15th Nov 2019
Mindbalance Privacy Notice: updated Jan 2020
Lindsay of Mindbalance can be contacted for data protection matters via www.mindbalance.co.uk ; email email@example.com ; Tel: 07977416885 .This is a live document and may be updated at any time to reflect changes in law or growth of the business, and therefore should be revisited regularly to check for any updates. Mindbalance is fully committed to ensuring clients’ privacy and data protection rights.This policy sets out how Mindbalance uses & protects the information you provide when using my services & when accessing this website. Mindbalance is committed to protecting & respecting your privacy.
Why Mindbalance needs to collect your information
Mindbalance processes personal information to enable the provision of therapeutic services including Hypnotherapy, Stress Management & Holistic services.
What type of information is collected by Mindbalance
Mindbalance provides services for the provision of healthcare & wellbeing & so processes both personal & special category information for clients.
Personal information that Mindbalance processes may include your name, email address, telephone numbers, home address, online identifiers or any personal information which you choose to disclose to Mindbalance which directly identifies you.
Mindbalance also processes ‘special category personal data’ which is more sensitive information such as health details & other data as detailed below
Special category information: Includes personal information about racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health or data concerning a person’s sex life or sexual orientation
When you contact me via my website, email or phone I will collect your personal details & any information that you have chosen to supply to me for the purpose of your enquiry. I will use this information in order to contact you to discuss your enquiry.
At your Initial Appointment when we meet, I will collect further information about you & the reasons you are seeking my services. In doing so you will be disclosing personal information to me & possibly information that is sensitive personal data now referred to as ‘special category of personal data’
I will also ask for your GP contact details & ask you some general medical health questions. This is because some conditions are contra indicated for the therapies I provide. Sometimes there are circumstances where it may be necessary to contact your GP before commencing therapy. On discussing in more detail the reason you are seeking my therapies & what outcome you are wanting to achieve; I may advise you that I am not able to provide you with my services.
If my services are appropriate further appointments will be offered to you. I will ask you how you would like to be contacted during provision of this service & also if you would like additionally to receive promotional information about services that I may offer in the future or general wellbeing information.
During the time you are seeing me as a client additional personal & special category information will continue to be collected & processed by Mindbalance in order to prepare & provide you with therapeutic sessions relevant to your requirements.
Mindbalance has a ‘legitimate interest’ in retaining client information (including client records) for the period of time stipulated by both my Professional Standards Associations & Professional Insurance Company.
On some occasions anonymised personal data will be retained whereby a client has provided a testimonial. When data is non-identifiable GDPR law is no longer applicable. (Non-identifiable means that if this data was left on a bus, no one, including the data subject would be able to identify that this data was relating to them.)
General information about how Mindbalance collects, processes & stores your data;
Client Records: Mindbalance produces the client records which are collated and processed in a paper file format. These paper files are stored in a locked filing cabinet behind a locked door. Client Record Folders’ are marked ‘Private & Confidential’
Email correspondence: General administration emails received from clients are retained in their electronic format. Emails that are relevant to a client’s therapeutic process may also be printed & placed in the client records. All email correspondence that Mindbalance sends will contain a privacy statement. Certain email attachments may be password protected if they contain sensitive information.
Text Messages & voice messages: My phone/ iPad is secured with either a pin code or face recognition.
Any electronic devices where personal or sensitive, confidential information is held will be password protected. I presently use Microsoft Office products including Outlook
Hypnotic Audio Recordings: MP3 files are accessed & downloaded from dropbox or CD’s are posted. (Bespoke recordings would only contain a first name, but it should be noted MP3 files are linked to your email address) If the recording is bespoke it will be retained during the retention period together with your client records & then disposed of safely. Consent would be obtained from a client prior to doing a live audio recording of a client’s hypnotic session.
Third Parties I use for the business of Mindbalance
Cloud Storage & Backup: My PC is backed up using – Knowhow Cloud backup
Note: Information is also backed up from my PC on to an encrypted portable hard drive
Audio files: Audio files are edited using Audacity & are stored on my password protected computer during the retention period.
My accounts are processed without disclosing my clients full name however if you pay me online your name will appear on my business banking accounts & records.
For IT help & assistance or when my electronic devices require servicing or repair, I always use service providers who state they are GDPR compliant.
The lawful bases for processing personal data at Mindbalance
Mindbalance uses ‘consent’ as the lawful basis to process personal data where consent for a client’s data to be processed has been obtained for a specific purpose/s as detailed in the consent form. A copy of this ‘consent’ is stored in the client’s personal file.
Mindbalance requires your consent to contact you for specific purposes whilst providing you with the service or after your last appointment.
Mindbalance uses ‘contract’ as the lawful basis to process personal data to fulfil contractual obligations. This enables Mindbalance to provide you with the service. This means that Lindsay Rogers of Mindbalance does not require your consent to provide you with this service. However, if you choose to not provide consent for specific purposes, I may not be able to work with you.
Mindbalance processes special category information under the condition of ‘provision of health care’ (h) Article 9 (2) of GDPR
Lindsay of Mindbalance has a legitimate interest in retaining client records for the period stipulated by her Professional Standards Associations & her Insurance Company. This means that Mindbalance uses the lawful basis of ‘ legitimate interests’ in retaining client records for this period & does not require consent to hold your data.
If personal data is required to be passed on to an indemnity or insurance provider the condition of use is ‘for the establishment, exercise or defence of legal claims’& the lawful basis for processing in this situation would be legitimate interests.
In the unlikely event of a client being suicidal or a danger to themselves or others the lawful basis for processing their personal data in this situation would be ‘vital interests’. Mindbalance also would be legally obliged to report the matter to the client’s GP or the appropriate authority.
If Mindbalance was issued with a court order for your information, by law I would have to provide them with your information. The lawful basis for processing your data in this situation would be ‘legal obligation’
In line with the Complementary & Natural Healthcare Council (CNHC) code of conduct presently Mindbalance holds your information for eight years from the date of the client’s last visit or, if the client is a child until their 25th birthday; or 26th birthday if the client was 17 when treatment ended.
In accordance with this data retention period there may be occasions when data is not destroyed due to ongoing investigation, ligation or enquiry. The data will be deleted upon confirmation that it is no longer required.
At the end of the retention period hard copy data will be destroyed safely via a cross cut shredding machine owned by Mindbalance. Electronic data will be permanently deleted.
Releasing/sharing your personal information to third parties
When undertaking supervision or peer review with other practitioners for the purposes of maintaining professional standards, certain client cases are discussed confidentially whilst anonymising identifiable information. The sharing of anonymous case histories with supervisors & peer review/support groups is not a breach of professional confidentiality.
Should I wish to contact your GP or another healthcare professional I would seek to obtain signed consent from you. Examples of some of the reasons why I may want to contact your GP are; to see if they thought my services were suitable for you, to update them that you are seeing Mindbalance or when the course of therapy has ceased or finished. Also, should I need to discuss something with your GP concerning your therapy. By signing the consent this allows me to discuss & disclose your personal information with the GP or Healthcare Professional named on the consent form.
If a third-party requests personal information on your behalf I would need to satisfy myself that you have consented to this disclosure before releasing it.
There are some situations where I would be entitled to release your personal data without your consent this is where there is a, vital interest, legitimate interest or legal obligation in processing the data. Some examples are given below;
If I thought that there was a danger that you were going to carry out serious harm to yourself, to me or another person then I would be legally obliged to contact your GP or other appropriate agencies.
Your information may be passed on to my indemnity or insurance provider in defense of any claim made against me.
Your information may have to be disclosed for the prevention, detection or prosecution of a crime. If I was issued with a court order for your information, by law I would have to provide them with your information.
Your Data Protection Rights
Under the General Data Protection and Retention (2018) legislation, regarding how your personal data is processed, all individuals have the following rights:
the right of access; This is commonly referred to as subject access & gives individuals the right to obtain a copy of their personal data as well as other supplementary information. If you wish to see your information or have copies of information, please make a request in writing to Lindsay Rogers of Mindbalance
the right to rectification: An individual has the right to ask to rectify information they think is inaccurate. They also have the right to ask us to complete information you think is incomplete.
the right to erasure; An individual has the right to ask to have their personal information erased in certain situations. However, given the nature of my work I am required to hold your personal information safely for 8 years after your last appointment if you are an adult (retention period varies for children)
The right to restrict processing; An individual has the right to restrict processing of their information in certain situations. However, as discussed previously there are situations where there may be a lawful basis which allows the information still to be processed & shared.
the right to data portability; allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability (more relevant for IT companies e.g. comparison websites).
the right to object; individuals have the right to object to the processing of their personal data in certain circumstances but have an absolute right to stop their data being used for direct marketing. I will not contact you for marketing purposes unless you have given me specific consent to do so.
the right not to be subject to automated decision-making including profiling: Mindbalance does not use automated decision-making tools, including profiling
If you want to make a request, Mindbalance has a month to respond to you.
Please contact Lindsay Rogers at Mindbalance. Tel: 07977416885: Email:firstname.lastname@example.org
C/O Equilibrium Natural Health Centre
23 Leafield Way,
Corsham, SN13 9RS
How to complain
Mindbalance endeavours to the meet the highest quality standards when processing personal and sensitive data. However, if you want to make a complaint about how your data has been used you can contact the ICO on;
Information Commissioner’s Office (ICO) TEL: 0303 123 1113
Cheshire SK9 5AF
Safeguarding your privacy:
In the event of my death or sudden illness, my executor will contact current clients and archive any client files in accordance with GDPR.