Who Are We?
We are Cara Beckinsale Acupuncture. We provide treatment in Hove at The Float Spa and Brighton Health and Wellbeing Centre. We are what is known under data protection law as the Controller of your personal data and we can be contacted in relation to our processing of your personal data at email@example.com
What personal data do we collect from you?
We collect both general categories and special categories of personal data directly from you. We collect these data directly from you when you’re making an appointment for treatment with us and during your treatment /s. These data include the following:
- Contact details – name, address, email, telephone number, emergency contact number
- Payment details – bank, account number
- Data about you – date of birth
- Data during treatment – health and medical history (including medications and treatments), culture, race, religion, data about relationships and sex life, dietary data, fitness data and other general and special category that you disclose to us during your treatment.
Why do we collect your data?
We collect your data for the following reasons:
- To make appointments for you
- To tailor your treatment during your appointment
- To collect payment from you
- To provide you with a copy of our newsletter via your email address when you provide it to us
- Your personal data is not used for automated decision making.
How do we process your data?
We process your data on the basis of consent, for legal reasons and pursuant to our treatment contract with you. Only persons who need access to your personal data to perform duties in relation to your appointments are granted access to your personal data. We understand the sensitivity of the data you provide us, and we implement a number of measures to safeguard your data when it is in our custody and to prevent it from being damaged, subject to unauthorised access, destroyed or disclosed to third parties without your permission. These measures are both organisational and technical and include:
- Restricted access to your patient data and treatment notes
- Secure storage of your patient files at all times
- Your patient file is kept in a physically secure facility with access restricted by key or password protected and identifiable by initials only on a single laptop not shared within a network.
- Technology is used to process your data only when you call , correspond with us via our website, via email, or choose to use the online booking portal provided by Acuity. These service providers have in place appropriate measures to protect your personal data.
Who do we share your personal data with?
- The Float Spa Hove – when you make a booking for treatment with us here.
Brighton Health and Wellbeing Centre- when you make a booking for treatment with us here.
- Acuity Scheduling – when you make a booking through their software service.
We may also share your personal data with other in the following situations:
- Where law requires us to do so with or without your knowledge (e.g., where we maybe expected to alert authorities if we believe you will harm yourself or another)
- When we refer you to a fellow practitioner for treatment with your permission.
How long do we store your data for?
- We retain your personal data for as long as you remain a patient. If you stop coming for treatment, then we retain your data for just 6 months following your last treatment. However, we may keep your personal data for a period of time longer than 6 months if we are required by law to do so and in that case, we will retain your data for a period of up to 7 years.
What are your rights?
You may exercise the following rights in relation to the personal data we hold about you:
- Right to information about how we process your data
- Right to withdraw your consent to our processing of your personal data at any time
- Right to access your data
- Right to rectification
- Right to erasure
- Right to data portability
- Right to object to processing in certain circumstances
- Right to lodge a complaint with the national Supervisor Authority if you believe our processing of your data has been unlawful.
You may contact us to exercise these rights at firstname.lastname@example.org and we will respond within 30 days.