Privacy Policy INTRODUCTION
This privacy notice provides you with details of how we collect and process your personal data through your use of our website: www.ka-therapy.co.uk and our therapy services. If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
OWNER AND DATA CONTROLLER
Kelly-Anne Astley,
KA-Therapy,
info@ka-therapy.co.uk
07432233978
WHAT PERSONAL INFORMATION WE COLLECT?
We collect the following Personal Data from Users:
Identity Data may include your first name, last name, date of birth. Contact Data may include your billing address, email address and telephone numbers Special Category Data may include information that is necessary for the purposes of preventative or occupational medicine, medical diagnosis, the provision of health or social care treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional. This may include insurer details, GP details, medical records, treatment plans, letters, documentation and communications with other healthcare professionals. Technical Data may include your internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access our site Usage Data may include information about how you use our website such as session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. Cookie Data information gathered using cookies in your web browser. WHEN DO WE COLLECT PERSONAL DATA?
Personal Data is collected from Users when:
filling in forms on our website communicating with us in person, by post, phone, email requesting resources be sent to you providing feedback you visit our website. Information is automatically collected such as Technical Data about your equipment, browsing actions and usage patterns of our website. We collect this data by using cookies, server logs and similar technologies. WHY DO WE COLLECT INFORMATION?
To provide and operate the Services; To provide our Users with ongoing assistance and support; To create aggregated statistical data and other aggregated and/or inferred non-personal Information, which we or our business partners may use to provide and improve our respective services; To comply with any applicable laws and regulations. Your personal information will be used for the specific reasons stated above only. Data privacy law allows this as part of our legitimate interest in understanding our Users and delivering the best possible service. HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
We will only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or healthcare reporting requirements. By law we must keep information about our Users (including Special Category, Contact, Identity, Financial and Transaction Data) for six years after they cease being Users for legal and tax purposes. Once the retention period expires, Personal Data shall be deleted. HOW WE PROTECT YOUR WEBSITE PERSONAL DATA
We know how much Data security matters to all our Users. We will treat your Data with the utmost care and have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. The electronic clinical notes system we use called WriteUpp to document your clinical notes, our website contact and our emails are all secured using ‘https’ technology. We will notify you and any applicable regulator of a breach where we are legally required to do so. DATA RELATING TO OUR THERAPEUTIC CONTRACT
KA-Therapy are the Data Controller. This involves controlling Data that is connected to the therapeutic contract which includes Identity, Contact and Special Category Data. Special Category Data may include information that is necessary for the purposes of preventative or occupational medicine, medical diagnosis, the provision of health or social care treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional. This may include insurer details, GP details, medical records, treatment plans, letters, documentation and communications with other healthcare professionals. Any written anonymised notes used in sessions are kept in a folder in a locked cabinet outside of therapy sessions. KA-Therapy cloud-based software called WriteUpp to record the special category data electronically. WriteUpp are the Data Processor for KA-Therapy. Electronic data is stored by WriteUpp in a highly secure data server centre in the United Kingdom. In addition, your data is backed up to a separate server vault in a geographically separate location. KA-Therapy are confident that cloud-based storage currently presents a more secure way of storing clinical records than on a standalone computer. All data is stored and protected in accordance with the General Data Protection Regulations. WEBSITE COOKIES
In order for some of these technologies to work properly, a small data file (“cookie”) must be downloaded and stored on your device. By default, we use several persistent cookies for purposes of session and user authentication, security, keeping the User’s preferences (e.g., regarding default language and settings), monitoring performance of our services, and generally providing and improving our Services. If you want to delete or block any cookies, please refer to the help and support area on your internet browser for instructions on how to locate the file or directory that stores cookies. Please note that deleting our cookies or disabling future cookies or tracking technologies may prevent you from accessing certain areas or features of our Services or may otherwise adversely affect your user experience. Cookie Types
Strictly Necessary Cookies – These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services such as filling in the contact form. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Analytics Cookies – These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance. Targeting Cookies – These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. WHAT ARE MY RIGHTS?
Users may exercise certain rights regarding the processing of Personal Data by the Owner.
Right to withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data. Right to object to the processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Right to access their Data. Users have the right to learn if Data is being processed by the Owner and obtain a copy of the Data being processed. Right to verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected. Right to restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it. Right to have their Personal Data deleted. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner. However, this does not apply to medical records. Right to receive their Data and have it transferred to another controller. Users have the right to receive their Data and, if technically feasible, to have it transmitted to another controller without any hindrance. Right to object. Users have the right to bring a claim before their competent data protection authority. DETAILS ABOUT THE RIGHT TO OBJECT
Where Personal Data is processed for the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection. Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification.
HOW TO EXERCISE YOUR RIGHTS
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be free of charge and will be addressed by the Owner within one month.
CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
CONTACTING THE INFORMATION COMMISSIONER’S OFFICE (UK)
If you have any issue with how your Data has been handled or are not satisfied with the response you have received to any request, you have the right to lodge a complaint with the Information Commissioner’s Office by calling 0303 123 1113 or go online to www.ico.org.uk/concerns.
INFORMATION NOT CONTAINED IN THIS POLICY
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, contact our Privacy Compliance Officer at:
KA-Therapy info@ka-therapy.co.uk 07432233978
DEFINITIONS AND LEGAL REFERENCES
Personal Data (Data) Any information that directly, indirectly, or in connection with other information — allows for the identification of a natural person.
Usage Data Information collected automatically through this website.
User and You The individual using the website who, unless otherwise specified, coincides with the Data Subject.
Data Subject The natural person to whom the Personal Data refers.
Data Processor The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.
Data Controller (or Owner) The Data Controller, unless otherwise specified, is the Owner of this Website and Business.
This Website The means by which the Personal Data of the User is collected and processed.
Service The service provided by this website as described on this site.
Owner KA-Therapy
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Cookies A small piece of Data stored in the User's device.