GDPR Data Protection Policy – Privacy Notice
This Notice describes how I, Emma Finch, collect, use, share, retain and safeguard personal data.
The lawful basis under which I hold you data is Legitimate Interest and Contract.
Emma holds medical/treatment histories and consent forms for clients to ensure appropriate holistic and wellbeing treatments are given; consent forms and contact information for individuals/clients who have attended a workshop and/or stayed at the retreat and/or clients/individuals who have expressed an interest in receiving newsletters which contain relevant holistic wellbeing tips, information of events and communications regarding activities being organised or run by Emma or where she will be working. Emma also collects personal data when you visit her websites, such as IP addresses. Your personal data will be stored on various platforms and systems for contacting interested individuals/clients.
This Data Protection policy applies to all electronic and paper versions of this information and the various storage mechanisms used to retain this information. This may be personal computer systems, cloud storage systems and online services such as SquareSpace and MailChimp.
All records held by Emma will be treated with full confidentiality by Emma Finch and will not be passed to any ambiguous third parties or outside organisations unless otherwise agreed through written consent from the individual concerned, or where required or entitled to do so by law under lawful data processing. Medical/treatment records, contact information and consent forms will be kept in paper format securely for a minimum of 7 years (7 years from the age of 18 for minors) from the date of the last treatment/workshop/retreat. Names, phone numbers and email addresses will be stored securely in electronic format, accessed by Emma, her staff, and IT consultant in order that associated emails and wellbeing newsletters can be sent, and her accountant to be able to process financial information.
An individual can opt out from receiving newsletters now or at any future point by emailing/writing to Emma (firstname.lastname@example.org) or clicking the ‘unsubscribe’ link on the newsletters.
All data stored by Emma Finch is the property of that individual/client. If that individual/client makes a request to see their data this will be provided to them, free of charge (however, if your request is considered to be repetitive, wholly unfounded and/or excessive, Emma is entitled to charge a reasonable administration fee), in electronic format. If the individual does not have access to electronic communication methods then the request will be responded to by post. If you give written/electronic notification to Emma you will receive a copy of your data within 30 working days from the date your request is received.
Emma is responsible for processing this data and ensuring it is stored in the correct format on the correct media.
The main data risks are from viruses and malware that may affect personal computer systems where this data is held, or online attack of the services used to store the data, such as MailChimp.
Key precautions to prevent data breaches are updated anti-virus software on all personal computers used to store data and using trusted providers for cloud services where data is held (e.g. MailChimp, Google Drive etc.)
Data stored in the cloud is backed up by the relevant organisations’ internal mechanisms. All data stored on personally owned devices will be backed up using removable media such as external hard drives or USB memory sticks. Cloud backup may also be used to back up data.
Data is kept accurate/updated as and when individuals/clients attend their next treatment/workshop/retreat (volunteer or paid).
You have the Right to Erasure: Data held may be deleted upon written request from an individual/client whose data it is; however, paper medical/treatment history and consent forms must be held for at least 7 years as detailed above.
Any future changes to data storage methods or locations of stored data will be communicated to clients/individuals by electronic mail, in cases where the individual does not have access to electronic communication methods, this information will be communicated by post in 30 working days.
Emma Finch will be responsible for communicating any data breach to the ICO and Charities Commission.
If you have any queries or questions regarding the above please feel free to phone me and talk them through. My mobile number is: 07957 161748
Full details of your lawful rights can be found here.