Privacy Policy

Terms:

Data Subject – This is you

Data Controller – the person registered with the ICO who decides on how the information is used, processed and kept secure. Sally Race, Acorn Natural Health Centre.

Data Processors – Reception and admin staff at Acorn Natural Health Centre. They use the information to enable them do their job.

What information do we collect?

We collect data subjects name, contact number and email address, we also record the time and date of your appointment, what you are booked in for and who with. We also handle email, Facebook messages, telephone recorded message (voicemail), CCTV footage

Why you collect it?

To book appointments, to send out reminders and so the practitioners know who and what treatment to prepare for. This also enables us to maintain anonymous business growth records. We enable clients to contact us by phone, facebook and other social media methods and email, so they can ask questions and book/amend appointments and can be kept up to date. We collect CCTV footage for the protection of Acorn Natural Health Centre, our clients, staff and property.

Where it is stored?

On a booking system, which is compliant with GDPR. Currently simplybook.it

Our email system, currently Mailchimp, which is compliant with GDDR

What is it used for?

To book appointments, to send out reminders and so the practitioners know who and what treatment to prepare for. This also enables us to maintain anonymous business growth records.

Names and email addresses where clients have signed up for our email, are used to send a monthly email with various health info and offers.

Who has access to it?

Data Processors –

All reception staff. Reception staff have access to the full booking system to enable them to carry out their role; booking, amending, cancelling appointments as required. They have access to data subjects name, email address, phone number and what they have booked and when.

Individual practitioners. Individual practitioners have access to the booking system which is limited to their clients only.

Names and emails used in our monthly email list – accessed by two members of staff only for admin purposes.

Who it is shared with?

Booking system - Reception staff and the practitioner who the data subject is booked in with.

Our monthly mailing list – data subjects information is not shared with anyone. We do however use an email service provider, so the names and emails are stored on that system, which is GDPR compliant.

How long it is stored?

Booking system - Currently no delete date, awaiting guidance.

Emails and other messages are cleared annually, unless there is good reason not to.

Monthly email list – until subscriber/data user unsubscribes.

What you will do with it when it is no longer needed?

Delete as per the booking system delete instructions.

Delete as per the mailchimp system instructions.

Data Subjects Rights

While we always take every care and follow GDPR guidelines, data subjects have a right to complain to the ICO if they think there is a problem with the way their data is handled by Acorn Natural Health Centre.

A client or data subject has the right to see what information Acorn Natural Health Centre holds about them. This is called a Subject Access Request (SAR). It must be submitted in writing (letter or email) and will be responded to within 30 days of receipt.

Data subjects have the right to ask for their data to be erased. Often referred to as ‘the right to be forgotten’. This is actionable unless there are legal reasons why it is not possible, ie insurance purposes or HMRC etc.

Data subjects have the right to restrict data processing about themselves, ie. Only used for specific purposes.