Cathy Hutton Homeopathy is registered with the Information Commissioner’s Office (ICO) as an organisation that processes personal data and is committed to processing data in accordance with its responsibilities under the GDPR. This Policy will be review annually.
Cathy Hutton Homeopathy is committed to respecting and protecting your privacy and will only use your personal information to send you relevant information via email, newsletter, other digital methods, phone and post. Newsletters are sent through Mailchimp which is GDPR compliant and you have the option to unsubscribe at any time. The online booking system through Gettimely is also GDPR compliant.
1. Patient Data
As a registered homeopath, I am required to keep all patient data for at least 7 years from the last date I see you (for children I am required to keep records for 7 years following their eighteenth birthday). I will not share your data with anyone without your consent and will take reasonable steps to ensure personal data is accurate and kept up to date.
2. Data Storage/Security
Online data will be kept secure with appropriate password, virus protection and firewall security that is kept up-to-date. Handwritten notes will also be stored securely. When personal data is deleted this should be done safely such that the data is irrecoverable. Appropriate back- up and disaster recovery solutions shall be in place.
3. Patient’s Access to Stored Data
Patients can request access to their personal data or to have data erased which must be made in writing and signed by the patient. Any such requests shall be dealt with in a timely manner.
4. Data Breach
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data I will notify those affected immediately and take appropriate steps to minimise any damage. In the event of a serious breach of data security I will report this breach to the ICO directly.
End of Policy.