What personal information do I collect?
In order to treat you, I will ask you to provide certain information. This includes name, gender, date of birth, address, email address, telephone number and medical history.
To this, over time, I will add details of the conditions for which you have consulted me and the remedies and other therapies that I have prescribed or recommended.
How do I collect this personal information?
All the information collected is obtained directly from you. I collect some of this before your first consultation by means of online forms. As part of this, I will also request that you provide consent for me to store and use your data. Your consent is required in order to ensure my compliance with data protection legislation. Subsequently, I will add to this initial information with details of the consultations you hold with me and other communications between us.
Personal data is kept for the following purposes:
I use your personal information to analyse the conditions for which you have consulted me and to prescribe remedies and other therapies. In addition, I use:
Contact details- for matters relating directly to treatment (e.g. sending prescriptions, communicating about appointments and discussing progress). I may communicate with you by email, other digital methods, by telephone and by post.
Email addresses – with explicit consent these are also kept for sending out email newsletters
Payment records – are kept for payment and accounting purposes
How personal data is stored
Information is stored electronically using modern software with appropriate security.
Email addresses for newsletters are stored in Mailchimp. I use Acuity Scheduling for booking consultations and for online forms. Invoices and card payments are processed through Square.
Hand-written consultation notes are stored securely.
I take steps to protect your personal information against loss or theft, as well as unauthorised access, disclosure, copying or modification.
As a registered homeopath, I am obliged to store records as follows:
For adults: for 7 years after the latest consultation
For children under 18 when treated: for 7 years after their 18th birthday
After this time, your details are securely destroyed.
With whom do I share your personal information?
Access to your contact details will be limited to people who need access so they can contact you about appointments.
I may also use your contact details in third party software for purposes including booking appointments, handling payments and posting prescriptions.
I do not share your other personal information unless required to do so by an order of court or other legal authority or if it is necessary in the public interest.
How your information can be updated or corrected
To ensure that I have accurate and up-to-date information, please inform me of any changes you believe I should make to the personal information I hold. You can do this by contacting me by email.
Under data protection legislation, you have the right to inspect the personal information I hold about you. You can make a request to do so by contacting me and I will endeavour to respond within 14 working days.
Website Privacy Information
This sets out how your information is used by the two websites of Gill Marshall Homeopathy. These are www.gillmarshallhomeopathy.co.uk and www.gillmarshall.co.uk.
Email contact forms
Cookies are small files which ask permission to be placed on your hard drive. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies are used on the websites of Gill Marshall Homeopathy. (For more details concerning cookies on this website, see Website Cookies)
Gill Marshall Homeopathy uses third party analytics tools including Google Analytics to help measure traffic and usage trends. These collect information sent by your device including the web pages you visit.
Links to other websites
Data Protection Policy for Gill Marshall Homeopathy
Scope of the policy
Why this policy exists
This data protection policy ensures that GM:
Data protection principles
The General Data Protection Regulation identifies 8 data protection principles.
Principle 1 - Personal data shall be processed lawfully, fairly and in a transparent manner
Principle 2 - Personal data can only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Principle 3 - The collection of personal data must be adequate, relevant and limited to what is necessary compared to the purpose(s) data is collected for.
Principle 4 – Personal data held should be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate are erased or rectified without delay.
Principle 5 – Personal data which is kept in a form which permits identification of individuals shall not be kept for longer than is necessary.
Principle 6 - Personal data must be processed in accordance with the individuals’ rights.
Principle 7 - Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Principle 8 - Personal data cannot be transferred to a country or territory outside the European Union unless that country or territory ensures an adequate level of protection for the rights and freedoms of individuals in relation to the processing of personal data.
Certain of these principles are expanded upon in the sections that follow.
Lawful, fair and transparent data processing
GM requests personal information from patients and potential patients for the purpose of consulting with them and providing them with advice and guidance on homeopathic treatments. The forms used to request personal information contain a statement informing patients and potential patients why the information is being requested and what the information will be used for. Patients are asked to provide consent for their data to be held and a record of this consent along with patient information will be securely held. Patients can request GM’s full privacy statement which informs them that they can, at any time, remove their consent and will be informed as to what to do should they wish to do so.
Processed for Specified, Explicit and Legitimate Purposes
Patients will be informed how their information will be used and GM will seek to ensure that patients’ information is not used inappropriately. Appropriate use of information provided by patients includes:
GM will endeavour to ensure that patients’ information is managed in such a way as to not infringe an individual members rights which include:
Adequate, Relevant and Limited Data Processing
GM’s patients will only be asked to provide information that is relevant to support consultations and prescription. This includes:
Where additional information may be required, this will be obtained with the specific consent of the patient who will be informed as to why this information is required and the purpose for which it will be used.
There may be occasional instances where a patient’s information needs to be shared with a third party due to an accident or incident involving statutory authorities. Where it is in the best interests of the patient or of GM, in these instances where GM has a substantiated concern then consent does not have to be sought from the member.
Accuracy of Data and Keeping Data up to Date
GM has a responsibility to ensure that patients’ information is kept up to date. Patients will be required to let GM know if any of their personal information changes.
Accountability and Governance
GM is responsible for ensuring that her practice remains compliant with data protection requirements and can provide evidence that it is. For this purpose, those from whom data is required will be asked to provide written consent. The evidence of this consent will then be securely held as evidence of compliance.
GM has a responsibility to ensure that data is both securely held and processed. This includes:
Subject Access Request
GM’s patients are entitled to request access to the information that is held about them. The request needs to be received in the form of a written request to GM.
On receipt of the request, the request will be formally acknowledged and dealt with within 14 days unless there are exceptional circumstances as to why the request cannot be granted. GM will provide a written response detailing all information held on the member. A record shall be kept of the date of the request and the date of the response.
Data Breach Notification
Were a data breach to occur, action shall be taken to minimise the harm. GM will inform any patients where she believes their personal information has been compromised. Where necessary, the Information Commissioner's Office may be notified.
If a patient contacts GM to say that they feel that there has been a breach by GM, she will ask the patient to provide an outline of their concerns. If the initial contact is by telephone, GM will ask the patient to follow this up with an email or a letter detailing their concern. The concern will then be investigated fully and a response made to the patient. Breach matters will be subject to a full investigation, records will be kept and all those involved notified of the outcome.
Changes to this policy
Privacy and data protection policies for Gill Marshall Homeopathy may change from time to time and you can request to view them using the contact details below.
If you have any queries about this policy or have any complaints about my privacy practices, please contact me by email or post:
Name: Gill Marshall
Address: Forest Row Osteopathic Clinic, 13 Hartfield Road, Forest Row RH18 5DN UK