Reflections Bespoke Therapy Centre is the data controller for your personal data and the nominated person for all matters relating to your data is Zahava Bloom, who can be contacted by post at 1 Harrowes Meade, Edgware, Middlesex HA8 8RR or by email at firstname.lastname@example.org
We will hold and process your personal data in accordance with the Data Protection Act and the EU General Data Protection Regulation and such other relevant and applicable laws and regulations, issued by the Information Commissioner’s Office or other relevant supervisory authority.
What is the basis on which we process your personal data?
- Your consent that we do so, given verbally or in writing (including email) or by your agreeing to do so on our online forms.
IMPORTANT NOTE: the personal data you provide initially or during your relationship with us will often include ‘sensitive’ information regarding your health and lifestyle. You must consider this carefully before giving your consent. However, without this information and consent we will not ethically be able to offer advice or treatment.
- Your consent can be withdrawn at any time but will not be retrospective.
- To provide you the services that you require and to manage our business relationship with you.
Where do we get our information?
- From you, when you fill in forms or contact us by phone, email or so on.
- From your electronic devices, such as IP address, URL, time zone and so on.
- From credit and anti-fraud agencies.
- From publically available sources including social media.
- From external medical intermediaries working with us on your behalf.
- From other medical intermediaries where you have given us permission to approach them.
Where do we share your personal data?
- Your treatment providers.
- Our trusted third party service providers.
- Our associated companies but only to the extent that they are involved in your treatment or providing services necessary to manage our relationship with you.
- In certain circumstances we may be required to share information with public Authorities or Regulators.
- If you are incapacitated, we may share medical information with someone acting on your behalf.
- We never share information with third parties for marketing purposes.
Where is your personal data stored?
- All data is presently stored in our secure database in the UK and if in the future this changes the data will only be stored within the EEA.
What are your Data Protection Rights?
Your personal data is protected by legal rights.
Full information on this is available from the Information Commissioner’s Office (www.ico.org.uk).
Your rights may include:
- To object to our processing your personal data
- To request that your personal data is corrected or erased
- To request access to your personal data
How long do we retain your personal data?
- We will retain your personal data during your relationship with us and continue to do so for an appropriate period after this comes to end, usually 5 years, so that the data remains available if you decide to return to us for further treatment or consultation.
- However, we will delete your data immediately if you instruct us to do so, except to the extent required for administering the termination of the relationship – for example, for payments to be received – or as required by law of regulatory authorities.