Apple Tree Holistic Therapies is committed to respecting and safeguarding your personal information. I don’t knowingly collect any personally identifiable information from anyone under the age of 18. I conform to the Data Protection Act 1998 and its successor the EU General Data Protection Regulation (GDPR). The data controller is Rachel Surtees at The Annexe, 5 Burton Crescent, Leeds LS6 4DN.
What personal information I store about you and how I use it:
For website visitors, like most web sites, I gather certain information automatically and store it in log files. This information includes Internet protocol (IP) addresses, browser type, referring pages, date/time stamp and click stream data. I use this information, which does not identify individual users, to analyse trends, to administer the Web Site, to track users’ movements around the Web Site and to gather demographic information about my users as a whole. I do not link this automatically-collected data to personally identifiable information.
I also may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help me to improve my site and to deliver a better and more personalised service. They enable me:
- To estimate my audience size and usage patterns
- To store information about your preferences, and so allow me to customise my site according to your individual interests.
- To speed up your searches.
If you sign up for Apple Tree Holistic Therapies’ newsletter, I will store your full name, email address, specific reason you had for signing up (if given) and how you heard about me (if given). When you sign up I also ask you to give your consent to store this information in future.
I will use your email address to send you my newsletter which contains:
- News and information relevant to holistic health and wellbeing.
- This also includes marketing information such as details about forthcoming training courses and events, special offers, treatment cancellation spaces, activities provided by other relevant providers.
- To request information about you, for instance for research purposes.
In addition, I may send you email reminders, notices and reports linked to any of the above information.
For all paying customers, I will not store financial information about you.
For my therapy clients I ask you to fill out a form to provide me with your personal contact details, a brief medical history and circumstances (if relevant). I am required by my insurers to obtain this information prior to treatment and to hold it for seven years after you have ceased treatment.
The data collected on this form is used solely in connection with the purposes of carrying out my services for you, eg carrying out treatment, emailing notes and additional support materials, reminding you of appointment dates and times, etc. I require that you give your consent to me storing and using this information by signing an agreement form.
I will store basic contact data about you held securely on my server, used solely for the purposes of carrying out my obligations to you as my client. Any information you send me in an email will be kept within that email record. I will also keep records of my therapy sessions in note form. Handwritten notes will be held in a physical file, held securely within my office.
If you wish me to record a therapy session the recording will be emailed to you afterwards. All endeavours will be made to store recordings safely and destroy them when no longer required, however as with any transmission conducted over the internet I cannot guarantee its security. When you cease to be my client, I will destroy all client records after 7 years.
I will endeavour to keep your contact details correct and up to date. Please help me with this by reporting any changes to me at the email addresses shown below.
Any email contact you make to me will mean that any information you provide in those emails will be held securely on my servers, and within my office computers (including lap tops and tablets). This data is password protected and accessed only by the data controller ‘Rachel Surtees’.
Unfortunately, the transmission of information via the internet is not completely secure. Although I will do my best to protect your personal data, I cannot guarantee the security of your data transmitted to my Site; any transmission is at your own risk. Once I have received your information, I will use strict procedures and security features to try to prevent unauthorised access.
I have appropriate procedures in place to detect, report and investigate a personal data breach. In the unlikely event of a serious data breach, I will notify the ICO (Information Commissioner’s Office) as soon as reasonably possible and within 72 hours of me becoming aware of it.
GDPR gives you the following rights:
- The right to be informed (to know how your information will be held and used (this notice)
- The right of access – to see your therapist’s records of your personal information if it incorrect or incomplete.
- The right to rectification – to tell your therapist to make changes to your information if it is incorrect or incomplete.
- The right to erasure (also called “the right to be forgotten”). For you to request that your therapist erase any information they hold about you.
- The right to restrict processing of personal data. You have the right to request limits on how your therapist uses your personal information.
- The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can re-use it in other systems.
- The right to object. To be able to tell your therapist you don’t want to use certain parts of your information or only to use it for certain purposes.
- Rights in relation to automated decision-making and profiling.
- The right to lodge a complaint with the Information Commissioner’s Office: to be able to complain to the ICO if you feel your details are not correct, if they are not being used in the way that you have given permission for or if they are being stored in a way they don’t have to be.
- If you don’t agree to me keeping information about you and your treatments, or if you don’t allow me to use the information in the way that I need to for treatments, I may not be able to treat you.
- I have to keep your records of treatment for seven years after you have ceased treatment with me, which may mean that even if you ask me to erase any details about you, I may have to keep these details until after that period has passed.
- I can move my records between my computers and IT systems, providing your details are protected from being seen by others without your permission.
Any changes I may make to this policy in future will be posted on this page and, where appropriate, notified to you by e-mail.
Last updated 15th May 2018