Confidentiality Policy


Our Confidentiality Policy

What does it mean?

Confidentiality is the guarantee that information, confidentially given, is not forwarded to others unless one has permission from the person concerned.

Introduction

Confidentiality is a limited term. In actual fact, an ‘act of terrorism’ is the only legal requirement for the passing on of information. In practice, anything unsafe, illegal or criminal is rarely covered by confidentiality clauses. Confidentiality is not absolute if people are a danger to themselves or others.

Feel Good Co-operative has a policy of group sharing to ensure the best possible treatment for every client. This is relevant because a client may be receiving treatments from more than one of our practitioners, and it would be crucial to their well-being. However, we will never share a client’s information outside of the organisation without explaining why it may be necessary and without their explicit consent. For example, a client’s medical history could highlight a possible contraindication for which we would have to obtain their General Practitioner’s consent before embarking on a treatment.

Confidentiality

The Co-operative upholds a strong criteria of practice in order to inspire confidence in the professionalism of our volunteers and therapists, and we take all reasonable steps to ensure the client’s safety and privacy. All our therapists are bound by the Codes of Practice of their Professional Associations. Our records are dated, confidential and secure at all times.

There can also be implications with regard to acknowledging clients in public places. Whilst one does not wish to ignore people, it may be advisable to let them make the first move. Therapists need to be wary about having conversations in public places and not to discuss sensitive information where it can be overheard.

Unless it is in the public’s best interest, or there is a danger of physical harm, any disclosure is made only with the client’s written consent. We always seek permission from those concerned if the organisation is to be featured in publicity articles for social media.

GDPR

The General Data Protection Regulations supersedes the Data Protection Act of 1998, and represents a major change to data protection. This confirms what personal information we hold and why. As the Data Controller, we determine the purpose for which and the manner in which your data may be processed. Processing means how we handle your data in relation to information we have obtained, recorded or are holding.

When a client uses our website we obtain information about them. We may collect, store, use and transfer this General Personal data. This data may include their first and last name, title, date of birth, gender, address, telephone number, email address and IP address. This includes demographic or statistical data for any purpose. Although this data may be derived from a client’s personal data, it does not directly or indirectly reveal their identity and is not considered personal data in the regulation. We may use their usage data for statistical analysis of the using of the website. However, if we connect or combine their personal data in a way that could directly or indirectly identify them, we will treat that personal data in accordance with this policy.

In order to provide the best complementary therapy options and advice, Contract is our lawful basis for gathering and retaining potentially sensitive information about a client’s health. The government sponsored Complementary & Natural Healthcare Council requires us to retain that information until eight years after a client’s final session. Records are then shredded and destroyed.

The information we hold will be a client’s first and last name, address, telephone number, age, sex, medical history and other health information, plus treatment details and related notes after each consultation. This will include a signed and dated Informed Consent and GDPR Statement. All clients will also be expected to sign and date a COVID-19 Health Statement, which includes permission to forward their contact details to the NHS Test and Trace Service if necessary. During events, we require participants to print their first and last name, and to sign an Informed Consent to confirm that they have verbally told us, from a given list, of any medical condition that may affect their choice of complementary therapy taster session on that day. Event COVID-19 Health Statements will be retained for 21 days and then securely destroyed.

Summary of how we use Personal Data

Activity or Purpose

Type of Data

Lawful Basis for Processing:

Length of time Data is held

Services provided or sold to you, or requested information on services, such as quotes.

General Data and Special Category: first and last names, date of birth, gender, address, telephone number, occupation, exercise activities, medical conditions, presenting symptoms, signed and dated Informed Consent and COVID-19 Health Statement.

Contract to perform a service for you

Duration required to comply with our legal and regulatory obligations

Services provided or sold to you, or requested information on services, such as quotes.

General Data: first and last name, date of birth, gender, address, telephone number, email address, IP address.  Please remember that you can opt out.

Legitimate Interest

Duration to comply with our legal and regulatory obligations, unless you opt out.

Services provided or sold to you, or requested information on services, such as quotes.

General Data and Special Category: first and last names, date of birth, gender, address, telephone number, occupation, exercise activities, medical conditions, presenting symptoms, signed and dated Informed Consent and COVID-19 Health Statement.

Legal Obligation

Duration required to comply with our legal and regulatory obligations.

Requested marketing information, e-newsletters and other topics of interest.  This requires you to opt in; however, you have the right to opt out at any time.

General Data: first and last name, email address, IP address.

Consent

For a maximum of three years from the date of each request, unless you opt out.

The Feel Good Co-operative takes all reasonable steps to ensure safety and privacy.

Our records are dated, confidential and secure at all times. We will only contact clients in relation to appointment times or information related to their health. If clients have provided an email address, we may send out e-newsletters or topics of interest from which they may unsubscribe at any time by emailing us.

Who do we share personal data with?

Occasionally, we may have to share personal data as set out in the table with external third parties:

  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom and who require the reporting of processing in certain circumstances.
  • Professional advisers acting as processors or joint controllers including auditors, bankers, insurers, accountants and sponsors based in the United Kingdom.
  • Providers acting as processors who provide IT and Systems Administration Services.
  • A General Practitioner or Consultant if a client’s medical history highlights a possible contraindication for which we would have to obtain their consent before embarking on a treatment.
  • The NHS Test and Trace Service, if requested.
  • We require all third parties to treat personal data in accordance with the law and respect to security. We only allow third parties to use personal data in accordance with our instructions and for specified purposes. We do not allow third parties to use personal data for their own purposes.

A client’s legal rights

Unless subject to an exemption under the data protection laws, clients have the following rights with respect to personal data:

  • To be informed.
  • To access therapy records.
  • To rectification if information is incorrect or incomplete.
  • To erasure, or ‘the right to be forgotten’.
  • To restrict the use of personal data.
  • To data portability if personal information is held electronically.
  • To object if you feel that your details are not being used in a way that you gave permission for.
  • To automated decision-making and profiling.
  • To lodge a complaint to the ICO.

If a client wishes to exercise any of these rights, they may contact Feel Good Co-operative by email feelgoodcoop@hotmail.co.uk

Because clients have the right to access their data, one must always take care not to write anything that they would be unhappy to read about themselves. In addition, confidential information is never mentioned within an email.