Data controller Sam Marshall Davies, Mob 07775 954478 firstname.lastname@example.org
What data is collected?
Here is a list of what data is most commonly collected. This list is not exclusive:
- Date of Birth
- Email address
- Contact phone number
- Address (for mobile client visits only)
- Lifestyle, to include what exercise you do, stress levels, how well you sleep
- Illnesses or diagnosed medical conditions (past and present)
- Accidents or injuries you have had or have
- Operations you have had
- Current medication
- If you are pregnant
- Any other medically relevant information you may wish to disclose
- Where you are currently experiencing physical and emotional issues that may be linked to diet.
- If you have any mobility issues or restrictions
- Following a session, feedback on diet changes, supplementation and lifestyle.
- Following a session, notes on any identified problem foods, vitamin & mineral deficiencies, test results and recommendations.
- doTERRA sign up documentation only - bank details (not relevant to food intolerance/nutrition testing appointments).
How is it collected?
- Directly from you as part of the consultation process, entering your details on a client consultation form and transferred to a client database, or through the contact forms embedded on the website.
- In clinical notes post treatment, detailing what happened.
Why is this data collected?
- To create an appropriate treatment session or plan which addresses your needs safely without causing further harm.
- To contact you in relation to your appointment.
- For insurance purposes.
- In case of an emergency, where passing relevant medical information to the emergency services could save time.
- For my own security.
- For tax purposes.
- To inform those who have explicitly requested to be on the mailing list of promotions.
- For business intelligence.
Who is your data shared with?
I may share your data with:
- My accountant and HMRC in submitting my accounts and tax records. No sensitive data is shared, only your name is issued.
- Balens Insurance Ltd; my insurance company in the incidence of a claim.
- My husband. As part of my security process access to your contact details is available in case of a breach of my personal safety. No access has been given to your sensitive data (medical information or preferences).
Your rights under the GDPR
- The right to be informed about the use of your personal data and its collection.
- The right of access, namely to see what data is held about you.
- The right to have your personal information corrected if it is inaccurate or completed if information is missing.
- The right to have your personal information erased.
- The right to restrict processing of your personal data.
- The right to move, copy or transfer your personal data.
- The right to object to processing of your personal data.
Third party websites
Well Necessities will retain your personal data for 7 years from your last treatment. This period satisfies the legal and policy requirements which need to be met for HMRC and the insurance company (Balens).
For doTERRA bank records - these will be retained until the registration or order has been processed and then destroyed immediately. No financial data will be stored electronically.
All data is held on cloud storage, encrypted and requires a password or fingerprint to gain access. No data is stored outside of the UK. Paper based consultation forms are stored in a locked metal filling cabinet and will only be removed from this location during a consultation.
Exercising your rights
If you wish to exercise your GDPR rights or in the event that you wish to make a complaint about how your data is handled by Well Necessities please contact Sam Marshall Davies at email@example.com or 07775954478. You can also raise concerns if you believe that your data protection rights have been mistreated with the ICO, an independent body, on 0303 123 1113, to which Well Necessities is registered.
Existing Clients & New Clients
Clients who have seen me prior to the 25th May 2018 will need to sign their consent for me to continue holding their data in accordance to these regulations. You will need to do this at your next appointment, where the forms will be provided or you can download the pdf to print and sign. This can then be scanned and sent to me or brought with you.
New clients will cover this as part of their consultation on their first visit and do not need to prepare anything in advance.