Fair Processing Notice for Clients

Introduction

At Cariad Holistic Health & Wellness, we respect your personal data. This Fair Processing Notice explains how we will use your personal data when you visit us to receive or talk about a treatment (i.e. you are a Client).

Who are we?

I am Nicola Sparkes, trading as Cariad Holistic Health & Wellness. If you have any questions about anything in this privacy policy then please email me on hello@cariadholistichealth.com

What personal data do we collect about you? How will we use that personal data?

When you visit us to talk about a treatment, we will take some personal data from you including:

Full name; Date of Birth; Address; Phone number(s); Email address.

To effectively treat you, we also need to collect your Medical History, which is classed as “Special Category Data” under GDPR. We must treat this type of data even more seriously than your regular Personal Data.

All of your Personal and Special Category data are contained in our Personal Details form and these are kept securely in a locked cabinet, in a locked room. This data is not available electronically and is not shared with any other companies or people.

What is our legal basis for processing your personal data?

We need a legal basis in order to process your personal data. For the personal and special category data you provide in our personal data form, the legal basis is “Consent”.

You are free to withdraw consent at any time and you can do so by emailing hello@cariadholistichealth.

Do we use any automated decision making?

We do not use any automated decision making.

Who do we share your personal data with?

We share your personal data with:

· Health or medical providers (when it is in your vital interests or when we are required to do so by law)

· Law enforcement agencies (where we are required to do so by law)

· Our card payment provider (Square) where you pay for your treatment by credit or debit card

Do we transfer your personal data outside of the EU or EEA?

Our card payment provider sometimes use systems outside the EU/EEA to handle card processing. Full information can be found here: https://squareup.com/gb/en/legal/general/privacy

How long do we keep your data for?

We will hold your data for no more than three years.

Your rights as a data subject

The GDPR gives you rights as a data subject. You have:

1. the right to request from us access to your personal data;

2. the right to request from us rectification of your personal data;

3. the right to request from us erasure of your personal data;

4. the right to request from us restriction of processing your personal data;

5. the right to object to our processing of your personal data;

6. the right of data portability;

7. the right to withdraw your consent at any time. This does not affect the lawfulness

of processing based on your consent before you withdrew it; and

8. You have the right to complain to the ICO.

More information on your rights can be found in Chapter 3 of the GDPR.