kept in an online diary (Acuity). Past appointment information details (not session related) is kept in files only for professional and tax reasons.
Consent for storage of files is requested for a period of eight years after the last session we have together – or for children under the age of 18, until they are 26 years old.
Data outwith notes and contact details: Banking is traceable and as such it is important that you know that banking files are also treated securely by Roberta. Emails are sent using the Google system and are thus encrypted and held secure by similar standards to Google Classroom. Also utilised, if agreeable, are the Whatsapp and Voxer messenger services that are also end to end encrypted. Recorded sessions or voice memos are sent via email, Whatsapp messenger service or uploaded into the Google classroom for transfer to your personal computer and deleted.
As no online transactions can be deemed 100% secure, I can recommend the use of a few services that are ‘more secure’ than others, but if this is of a concern to you please make suitable arrangements with me prior to engaging in my services.
I am asking for consent for use of personal contact information for marketing purposes (newsletters outlining workshops and courses and any clinic changes). Please note, consent to the use of your email address or phone numbers for the receipt of marketing materials is NOT required for the use of Roberta’s services.
If you have any questions, concerns or complaints about this [[ Insert Policy Name Here ]], please contact us:
- By email: [[ Contact Email ]]
- By visiting this page on our website: [[ Contact Website Link ]]
- By mail: [[ Contact Postal Address ]]