Data Protection Policy & Procedures For Natural Therapies For You (NTFY)

Data Protection Policy & Procedures For Natural Therapies For You (NTFY)

Last updated March 2018

Data Protection Officer for NTFY = Sue McFarlane, Owner & Therapist,

Office Address : 32 Kestrel Drive, Bingham, NG13 8QD (NO THERAPIES OR SERVICES HERE)

Use of Data = Privacy Notice

The Data provided by an individual to NTFY would comprise personal information required to deliver the services or treatments as contracted by the client/individual, consent for said consultations & treatments and the issuing of NTFY publications by post, email or text for the purpose of delivering a service or therapy/event information.

This would be in the form of actual signed consent indicated on a written document or copy of email after May 2018.

Individuals who have received services from NTFY before May 2018 will have been asked for their consent and will, over a period of time be asked to reaffirm their agreement, in writing.

An individual has the following rights:

the right to be informed what data is held & why NTFY keeps their data (see above);

the right of access if the individual requires a copy of their data, then a written/email request would be required & a copy would be produced within one month;

the right to rectification if any of the said data contains any errors, these would be corrcted within one month of notification;

the right to erasure of any data held by NTFY, although there is a limited set of

circumstances when this request can be refused :

to exercise the right of freedom of expression and information;

to comply with a legal obligation for the performance of a public interest task or exercise of official authority.

for public health purposes in the public interest;

archiving purposes in the public interest, scientific research historical research or

statistical purposes; or

the exercise or defence of legal claims.;

the right to restrict processing where an individual can request limiting the use of their data ie no longer wishes to receive any marketing notifications = unsusbcribe;

the right to data portability;

the right to object;

the right not to be subject to automated decision-making including profiling

the right to complain to the ICO if they feel their data is not being handled professionally

Personal Data Retention = NTFY will hold data for 7 years after last service delivery or contact to comply with Professional Association & Insurance requirements.

Data Breaches Procedure = On becoming aware of a data breach, NTFY will attempt to contain it and assess any potential adverse consequences for individuals, based on how serious or substantial these are and how likely they are to happen. In some very serious cases, NTFY may need to inform individuals directly that a breach has taken place especially if a breach is likely to result in a high risk to the rights and freedoms of individuals and will be done as soon as possible.

Sue McFarlane, Natural Therapies For You March 2018