Data Protection Policy
Last Updated: October 2019
Our Data Protection Policy will help to explain what personal data is and how we use any personal data that we have obtained about you in compliance with the Data Protection Act 2018 (also known as General Data Protection Regulation or GDPR).
1.Why We Collect Personal Data
Moonlight Healing collects a range of Personal Data and Special Category Data (see explanation of each type below) to aid in the running of our business and the delivery of our services to you.
We use your personal data to enable us to uniquely identify you to ensure we record your consultation in the correct file and also retrieve the correct file when preparing for your next treatment. We additionally use your personal data to contact you about your appointment and also about other services, if you have agreed to us contacting for marketing purposes. If you are 18 or younger, we also record your date of birth to aid in determining the date your file can be destroyed (see Data Retention below). Finally we keep Health and Wellbeing Data (Special Category Data) so that we can record why you are receiving a treatment and track the effect of treatment on the presenting issue and also adjust the treatment to your requirements such as lowering the massage table or avoiding certain massage oils. Further, we use your data internally to determine how to develop services, add services to our portfolio and how to target advertisement – this is done with anonymised data.
2.Personal Data and Special Category Data
Personal Data and Special Category Data are types of data that can be used individually or in combination to identify you. We collect your personal data when you make initial contact with us and when you complete a consultation form; we use explicit consent on the consent form as the lawful means to hold and process your data. We use this data for the purpose of running our business and delivery the service to you as described above.
What are Personal Data and Special Category Data
There is no explicit list of data types but below are some examples of what each may contain:
How we handle your data
At Moonlight Healing will ensure that your data is:
-
Used only for the purpose of delivering the service to you.
-
Used for marketing of our services only if you have explicitly given us permission to do so.
-
Stored securely.
-
Not be shared with others without prior consent, except if you pose a risk to yourself or others or present with a notifiable medical condition.
-
Kept up to date and checked for accuracy at each consultation.
-
Securely destroyed when it is no longer required.
What personal data do we hold?
-
Name
-
Address
-
Telephone number
-
Email address
-
Date of birth (if 18 or younger)
-
General Practitioner Details
-
Health and wellbeing data
3.What are your rights?
You have a right to:
-
Be kept informed about the data we hold on you.
-
See the data we hold on you.
-
Have data corrected.
-
Have data deleted.
-
Restrict how your data is processed.
-
Data portability.
-
Object to data processing.
4.Data retention
-
We will retain your file for seven years after your last treatment or until you are 25 years old, whichever is longer.
-
If you were 18 or younger when you first visited us we will have recorded your Date of Birth; if you are still a client at age 25 we will redact your Date of Birth from your records as it is no longer required to determine the date to destroy your record.
5.Policy Maintenance
-
This policy will be reviewed on an annual basis to ensure that reflects current legal requirements and business operating needs.
-
If any urgent change is identified before the annual review a special update to the policy will be performed.
6.Subject access request
All request for access to personal data must be done by written letter and include proof of ID such as a photocopy of a Driving Licence or Passport and proof of address such as a utility bill. Requests will be dealt with within one calendar month and are free unless they are considered to be excessive. All requests should be addressed to:
Jane Hale
Moonlight Healing
1 Winton Cottages
Falmer Road
BRIGHTON
BN2 7FJ
7.Complaints
If you have any concerns or wish to complain about how your data is being stored or processed, you can write to:
Jane Hale
Moonlight Healing
1 Winton Cottages
Falmer Road
BRIGHTON
BN2 7FJ
If you are not satisfied with the response you can contact the ICO:
https://ico.org.uk/make-a-complaint/
Or write to:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF