Thrive London, GDPR, and Your Personal Information
As a lot of people will be aware from 25th May 2018 new legal guidelines have been placed to protect people’s personal data of anybody we work with both from a client perspective and any affiliated organisations including suppliers, contractors and associations. At the heart of my practice is a deep commitment to the welfare of my clients and practice, and as such this is a brief overview of the policies I keep in place to ensure the protection of any information I personally hold. If you ever have concerns about my handling of your personal information or how or where any information is held, you can raise your concerns directly with me or The Association of Licensed Thrive Programme Consultants
- I am committed to an ethical practice that any information I verbally or written hold that this information will under no circumstance be divulged to any third party without legal requirement to do so. Due to the sensitive nature of my practice all information between client and myself is strictly private unless there is a threat to the wellbeing on the individual and I am legally required to comply. I am deeply committed to confidentiality unless given written permission by the individual concerned.
- Clinic and home practices – in both circumstances any written documents or data will be stored in a locked filing cabinet. This information can or may include appointment times, payment information, session notes, email or written communication between clients and myself. Emails are stored on a ssl secured mail system on a password controlled MAC computer with sole household access to myself. The clinic I use holds records of clients for insurance purposes which are filed in a locked cabinet in the building with high security evening security shutters. No course or session notes are stored at this location. The clinic (as it is a pharmacy) does have cctv in practice, however, this is to protect the pharmacy staff and would not be accessible to identify individual clients unless this was an official legal request. Any online documents exchanged are held in a secure paid Dropbox account under my name with frequent password protection requirements. Should this secure system fail all clients will be notified via email of any breach as soon as possible and the situation will be rectified as soon as possible. Again see point one for contact information should this be an issue.
- Emails and other client data is held for an appropriate time, but is reviewed and deleted regularly to ensure it is not held for longer than is appropriate.
- All phone communication is solely under my command. Whatsapp messages are securely encrypted, shared analytics data for the phone has been switched off and the phone has both password and fingerprint security enabled.
- I will avoid sharing hugely sensitive data on any email and instead be sent over secure file sharing file-transfer services.
- Any testimonials, social media sharing quotes or information will be required to have written permission to be used in order to ensure that clients are happy for their information to be shared. Subject to having this permission the material can be used, however, any subsequent use I cannot be liable for how this information is used. You can ask for its removal/erasure from my systems and public sites at any time. Anything propagated outside of initial personal actions, I will help to remove as far as I am able.