Reclaiming You Therapy
Privacy Policy​
​About me:
Reclaiming You Therapy is committed to protecting and respecting your privacy.
I understand that your personal data is entrusted to me and I appreciate the importance of protecting and respecting your privacy. To this end, I comply fully with the data protection law in force in the UK (Data Protection Laws) and with
all applicable clinical confidentiality guidelines.
This Privacy Policy sets out the basis on which any personal data I collect from you, or that you provide to me, will be processed by me. It explains my practices regarding the collection, use, storage and disclosure of personal information that I hold about you.
Please read the following carefully to understand my practices regarding your personal data, how I will treat it and your rights in relation to that data. By providing your personal data to us or by using our services, website or other online or digital platforms you are accepting or consenting to the practices as described or referred to in this Privacy Policy.
When the policy refers to ‘I’ ‘me’ and ‘my’, it refers to Reclaiming You Therapy.
​
​
What personal data may we collect from you?
When I refer to personal data in this policy, I mean information that can or has the potential to identify you as an individual.
Accordingly, I may hold and use personal data about you as a customer, a patient or in any other capacity, for example, when you visit my website, complete a form, access our services or speak to us.
Personal data I collect from you may include the following:
-
Information that you have given me when you enquire, become a customer or patient with me; including name, address, contact details, GP, emergency contact (including email address and phone number)
-
Detail of referrals, quotes and other contact and correspondence I may have had with you.
-
Details of services and/or treatment you have received from me or which have been received from a third party and consented for this information to be shared with me.
-
Information obtained from customer surveys, promotions and competitions that you have entered or taken part in.
-
Notes and reports about your health and any treatment and care you have received and/or need.
-
Patient feedback and treatment outcome information you provide
-
Information about complaints and/or incidents
-
Information you give me when you make a payment to me, such as financial or credit card information.
Other information received from other sources, including from the use of websites and other digital platforms I operate or the other services I provide, information from business partners, advertising networks, analytics providers, or information provided by other companies who have obtained your permission to share information.
When do we collect personal data about you?
I may collect personal data about you if you:
-
Visit one of my websites
-
Enquire about any of my services
-
Register to be a customer or patient with me or book to receive any of my services
-
Fill in a form or survey
-
Carry out a transaction on my website
-
Participate in a competition or promotion or other marketing activity
-
Make online payments
-
Contact me, for example by email, telephone or social media
-
Participate in interactive features on the website or social media.
What personal data may we receive from third parties and other sources?
I may collect personal data about you from third parties such as from the NHS or previous therapy services for the continuity of your care:
-
I may be passed medical information usually in the form of a referral for the purposes of your treatment with Reclaiming You Therapy or a third-party consultant;
-
Insurance providers will pass Reclaiming You Therapy personal data of patients who have commenced a claim and require treatment with me. This will normally be in the form of a referral and may consist of basic details e.g full name, date of birth, address, contact number and email address and the type of treatment you require.
How do we lawfully process your personal data?
Your personal data will be kept confidential and secure and will only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy, applicable Data Protection Laws, clinical records retention periods and clinical
confidentiality guidelines.
Set out below are some of the ways in which I process personal data although to do so lawfully I need to have a legal ground for doing so. We normally process personal data if it is:
-
Necessary to provide you with my services – to enable me to carry out my obligations to you arising from any contract entered into between you and I. Including the provision of services or treatments by me and related matters such as billing, accounting and audit, credit or other payment card verification and anti-fraud screening.
-
In my or a third party’s legitimate interests to do so – see details below
-
Required or allowed by any applicable law
-
With your explicit consent for example direct marketing communications
Generally, I will only ask for your consent to processing if there are no other legal grounds to process. In these circumstances, I will always aim to be clear and transparent about why I need your consent and what I am asking for. Where I am relying on consent to process personal data you have the right to withdraw your consent at any time by contacting me using the details below and I will stop the processing for which consent was obtained.
To process special category data I rely on additional legal grounds and generally,
they are as follows:
-
With your explicit consent
-
It is necessary for the purposes of treatment, to assess, provide health care treatment, or manage health care systems. This may also include monitoring whether the quality of my services or treatment is meeting expectations.
-
It is necessary to establish, make or defend legal claims or court action
-
It is necessary for a public interest purpose in line with any laws that are applicable. This should assist in protecting the public against dishonesty, malpractice or other seriously improper behaviour, for example, investigating complaints, clinical concerns, regulatory breaches or investigations for example HCPC, BABCP or ICO.
Processing of personal data which you have made public:
As stated above, one of the legal grounds for processing data is where it is in my legitimate interest to do so, taking into account your interest’s rights and freedoms. This allows me to manage the relationship that exists between you and I and can include the following reasons:
-
Provide you with information, products or services that you request from me.
-
Managing all aspects of my relationship with you, our products and services.
-
Allow you to participate in interactive features of my services, when you choose to do so.
-
Notify you about changes, new releases or updates to our products or services
-
Keep my records up to date
-
Respond to requests where I have a legal or regulatory obligation to do so
-
Check the accuracy of information about you and the quality of your treatment
-
or care, including auditing medical and billing information for insurance claims as well
-
as part of any claims or litigation process
-
Assess the quality and/or type of care you have received (including giving you the opportunity to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated
-
To conduct and analyse market research
-
To ensure that content from my websites is presented in the most effective manner for you and for your computer
-
To allow me to ensure website terms of use, my policy terms and conditions or other contracts, or to protect my or other’s rights, property or safety
-
To share your personal information with people or organisations in order to run my business or comply with any legal and/or regulatory obligations including to defend myself from claims, exercise my rights and adhere to laws and regulations that apply to me.
The security of your personal data:
I protect all personal data I hold about you by ensuring that I have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data from being lost, destroyed or damaged. I conduct assessments to ensure the ongoing security of my information systems.
Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws.
By submitting your personal data, and in providing any personal data to me, you understand the basis for this transfer, storing or processing. I will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.
​​
All information you provide to me is stored securely. Any payment transactions on my website will be processed securely by third-party payment processors. Where I have given you (or where you have chosen) a password that enables you to access certain parts of the website, you are responsible for keeping that password confidential. I ask you not to share a password with anyone.
The transmission of information via the internet cannot be guaranteed as completely secure. However, I ensure that any information transferred from my Digital Patient Record (Clinix) is via an encrypted connection. Once I have received your information, I will use strict procedures and security features to minimise the risk of unauthorised access. I do kindly ask you to not send personal information or therapy resources via social media as these may not always be encrypted.​
​
At your request, I may occasionally transfer personal information to you via email, or you may choose to transfer information to me via email. Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so understanding the risks associated with doing so.
​
How long do we retain your personal data?
Unless we explain otherwise, the following guidelines will explain how long we will retain your personal data:
-
For as long as I have a reasonable business need, such as managing my relationship with you.
-
For as long as I provide services and/or treatment to you and then for as long as someone could bring a claim. (in general this is a period of 8 years); and/or
-
In line with legal and regulatory requirements.​
​
Disclosure of your personal data to third parties:
In the usual course of my business, I may disclose your personal data (which will be limited to the extent reasonably necessary) to certain third-party organisations that I use to support the delivery of my services.
This may include the following:
-
organisations providing IT systems support and hosting in relation to the IT systems on which your information is securely stored.
-
Third party debt collectors for the purposes of debt collection,
-
Third-party service providers for the purposes of the storage of information and confidential destruction, third-party marketing companies for the purpose of sending marketing emails, subject to obtaining appropriate consent.
Where a third-party data processor is used, I ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws
Special Category information collected during the provision of treatment or services:
Special category data (including information relating to your health) will only be disclosed to third parties in accordance with this Privacy Policy. That includes third parties involved with your treatment or care, or in accordance with UK laws and guidelines of appropriate professional bodies. Where applicable, it may be disclosed to any person or organisation who may be responsible for meeting your treatment
expenses or their agents (GP / Insurance etc). It may also be provided to external service providers and regulatory bodies (unless you object) for the purpose of clinical audit to ensure the highest standards of care and record keeping are maintained.
Your GP: If I feel it is clinically advisable, I may also share information about your treatment with your GP. You can ask me not to do this, in which case I will respect that request if I am legally permitted to do so, but you should be aware that it can be potentially very dangerous and/or detrimental to your health to deny your GP full information about your medical history.
Your insurer: I share with your medical insurer information about your treatment, its clinical necessity and its cost, only if they are paying for all or part of your treatment with me. I provide only the information to which they are entitled. If you raise a complaint or a claim I may be required to share personal data with your medical insurer for the purposes of investigating any complaint/claim.
​
The NHS: If you are referred to me for treatment by the NHS, I will share the
details of your treatment with the part of the NHS that referred you to me, as
necessary to perform, process and report back on that treatment.
Practice Regulators: I may be requested, and in some cases can be required, to share certain information (including personal data and special category data) about you and your care with regulators such as the Health and Care Professions Council (HCPC), for example, if you make a complaint, about the conduct of a health and care professional involved in your treatment is alleged to have fallen below the appropriate standards and the regulator wishes to investigate. I will ensure that I do so within the framework of the law and with due respect for your privacy.
In an emergency and if you are incapacitated, I may also process your personal data (including special category data) or make personal data available to third parties on the basis of protecting your ‘vital interest’ (i.e. your life or your health).
​
I will use your personal data in order to monitor the outcome of your treatment by myself and any treatment associated with your care.
Information gathered as a visitor to our website:
I may automatically collect personal data about you. I receive, collect and store any information you enter on our website or provide us in any other way.
​
What do we do with any non-personal information collected when accessing the website?
Certain information which you submit may also be collected to enable me to better understand my customers, to improve the website, to inform general marketing and to help provide a better experience of my services. I may use cookies to do this. I may also use other companies to set cookies on the website and gather cookie information for us – please refer to the information detailed below.
​
What type of information do we collect?
I receive, collect and store any information you enter on the website or provide me in any other way. In addition, I collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. I may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. I also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.
​
How do we collect information?
When you conduct a transaction on the website, as part of the process, I collect personal information you give me such as your name, address and email address. Your personal information will be used for the specific reasons stated above only.
​
Why do we collect such personal information?
I collect such Non-personal and Personal Information for the following purposes: To provide and operate the Services; To provide my Users with ongoing customer assistance and technical support; To be able to contact my visitors and users with general or personalised service-related notices and promotional messages; To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which I or business partners may use to provide and improve the respective services; To comply with any applicable laws and regulations.
​
How do we store, use, share and disclose site visitors' personal information?
Reclaiming You Therapy website is hosted on the Wix.com platform. Wix.com provides me with the online platform that allows me to promote the services and offer products to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. All direct payment gateways offered by Wix.com and used by the company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
​
How do we communicate with you as site visitors?
I may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our service/user agreement, applicable national laws, and any agreement I may have with you. For these purposes I may contact you via email, telephone, text messages, and postal mail.
​
How do I use cookies and other tracking tools?
_ga: Purpose- distinguishes one visitor from another, enabling the service to track user sessions and provide accurate analytics to Google analytics.
_gid: Purpose- to differentiate between users and sessions. It is created when the JavaScript library is executed and is updated each time data is sent to Google Analytics.
_ga:- Purpose- throttle request rate and limit data collection on high-traffic sites.
_XSRF-TOKEN- Purpose: Detection of fraud, protects against Cross-Site
Request Forgery (CSRF) attacks.
_Hs: Purpose- Security cookie for Hive (legacy)
_svSession: Purpose: Stores session information for identification.
_SSR-caching- Purpose: Improving website performance by pre-rendering.
_TS*: Purpose- Attack detection.
_bSession: Purpose: system effectiveness measurement.
_fedops.logger.sessionId: Purpose: Used for logging and tracking errors or issues
_wixAB3|* Purpose: for A/B testing or personalisation.
_server-session-bind- Purpose: API protection
_Client-session-bind- Purpose: API protection
​
Marketing
If you have consented to our processing your personal data for marketing purposes, in accordance with this Privacy Policy, I may send you information (via mail, email, phone or SMS) about my products and services which I consider may be of interest to you.
How can you withdraw your consent?
You have the right to withdraw your consent to us processing your information in this way at any time. If you no longer wish to receive web based marketing information you can unsubscribe by emailing reclaimingyoutherapy@gmail.com.
​
I would ask you to give us a reasonable amount of notice, to give us time to update the system. While the precise timings vary based on business demands I kindly ask that you give me at least 30 days’ notice.
​
Your Rights under Data Protection Laws
The law gives you certain rights in respect of the personal data that I hold about you as well as information about what I do with it, who I share it with and how long I will hold it for. I may make a reasonable charge for additional copies of that data beyond the first copy, based on administrative costs.
The website of the Information Commissioner’s Office (https://www.ico.org.uk) has a wealth of
useful information in respect of your rights in your personal data.
In addition to your right to stop marketing, detailed above, below is a short overview of the most
commonly-used rights.
-
Data subject Access Request – With some exceptions designed to protect the rights of others, and subject to payment of a small administrative fee (currently £10, or up to £50 for paper-based health records), you have the right to a copy of the personal data that I hold about you
-
The right of Erasure (‘Right to be Forgotten’) – the right to have your personal information erased where I have no reason to continue processing;
-
DataPortability – the right to move, copy or transfer the personal information you have provided to me;
-
Rights in relation to automated decision making which has a legal effect or otherwise significantly affects
-
Right to Rectification – You have the right to have the personal data I hold about you corrected if it is factually. It is important to understand that this right does not extend to matters of opinion, such as a therapy assessment. If any of your personal data has changed, especially contact information such as: email address, postal address and phone number please get in touch with us on reclaimingyoutherapy@gmail.com so I can ensure your personal data is kept up to date.
​​​
If you want to exercise your rights in respect of your personal data, the best way to do so is to contact me by email on reclaimingyoutherapy@gmail.com
In order to protect your privacy, I may ask you to prove your identity before I take any steps in response to such a request.
​
If you are not satisfied with how I handle your request, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit their website (https://www.ico.org.uk).
​​
Privacy policy updates
I reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If I make material changes to this policy, I will notify you, that it has been updated, so that you are aware of what information I collect, how I use it, and under what circumstances, if any, I use and/or disclose it.
​
Questions and your contact information?
Please feel free to contact me directly at reclaimingyoutherapy@gmail.com or on 07831323509
​