top of page

Oak Homeopathy Privacy Policy

 

About this document

This document will help you understand how I collect, use and protect your personal information. If you have any queries about the Greene Homeopathy privacy policy, or how I process your personal information, please contact me on 07884 147443, or email me on caroline@oak.scot

 

Who I am

I am the practicing homoeopath at: Oak Homeopathy, Crieff, Perthshire, PH7 3NX.

I am a ‘data controller’ and ‘data processor’ under the UK GDPR and the Data Protection Act 2018. I am registered with the Information Commissioner’s Office.

 

The information I collect about you

I require you to provide me with the following information:

  • name, address, occupation, date of birth

  • next of kin

  • contact details, including telephone numbers and email address

  • health details and medical history including family medical history

  • medication you are taking and have taken in the past plus vaccination history

  • Information pertinent to your presenting physical and mental symptoms

  • in the event of a professional conduct investigation, I may require additional information such as criminal convictions

 

How I collect information about you

I collect and update personal information from you directly:

  • when you come for an appointment

  • when you contact me outwith appointments by text, email or telephone/videocall

  • when you inform me of a change of contact, medication (or other) details

  • I will amend information pertinent to your presenting physical and mental symptoms

 

How I use your information

I store and use your personal information on the following legal bases:

Health and clinical data is special category data processed under Article 9(2)(h) UK GDPR — necessary for the provision of healthcare and the management of health treatment. All other personal data (contact details, next of kin, etc.) is processed on the basis of legitimate interests, necessary for the delivery of my services.

 

Who I share your data with

I share your information with:

  • No one, unless required (see next bullet)

  • If required (for legal and/or professional conduct issues), with authorised regulators and law enforcement agencies

  • Only with your permission, I will occasionally seek the professional opinion on my method or prescription, of Michael Smith Lic ISH, ISHom, MSc, Chairman European Central Council of Homeopaths - my case supervisor based in Co Wicklow, Ireland.  If this happens I send a summary of my treatment and your presenting symptoms and any reference to names/places is deleted.

 

How I store your data

My data is securely stored electronically and any hard copy is cross-shredded as soon as I have recorded it in your file. Only I have access to your data, and all electronic systems are password protected. I do not use cloud-based storage for clinical records. Appointment booking is managed through Wix, whose privacy policy and data practices can be found at wix.com/about/privacy.. I back-up data on a weekly basis to reduce the likelihood of accidental loss or damage to files.

 

How long do I keep your information

I will retain your personal information for reference and analysis to allow me to make the best prescription for you.  Your information will be kept for up to 7 years, following your last appointment or your 18th birthday if you are a minor.  After which time it will be archived or deleted. Any retention of personal data will be done in compliance with legal and regulatory obligations. Please note data retention periods may be subject to change without further notice as a result of changes to associated law or regulations.

 

Your rights

Under GDPR you have the following rights:

  • to obtain copies of the personal information I hold about you

  • to require I cease processing your personal information if the processing is causing you damage or distress

  • to request I do not send you news or marketing communications

  • to require me to correct the personal information I hold about you if it is incorrect 

  • to require me to erase your personal information – this must be a written request, with your reasons for requesting erasure clearly stated.

  • to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been processed unlawfully — ico.org.uk

 

Please note that these rights may be limited by Data Protection legislation, Contract law, Criminal law and Human Rights legislation, and I may be required to refuse requests where exemptions apply.

 

A data breach

In the event of a data breach occurring, I would immediately inform everyone affected, and take whatever steps necessary to minimise impact. I would also report the breach to the ICO.

bottom of page