Data Privacy Notice
At Diana Da Silva we collect personal data about you in order to give you the most appropriate treatment and to keep in contact with you regarding your treatment. This notice sets out what data we collect, why we collect it, what we use it for, how long we keep it for, how long we keep it for and information regarding your data rights.
What information/data do we collect about you?
We collect personal data about you when you attend your first session. This information includes your name, contact details (including your home address, email address and telephone/mobile numbers), emergency contact details and an account of your medical history. During each session, a treatment form will be filled out and added to your file, detailing the treatment you have received during the session and any other ancillary notes relating to your treatment. These treatment forms may make reference to your current medical state or history.
How will we use the information/data about you?
The personal data we collect about you during your first and subsequent sessions will be used solely for the provision of your treatment, for contacting you in relation to your treatment and for contacting your emergency contact in the event of an emergency during the course of your treatment. We will not share this data with any other person or company and this data will not be used for marketing purposes.
The lawful basis for processing your data is the following
- Consent (your agreement with the content of this notice, as indicated by your signature below)
- Processing is necessary for compliance with a legal obligation to which the controller is subject (namely compliance with the British Acupuncture Council codes of conduct and other regulatory licencing requirements as applicable)
- Processing is necessary in order to protect the vital interests of the data subject (namely the protection of your health and wellbeing during treatment)
- Processing is necessary for purposes of the legitimate interests pursued by the controller (namely providing you with treatment)
How do we store the information/data we collect about you?
All data collected about you will be stored in paper format securely at our premises. No data collected about you will be stored or shared outside of the European Union.
How long will we keep information/data about you?
In accordance with the Code of Professional Conduct published by the British Acupuncture Council, your data will be kept for the duration of your treatment and for seven years thereafter. In the case of children receiving treatment through us, their data will be kept until they reach the age of twenty-five years (seven years after their eighteenth birthday).
What are my rights in relation to the information/data you hold about me?
You have the right to access the data we hold about you within 30 days. Please send all requests for data access to: firstname.lastname@example.org. You may be charged a reasonable fee for the administrative costs involved in copying your records.
We want to make sure that your personal data is accurate and up to date. You may ask us to correct or remove any information you think is inaccurate.
Who do I contact in relation to my information/data?
Please contact email@example.com if you have any queries or concerns in relation to your data privacy.