Data Protection Policy
Monday, April 30th, 2018
DATA PROTECTION POLICY
The Data Protection Act 1998 will be replaced by the General Data Protection Regulations on 25 May 2018. Rainbow Therapies is ensuring compliance with the new regulations and is following the requirement to gain each clients permission to hold, store and use their personal data.
TYPES OF PERSONAL DATA THAT IS GATHERED AND STORED
The personal data that Rainbows Therapies holds is:
- Personal Contact Details: Client Name, address, email, contact number.
- General Data: Height and weight, D.O.B., Occupation
- Medical Data: Full medical history, current medication being taken, GP name and address, dietary information, current stresses.
- Treatment data: Treatment findings and treatment plans.
HOW THE DATA IS USED
Rainbow Therapies is the sole user of the information, it is used to ensure that there are no contraindications to carrying out treatments and to gain a holistic view of each client. Third parties do not have access to the data.
- The data is not shared unless deemed vital for medical referrals to other healthcare professionals.
- The data is used to provide ongoing treatment plans and to track improvements and benefits experienced.
- The personal contact details are stored to contact clients to arrange appointments and to send out appointment reminders via text, phone or email.
- Written consent is sought to use the personal contact details for sharing news and offers.
- Where consent is not given to use personal details to contact the client, this is honoured.
HOW DATA IS STORED
- Data is not stored on personal devices such as mobile phones or personal computers.
- Hard copy files are stored in a secure lockable filing device at the end of each working day.
- Electronic data is stored on a password protected external hard drive which is kept securely.
REMOVAL OF DATA
- Client files are kept for the duration of treatment plans.
- Client files and data are destroyed and deleted after 7 years of no treatment activity.
- Client data will be removed if a client informs Rainbow Therapies in written form, that they no longer want their details stored.