GENERAL DATA PROTECTION REGULATION (GDPR)
Under current data protection legislation the law has now defined how we collect, use, disclose, retain and dispose of your personal data as well as your personal data rights.
We are committed to ensuring that your privacy is protected at all times and therefore have defined within this privacy notice the key principles of how we handle both your Personal Data and Sensitive Personal Data.
What personal data do we collect and what do we use it for?
We may collect and process Personal Data and Sensitive Personal Data (special category data) in forms such as:
Website: When making an online enquiry you may be asked to enter your name and treatment enquiry.
Registration form: Upon registration you will be required to provide personal information such as name, date of birth, GP contact details, any relevant medical history, allergies and medications being taken.
Medical notes and medical history: During your consultation we may collect medical information, past treatment, medical history, and consent. This information will only be processed by the designated member of staff who is appointed the processor and controller under the respective lawful basis for processing special category data.
Lynn Matheson may process both Personal Data and Special Category Data. The type of data that is needed to take an accurate medical record before performing hypnosis may fall under both Personal Data and Special Category Data (sensitive personal data).
This is any information relating to an identifiable person who can be directly or indirectly identified. For example: Name, ID, online identification.
Sensitive Personal Data (Special Category Data)
Special Category Data is personal data that the GDPR says is more sensitive and, therefore, needs more protection.
In order to lawfully process ‘Special Category Data’, and ‘Sensitive Personal Data’ we have identified both a lawful basis under Article 6 Consent and Vital Interest and a separate condition for processing special category data under Article 9 (2) (h) of the GDPR.
(h) ‘processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;’
Lawful basis for processing your data
We have reviewed our Lawful Basis and have identified Consent and Vital Interests as being the most appropriate Lawful Basis for processing your data. (Article 6)
Lawful Basis requires that the processing of patient data must be ‘necessary’.
Under the guide for transparency, ‘right to be informed’, Lynn Matheson will ensure that all persons will be informed of the Lawful Basis for processing and the intended purpose for processing your data.
To whom and when will we disclose or share your personal data?
We will not share, sell, distribute or lease your personal information to any third party unless we have your prior permission or are required to do so by law.
In the case of third party, where you have given your permission for us to share your information, such as with specific health care professionals, if we do, we will require that these third parties acting on our behalf protect the confidentiality and security of your data that you have agreed to share with them.
How long do we keep your data for?
The personal data we hold on will be stored for a period of 10 years. You may request that we delete your personal information by writing to us and asking that the deletion be done. We will contact you to confirm the deletion has been made.
What are your rights
You have the right to be informed, have access to, rectify, erase, object or restrict processing of any data that we hold on you.
To exercise these rights please contact us either by phone or in writing.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
Contact and Communication with us
The website contains information that enables an electronic contact to our business, as well as direct communication with us, which also includes a general address of electronic mail. If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data, transmitted on a voluntary basis by a data subject to the data controller, are stored for the purpose of processing or contacting or responding to the data subject. There is no transfer of this personal data to third parties.
Downloads and Media Files
Any downloadable documents, files or media that are made available on this website are provided to users at their own risk. While all precautions have been taken to ensure the downloads and files are virus free, users are advised to verify their authenticity using third party anti-virus software or similar applications.
Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server, to provide users with a tailored experience within the website.
Users are advised that, if they wish to deny the use and saving of cookies from this website on to their computer’s hard drive, they should take necessary steps within their web browser’s security settings to block all cookies from this website and its external serving vendors or use the cookie control system, if available upon their first visit.
Website Visitor Tracking
When someone visits lynn-matheson-hypnotherapy.com we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of anyone visiting our website.
Revising the Privacy Notice
From time to time we may need to make changes to our privacy notice to reflect changes in legal obligations or the ways in which we process your data. We will notify you of any changes that may become effective that will affect you.