What personal information does PHL collect?
In order for Sarah Whittaker, PHL’s complementary healthcare practitioner (‘Sarah’), to treat you, you will be asked to provide certain information. This includes:
- Date of birth
- Billing and shipping address
- Email address
- Skype, Zoom or other video-conferencing ID
- Telephone number
- Medical history.
How is this personal information collected?
All the information collected is obtained directly from you. This may be at the point of your initial enquiry about treatment, on registering as a client, on booking your first consultation, and then at your initial and follow-up consultations. Some of the information is collected via a client questionnaire which you may be asked to complete prior to or at the initial consultation. At the point at which you provide your personal information, you will also be asked to provide consent for us to store and use your data. Your consent is required in order to ensure our compliance with data protection legislation. Subsequently, we will add to this initial information with details of the consultations you hold with us.
How does PHL use this personal information?
We use your personal information to analyse the conditions for which you have consulted us and to prescribe remedies and other therapies. We will communicate with you by email, other digital methods including video-conferencing, by telephone and by post.
With whom do we share your personal information?
We will not disclose any personal information that we hold on you to any unrelated third party, except where required by law.
How long do we keep your personal information?
We need to keep your information for as long as you continue to consult the practice. Since clients often return for more consultations after a period of absence, we will keep your information for seven years after your last consultation. In the case of children, information will be kept for 7 years after their 18th birthday. At that point, your file will be securely destroyed and any digital information will be erased from our computer systems.
How your information can be updated or corrected
To ensure that we have accurate and up-to-date information, you need to inform us of any changes you believe we should make to the personal information we hold. You can do this by contacting us by any of the methods previously described. Under data protection legislation, you have the right to inspect the personal information we hold about you. You can make a request to do so by contacting us and we will endeavour to respond within 14 working days.
How do we store your personal information?
Our client files are paper-based and are held securely within my consulting room or other secure storage space within the clinic building. We take steps to protect your personal information against loss or theft, as well as unauthorised access, disclosure, copying, use, or modification. Your email address, if you have one, is held securely on the servers of our email providers, currently Zen and Google mail. We also use a more secure email provider, Protonmail, to send and receive end-to-end encrypted emails (end-to-end encryption requires both sender and recipient to use the same secure email provider, but at the current time, a basic email account with Protonmail is free to obtain). Financial transactions are recorded on Xero, and we also use Worldpay Zinc and Paypal to process payments. We hold transaction data with our services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds and dealing with bookkeeping, accounting and HMRC queries. You can find information about the payment services providers' privacy policies and practices at https://www.xero.com/uk/gdpr.
Changes to this policy
This policy may change from time to time. If we make any material changes, we will make you aware of them.
If you have any queries about this policy, need it in an alternative format, or have any complaints about our privacy practices, please contact our data protection officer: Sarah Whittaker, Data Protection Officer, Phoenix Homeopathy Limited, 2 Farm House Road, Lawley, Telford, Shropshire TF4 2SB, email firstname.lastname@example.org.
Policy review date (every 2 years): May 2020