Our website address is: https://retrainyourgut.com.
This privacy statement was last updated on 10th June, 2021 and applies to citizens of the UK and EU.
We will always follow General Data Protection Regulation (GDPR) guidance when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner’s Office https://ico.org.uk. For the purposes of the GDPR, we will be the ‘controller’ of all personal data we hold about you.
About This Policy
This policy explains when and why we collect personal information from you, how we use it, how we keep it secure and your rights in relation to it.
We may collect, use and store your personal data when we collect data from you.
The Purposes for which we hold Personal Data
We keep client data on the basis that it is of ‘legitimate Interest’, meaning we only ask for data needed by us to fulfil the contract that we have with the client (i.e. to provide therapy) and that it is data that you would reasonably expect us to hold and use.
The data we hold includes any information you have sent us by email, text message, letter or via messaging services.
For those who make an enquiry the data we hold includes the contact information you have given us, such as name, email address, phone number, address.
For those who book and attend at least one session, the data we hold includes:
- Contact information such as name, email address, phone number, home address.
- Information that you give us as part of the work we do together, including the address of a medical practitioner.
- Records of what interventions that we use (or potentially do not use) in our sessions.
- Emails, texts and/or other communications that are sent between us.
- Information sent from any third party, e.g. GP, insurance company.
- Contact data if required for a Covid-19 contact tracing scheme.
- Health data is regarded as a special category of data by the General Data Protection Regulation. More specifically ‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status’
Health data may, on rare occasions, be shared with a medical practitioner, or for any reason covered by the Requirements for Disclosure. These requirements are detailed: more information on – https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/
The data is primarily used to enable us to provide therapy for you. It may also be used for scientific research and statistical research purposes in an anonymised form.
If we need to share your email or phone data with a third party for the process of transferring sound recordings, or for offering therapy via an online platform such as Zoom or Microsoft Teams, we will ask for your consent first.
How we protect your Personal Data
- We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
- Any texts or private Facebook messages sent between us are either stored on my iPhone, which is pin protected, or on a secured computer hard drive.
- Your notes are handwritten and are kept in a locked filing cabinet.
- A client database is kept with name, address, telephone number and condition. This file is password protected, and stored on my laptop which is again password protected. We use this database when away from the paper filing cabinet. It is also used for statistical analysis.
- Payment card information is shredded as soon as processed.
- If you use PayPal or online banking then clearly these systems will hold your data. For any payments which we take from you online we will use a recognised online secure payment system.
- Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.
- Client information is not needed or used when preparing financial accounts.
- Your data is held for 7 years, but after which all records are destroyed.
- In the event of any breach of your personal data that might expose you to serious risk, we will notify you promptly (within 72 hours) and give full details of the breach to the Information Commissioner’s Office.
- This privacy statement does not apply to third party websites connected by links on our website as we cannot guarantee that these third parties will handle your personal data in a reliable or secure manner. We recommend that you read the Privacy Statements of these websites for more information about their policies and procedures.
Your Rights with regards to Data held by us:
- A right of access. If you write to us, either by letter or email, to ask for the data held about you, we will provide you with all data we hold on you as soon as possible (and definitely within 30 days, unless this is impossible due to holidays or illness).
- The right to rectification. If any data we hold is incorrect, let me know by letter or email and we will correct it as soon as we can (and definitely within 30 days, unless this is impossible due to holidays or illness).
- The right to erasure. If you wish us to erase your data just let us know and we will delete any computer records and shred any paper records as soon as possible following a request (and definitely within 30 days, unless this is impossible due to holidays or illness). NB: data may be retained for scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing but this would never include case notes or details such as address/email/phone numbers.
- The right to restrict processing. This would usually be a stop-gap measure before correction of any errors or before erasure.
- The right to data portability. This might apply if you wanted your notes sent to another therapist for example, but it is likely that the easiest solution would come under the right to access, i.e. we would send the data to you.
- The right to object to:
- You may object to the processing of your data. We comply with this unless there are justified grounds for processing.
- Processing for purposes of scientific/historical research and statistics. For this, you must provide grounds for your objection.
We will not sell or share your personal data, except where required to do so by law.
Our promise is that if any of information is passed on it will only ever be to third parties involved in assisting, or enabling us to deliver therapy. We would only disclose personal data that is necessary for the third party to deliver the service.
Cookies are small files which ask your permission to be placed on your computer’s hard drive so that it can analyse web traffic to my website. Through this I can see which of my website’s pages are being viewed. Most web browsers automatically accept cookies but you can modify your setting to decline them if you prefer. If you choose to do this you may find that you cannot make full use of my website.
You have the right to take any complaints about how we process your personal data to the Information Commissioner: https://ico.org.uk/make-a-complaint/your-personal-information-concerns/
Please contact Antonia Gooder at Retrain Your Gut directly if you have any further questions, comments and requests regarding our data processes.
Antonia Gooder. Retrain Your Gut, 20 Goldney Road, Bristol. BS8 4RB.
www.retrainyourgut.com +44 07876 306 254