Mindbalance Privacy Notice: Updated

19th Oct 2020

Mindbalance Privacy Notice: 

Lindsay of Mindbalance can be contacted for data protection matters via  www.mindbalance.co.uk ; email lindsay@mindbalance.co.uk ; Tel: 07977416885 .This is a live document and may be updated at any time to reflect changes in law or growth of the business, and therefore should be revisited regularly to check for any updates. Mindbalance is fully committed to ensuring clients’ privacy and data protection rights.This policy sets out how Mindbalance uses & protects the information you provide when using my services & when accessing this website. Mindbalance is committed to protecting & respecting your privacy.

Why Mindbalance needs to collect your information

Mindbalance processes personal information to enable the provision of therapeutic services including Hypnotherapy, Stress Management & other therapeutic techniques.

What type of information is collected by Mindbalance

Mindbalance provides services for the provision of healthcare & wellbeing & so processes both personal & special category information for clients.

Personal information that Mindbalance processes may include your name, email address, telephone numbers, home address, online identifiers or any personal information which you choose to disclose to Mindbalance which directly identifies you.

Mindbalance also processes ‘special category personal data’ which is more sensitive information such as health details & other data as detailed below

Special category information: Includes personal information about racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health or data concerning a person’s sex life or sexual orientation

Cookies: Mindbalance’s website uses cookies to collect data for a third-party tracking service where the data is anonymised and processed only by the third party, and not shared with anyone else.

When you contact me via my website, email or phone I will collect your personal details & any information that you have chosen to supply to me for the purpose of your enquiry. I will use this information in order to contact you to discuss your enquiry.

If you choose to proceed to make an appointment, I will ask you to read Mindbalance’s privacy policy before seeing me. This can be carried out either by reading my privacy policy online at www.mindbalance.co.uk or alternatively you can receive a hard copy of my privacy policy beforehand via the post.

At your Initial Appointment when we meet, I will collect further information about you & the reasons you are seeking my services. In doing so you will be disclosing personal information to me & possibly information that is sensitive personal data now referred to as ‘special category of personal data’

I will also ask for your GP contact details & ask you some general medical health questions. This is because some conditions are contra indicated for the therapies I provide. Sometimes there are circumstances where it may be necessary to contact your GP before commencing therapy. On discussing in more detail the reason you are seeking my therapies & what outcome you are wanting to achieve; I may advise you that I am not able to provide you with my services.

If my services are appropriate further appointments will be offered to you. I will ask you how you would like to be contacted during provision of this service & also if you would like additionally to receive promotional information about services that I may offer in the future or general wellbeing information.

During the time you are seeing me as a client additional personal & special category information will continue to be collected & processed by Mindbalance in order to prepare & provide you with therapeutic sessions relevant to your requirements.

Mindbalance has a ‘legitimate interest’ in retaining client information (including client records) for the period of time stipulated by both my Professional Standards Associations & Professional Insurance Company.

On some occasions anonymised personal data will be retained whereby a client has provided a testimonial. When data is non-identifiable GDPR law is no longer applicable. (Non-identifiable means that if this data was left on a bus, no one, including the data subject would be able to identify that this data was relating to them.)

General information about how Mindbalance collects, processes & stores your data;

Client Records: Mindbalance produces the client records which are collated and processed in a paper file format. These paper files are stored in a locked filing cabinet behind a locked door. Client Record Folders’ are marked ‘Private & Confidential’

Email correspondence: General administration emails received from clients are retained in their electronic format. Emails that are relevant to a client’s therapeutic process may also be printed & placed in the client records. All email correspondence that Mindbalance sends will contain a privacy statement. Certain email attachments may be password protected if they contain sensitive information.

Text Messages & voice messages: My phone/ iPad is secured with either a pin code or face recognition.

Any electronic devices where personal or sensitive, confidential information is held will be password protected. I presently use Microsoft Office products including Outlook

Hypnotic Audio Recordings: MP3 files are accessed & downloaded from dropbox or CD’s are posted. (Bespoke recordings would only contain a first name, but it should be noted MP3 files are linked to your email address) If the recording is bespoke it will be retained during the retention period together with your client records & then disposed of safely. Consent would be obtained from a client prior to doing a live audio recording of a client’s hypnotic session.

Client appointments: Appointments are arranged by Lindsay at Mindbalance using paper diaries which are stored in a locked filing cabinet when not in use. Where an electronic appointment booking system is used to book the therapy room space Mindbalance does not enter your personal data. Reception staff at the therapy rooms can take messages to pass on to Mindbalance (via phone or email) but are practicing under the privacy policy of the therapy rooms/practice & not Mindbalance’s privacy policy. The staff have been advised to not make appointments on the behalf of Mindbalance.

Third Parties I use for the business of Mindbalance

Webhosting : BPWEB provide hosting services for our website – their privacy policy is published @ bpweb privacy policy

Email Hosting : FASTHOSTS provide hosting services for emails – their privacy policy is published @ fasthosts privacy policy

Online Video Appointments: Zoom is the video communication platform used for online appointments – their privacy policy is published @ zoom.us/privacy

Cloud Storage & Backup: My PC is backed up using  Team Knowhow Cloud backup – their privacy policy is published @ tkhcloudstorage.com/privacy-policy

Apple icloud – used for my phone – their privacy policy is published @ apple privacy policy.

Note: Information is also backed up from my PC on to an encrypted portable hard drive

Audio files: Audio files are edited using Audacity & are stored on my password protected computer during the retention period.

Dropbox  -Is used as a third party to share audio files with my clients – their privacy policy is published @ dropbox privacy policy

My accounts are processed without disclosing my clients full name however if you pay me online your name will appear on my business banking accounts & records.

For IT help & assistance or when my electronic devices require servicing or repair, I always use service providers who state they are GDPR compliant.

Links to other websites- My website may contain links to other websites. However, once you use these links please be aware that you have left my website & I do not have any control over other websites. I therefore cannot be held responsible for the protection & privacy of any information which you provide when visiting such sites and these sites are not governed by my privacy policy. Please be aware of the privacy statement applicable to the website you are visiting. An example would be facebook, twitter or linkedin.

The lawful bases for processing personal data at Mindbalance

Mindbalance uses ‘contract’ as the lawful basis to process personal data to fulfill contractual obligations. This enables Mindbalance to provide you with the service.

Mindbalance also uses ‘consent’ as the lawful basis to process personal data where consent for a client’s data to be processed has been obtained for a specific purpose/s as detailed in the consent form. A copy of this ‘consent’ is stored in the client’s personal file.

Mindbalance requires your consent to contact you for specific purposes whilst providing you with the service or after your last appointment.

Mindbalance processes special category information under the condition of ‘provision of health care’ (h) Article 9 (2) of GDPR

Lindsay of Mindbalance has a legitimate interest in retaining client records for the period stipulated by her Professional Standards Associations & her Insurance Company. This means that Mindbalance uses the lawful basis of ‘ legitimate interests’ in retaining client records for this period & does not require consent to hold your data.

If personal data is required to be passed on to an indemnity or insurance provider the condition of use is ‘for the establishment, exercise or defence of legal claims’& the lawful basis for processing in this situation would be legitimate interests.

In the unlikely event of a client being suicidal or a danger to themselves or others the lawful basis for processing their  personal data in this situation would be ‘vital interests’. Mindbalance also would  be legally obliged to report the matter to the client’s GP or the appropriate authority.

If Mindbalance was issued with a court order for your information, by law I would have to provide them with your information. The lawful basis for processing your data in this situation would be ‘legal obligation’

Retention Period

In line with the Complementary & Natural Healthcare Council (CNHC) code of conduct presently Mindbalance holds your information for eight years from the date of the client’s last visit or, if the client is a child until their 25th birthday; or 26th birthday if the client was 17 when treatment ended.

In accordance with this data retention period there may be occasions when data is not destroyed due to ongoing investigation, ligation or enquiry. The data will be deleted upon confirmation that it is no longer required.

At the end of the retention period hard copy data will be destroyed safely via a cross cut shredding machine owned by Mindbalance. Electronic data will be permanently deleted.

 Releasing/sharing your personal information to third parties

When undertaking supervision or peer review with other practitioners for the purposes of maintaining professional standards, certain client cases are discussed confidentially whilst anonymising identifiable information. The sharing of anonymous case histories with supervisors & peer review/support groups is not a breach of professional confidentiality.

Should I wish to contact your GP or another healthcare professional I would seek to obtain signed consent from you. Examples of some of the reasons why I may want to contact your GP are; to see if they thought my services were suitable for you, to update them that you are seeing Mindbalance or when the course of therapy has ceased or finished. Also, should I need to discuss something with your GP concerning your therapy. By signing the consent this allows me to discuss & disclose your personal information with the GP or Healthcare Professional named on the consent form.

If you have given someone permission to contact me to discuss or disclose your personal information I would need to first satisfy myself that you have consented to this disclosure.

There are some situations where I would be entitled to release your personal data without your consent. This is where there is either a vital interest, legitimate interest or legal obligation in processing the data. Some examples are given below;

If I thought that there was a danger that you were going to carry out serious harm to yourself, to me or another person then I would be legally obliged to contact your GP or other appropriate agencies.

Your information may be passed on to my indemnity or insurance provider in defence of any claim made against me.

Your information may have to be disclosed for the prevention, detection or prosecution of a crime. If I was issued with a court order for your information, by law I would have to provide them with your information.

Concerning the Covid-19 Track & Trace system Mindbalance may need to pass on your contact details if asked to by the contact  tracing scheme.

Your Data Protection Rights

Under the General Data Protection and Retention (2018) legislation, regarding how your personal data is processed, all individuals have the following rights:

the right to be informed; an individual has a right to be informed about the collection and use of their personal data, which is the purpose of producing this privacy policy

the right of access; This is commonly referred to as subject access & gives individuals the right to obtain a copy of their personal data as well as other supplementary information. If you wish to see your information or have copies of information, please make a request in writing to Lindsay Rogers of Mindbalance

the right to rectification: An individual has the right to ask to rectify information they think is inaccurate. They also have the right to ask us to complete information you think is incomplete.

the right to erasure; An individual has the right to ask to have their personal information erased in certain situations. However, given the nature of my work I am required to hold your personal information safely for 8 years after your last appointment if you are an adult (retention period varies for children)

The right to restrict processing; An individual has the right to restrict processing of their information in certain situations. However, as discussed previously there are situations where there may be a lawful basis which allows the information still to be processed & shared.

the right to data portability; allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability (more relevant for IT companies e.g. comparison websites).

the right to object; individuals have the right to object to the processing of their personal data in certain circumstances but have an absolute right to stop their data being used for direct marketing. I will not contact you for marketing purposes unless you have given me specific consent to do so.

the right not to be subject to automated decision-making including profiling: Mindbalance does not use automated decision-making tools, including profiling

If you want to make a request, Mindbalance has a month to respond to you.

Please contact Lindsay Rogers at Mindbalance. Tel: 07977416885: Email:lindsay@mindbalance.co.uk

Mindbalance

Unit 23 Leafield Industrial Estate , Leafield Way,
Neston,
Corsham, SN13 9RS

How to complain

Mindbalance endeavours to the meet the highest quality standards when processing personal and sensitive data. However, if you want to make a complaint about how your data has been used you can contact the ICO on;

Information Commissioner’s Office (ICO) TEL: 0303 123 1113

Wycliffe House,
Water Lane
Wilmslow
Cheshire SK9 5AF

Safeguarding your privacy:
In the event of my death or sudden illness, my executor will contact current clients and archive any client files in accordance with GDPR.

Request for Information
Request for Erasure