This notice to inform you of our policy towards information we record about you and forms part of our arrangement to comply with the EU General Data Protection Regulation (GDPR), taking effect from May 25, 2018. It set out the conditions under which we may process any information that we collect from and about you. In the context of the law and this notice “processing” means collecting, storing, transferring, using or otherwise acting on information.
Under GDPR we are also required within our Privacy Statement to state which of 6 possible lawful bases we rely on to justify our processing of personal data.
Information Held by Alex Olds Holistics Limited
We keep information for 2 purposes:
1. In order to be able to treat you and to advise you of any changes that might impact our relationship going forward ("Information related to treatments")
2. To advise you of new events, products, offers etc. which we believe may be of interest to you ("Information related to new events, products and offers").
More information is provided directly below on these 2 types of information.
1. Information related to treatments
We collect personal information in order to provide you with the very best tailored, safe and effective treatment. Information can be in written and/or in machine readable form and is collected at 3 points:
- i) Before receiving any treatments, when you are asked to complete a health questionnaire on-line. This provides contact details for use going forward and also enables us to assess whether the proposed treatment is suitable against any associated risk factors. We ask you to confirm you have disclosed all relevant conditions and information which could affect the treatment.
- ii) At the initial consultation stage, when we will discuss the proposed treatment, follow up on points arising from the questionnaire and consider any other points which might affect the treatment.
- iii) Following treatments , when we will record details of the treatment or recommendation provided, the results of the treatment or recommendation and any further aftercare instructions which are given.
We do not keep information any longer than necessary but as a guide, we will keep most records for 7 years, which is a requirement of our insurance. Personal information is treated very confidentially and will never be disclosed to third parties without your consent except in exceptional circumstances where we are legally obliged to do so (e.g. in order to prevent and detect crime) or in relation to the establishment, exercise or defence of legal claims.
Internally we have established various controls to protect your data from unauthorised access, alternation, disclosure or destruction. For example, machine readable information is centrally held and password protected, and any physical records are kept in locked cabinets with archive arrangements in place to limit access to records which are non-current.
Our lawful reason for holding your information is under “legitimate interests” per GDPR. You will have reasonable expectations for your data to be used this way and there are no fundamental rights and freedoms which we would consider to be overriding.
We may also hold data as a result of the contractual relationship we have with you.
Please note: We will only hold a limited set of data for anyone under 18 where we have express consent from the parent or guardian and where this is in connection with the provision of a specific treatment.
2. Information related to new events, products and offers.
We may contact you from time to time about new events and developments. This may be via our News Letter or via email. Our basis for holding this information depends on whether you have had a treatment with us.
If you are or have been a client we hold information under the lawful reason "legitimate reason" per above.
If you have not received treatments from us we will hold your email details on the basis on "consent". You have the right to withdraw this consent at any time and we will remove your email contact details from our database.
Please note if you are an existing client, you have the right to contact us and we will remove your details from our mailing lists. New clients are asked whether they wish to subscribe to our mailing lists.
Accessing your data
GDPR gives you the right to access information held about you. We aim to provide you with access to your personal information. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate – unless we have to keep that information for legitimate business or legal purposes.
If you wish to have a copy of the information we hold about you or have any other questions or concerns regarding data protection, please contact us at firstname.lastname@example.org.
This policy may be updated from time to time in relation to changes we make to our business and services we provide.