Halcyon Therapies Ltd Privacy Notice
Halcyon Therapies is committed to ensuring appropriate use of your personal data and aims to be open and transparent about its data processes. A pledge has been registered with the Information Commissioners Office to indicate our support for people’s data rights and the “Your Data Matters” campaign.
Information I Collect
To confirm your appointment and aid your treatment, you will normally provide me with certain information such as your name, email address, postal address and medical information. I will store limited information in a password-protected online diary to assist with appointment scheduling, which I will also access on a thumb/password protected smart phone and on a password protected computer.
Why I Need Your Information and How I Use It
I rely on a number of legal bases to collect, use, and share your information, including:
- Where it is necessary for the purposes of the provision of health care as needed to provide my services, such as when I use your information to fulfil your assessment and treatment, or to provide after-care support.
- When you have provided your consent, which you may revoke at any time, such as by signing up for my mailing list.
- If necessary to comply with a legal obligation or court order or in connection with a legal claim.
From time to time I may wish to send you direct marketing material which may include product offers and newsletters. If you are happy for me to do this then you will be asked to stipulate below, your preferred method/s of contact. You will be able to request no marketing and will also be able to change your mind at any time.
- No Marketing
Information Sharing and Disclosure
I may share your personal information for very limited reasons and in restricted circumstances, as follows:
- Medical Professionals. Only with your explicit verbal consent, I may share information with medical professionals (such as your GP) if this is considered in your best medical interest and for continuity of care.
- Service Providers. I may engage certain trusted third parties to perform functions and provide services to my business (such as maintenance of electronic medical record). I will share your personal information with these third parties, but only to the extent necessary to perform these services.
- Business Transfers. If I sell or merge my business, I may disclose your information as part of that transaction, only to the extent permitted by law and with your consent.
- Compliance with Laws. I may collect, use, retain, and share your information if I am legally required to.
I will retain your personal information only for as long as necessary to provide you with my services, to comply with my legal and regulatory obligations and to resolve any disputes. The retention of therapy client records is normally for 5 years after the last appointment. If I need to retain your records for longer, I will inform you of this at the earliest opportunity.
Transfers of Personal Information Outside the EU
It is not envisaged that your data will be transferred outside of the UK, and hence your data will be protected by UK laws.
You have a number of rights in relation to your personal information. While some of these rights apply generally, some rights may be restricted. I describe these rights below:
- Access. You have the right to access and receive a copy of the personal information I hold about you by contacting me using the contact information below.
- Change, restrict, delete. You also have rights to change, restrict my use of, or delete your personal information. Some health records are exempt from change and deletion requests.
- Object. You can object to (i) my processing of your information and (ii) receiving marketing messages from me even if you have previously given your consent to receive them.
- Complain. If you wish to raise a concern about my use of your information (and without prejudice to any other rights you may have), you have the right to do so with the Information Commissioner www.ico.org.uk
How to Contact Me
I, Sarah Coulson, am the Data Controller of your personal information. I am registered with the Information Commissioners Office. If you have any questions or concerns, you may contact me on email: email@example.com