Walsall Mind and Body Centre
Walsall Mind and Body Centre aims ensure that we are at all times, not simply compliant but operating to Best practice Standards with regard to Data protection as set out in the General Data Protection Regulation and industry specific guidelines.. We collects only that data which is necessary to ensure your treatment is safe and appropriate, and for contact purposes. The centre and its staff take seriously our duty to keep your data secure so you can have confidence in us and in the work we do. We have developed this policy so that you know what we do with your data.
This policy applies to:
Walsall Mind and Body Centre, which is a trading name of Beedees Ltd . Company number 06043309
1. How your data is collected
1. Who collects your data
Andrea Bradley is the controller of your data, is registered as such with the Information Commissioner’s Officer in the UK, and is personally responsible for the collection and processing of your data. Staff at the centre are trained to gather and process your data in a lawful and appropriate way with due consideration for your privacy.
All data management questions should be directed to Andrea Bradley via Andrea.firstname.lastname@example.org Walsall Mind and Body Centre, 4a Hawes Close, Fullbrook, The Broadway, Walsall, West Midlands, WS1 3HG 01922649142.
1.2 What data is collected
We gather and securely store your name and contact details, and payment history, a brief outline of relevant medical history. Notes may be kept in relation to treatment given, along with any correspondence that relates to you. We also record details you may give us to determine your eligibility for various discount schemes. This includes your membership of or employment by various organisations.
1.3 Where we obtain your data from
In most cases, we will obtain your data directly from you, using an electronic or physical form, or verbally. We may with your written consent gather information from other sources such as your GP or other professionals.
2. How your data is kept secure
2.1 What We do to keep your data secure
We have physical, electronic, and managerial procedures to help safeguard, prevent unauthorised access to your data, maintain data security, and correctly use your information. These include protecting your information using firewalls, password protection and, where appropriate, encryption. Physical records are kept in a lockable storage system.
We use Paypal, Sum up and Stripe to take payments. These services may process your financial details. These services are registered with the Financial Conduct Authority and use advanced encryption technology in order to protect transactions and your data.
We have an agreement with Jelly Software Ltd, a third-party service provider which we use in order to process your data to ensure that they take appropriate measures to ensure the security of your information.
2.2 Who has access to your data
We will never sell your data to any other organisation.
We will never share your data with any other person or organisation unless:
A, you give us your written consent to do so, for example providing details of treatment to your GP or to your insurance company.
B, we are legally required to do so.
3. How your data is processed
We collect data from you mainly through our written client record sheets. You are able to access your digital records stored on Jelly by logging on as a Customer to our Jelly Online system. If you don’t have your log in details please ask and we will provide them. We also receive information from GPS and other health providers, and will only request this with your full knowledge and written consent. This information will only be requested if it is necessary for your treatment.
We may also process your data for other purposes such as:
Complying with our legal obligations
Processing your payments and fees
Answering your enquiries
Responding to complaints
Informing you of our services and prices and occasional offers
4. Why we process your data
We process your data on the following bases:
Because you have given us your written Consent
Because we are providing services to you through a Contract
Because we may have a Legal obligation to do so
5. How we will communicate with you
For any direct “marketing” communications about our campaigning we will only contact you via email, text, or telephone if we have your permission to do so. You may at any time update your preferences or withdraw permission by telling us, emailing us, writing to us, telephoning us, texting us or by logging onto your Jelly account online.
You may also see campaigning online and on some social media sites if you have interaction with us before.
6. How we Protects Children’s privacy
No information will be gathered about a child under the age of 14 except with the written consent of a parent or guardian. Information gathered in relation to young persons between the ages of 14 and 18 will require the written consent of both the young person and their parent or guardian.
7. How you can affect the way communicates with you
When you Complete the client details sheet, you will see that we ask for your preferences about contact. If we need to speak to you we will phone, if you give us permission we will send you texts, or very occasionally emails.
You can unsubscribe from contact at any time (see 5 above) and any text you receive has the option to simply respond with the word stop and you will be unsubscribed.
If you would like to:
a) Review the data we hold which relates to you
b) Request we supply you with your data
c) Request that we delete your data
d) Update your data
e) Make a complaint about our management of your data
Please write to Andrea Bradley at the address above.