GDPR Data Policy
Marianne Trent / GTPS aims to be as clear as possible about how and why she uses information about you so that you can be confident that your privacy is protected. This policy describes the information that she collects when you use her services. This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 and the subsequent UK Data Protection Bill dated May 2018.
The policy describes how she manages your information when you use her services, if you contact her or when she contacts you.
Marianne Trent uses the information she collects in accordance with all laws concerning the protection of personal data, including the Data Protection Act 1998 and the GDPR 2016. As per these laws, Marianne Trent is the data controller; if another party has access to your data she will tell you if they are acting as a data controller or a data processor, who they are, what they are doing with your data and why she needs to provide them with the information.
If your questions are not fully answered by this policy, please contact Marianne Trent. If you are not satisfied with the answers from her you can contact the Information Commissioner's Office (ICO) https://ico.org.uk.
1. Why does she need to collect your personal data?
She needs to collect information about you so that she can:
Know who you are, so that she can communicate with you in a personal way. The legal basis for this is a legitimate interest.
Provide services to you. The legal basis for this is the contract with you.
Process your payment for services. The legal basis for this is the contract with you.
2. What personal information does she collect and when does she collect it?
For her to provide you with services, she needs to collect the following information:
Your name and date of birth
Your contact details including a postal address, telephone number(s) and electronic contact such as email address. She collects this information directly from you. She may also collect information about you from third parties; for example, if she receives a referral from another health professional (such as your Doctor or Occupational Therapist).
3. How does she use the information that she collects?
She uses the data she collects from you in the following ways:
To communicate with you so that she can inform you about your appointments with her she uses your name, your contact details such as your telephone number, email address or postal address
To create your invoice she uses your name and email address
Where relevant, to process your payment, she uses your address.
4. Where does she keep the information?
She keeps your information in the stores described below. Please note that she does not store any of your bank details in any of her systems.
4.1. Paper Records
She stores paper records including your medical records in a cabinet in a securely locked office.
4.2. On computers
She uses personal computers that are password protected and the hard drives are encrypted. Passwords are changed every 90 days and it is her policy that passwords are not shared. She also uses a smartphone that is password protected and encrypted.
5. How long does she keep the information?
She keeps contact information for a period of 6 months if you do not become a client of hers and then permanently and securely deletes all information. She keeps your medical record electronically for 7 years as this is the minimum/maximum length of time for records to be retained and then permanently and securely erases. She keeps electronic invoices for seven years as this is the required length to comply with the HMRC requirements.
6. Who does she send the information to?
She sends information to you and anyone she is required by law to inform. All information that is sent electronically is sent as attachments that are encrypted and password protected.
7. How can I see all the information she has about me?
You can make a subject access request (SAR) by contacting Marianne Trent. She may require additional verification that you are who you say you are to process this request. She may withhold such personal information to the extent permitted by law. In practice, this means that she may not provide information if she considers that providing the information will violate your vital interests
8. What if my information is incorrect or I wish to be removed from her system?
Please contact Marianne Trent. She may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide her with the correct data and after she has corrected the data in her systems she will send you a copy of the updated information in the same format at the subject access request in section 7.
9. How can I have my information removed?
If you want to have your data removed she will have to determine if she needs to keep the data, for example in case HMRC wish to inspect her records. If she decides that she should delete the data, she will do so without undue delay.
10. Will she send emails and text messages to you?
As part of providing her service to you she will send information to you via email. This information will be encrypted, and password protected. Also, she needs to send details of your appointments to you. To protect your information, she prefers to use a secure email system. She may also use SMS (text messages). Consent for methods of communication is given by yourself on her terms and conditions sheet.
11. Signing Terms and Conditions
When you sign the Terms and Conditions Document you are also confirming that you have seen a copy of this GDPR policy.