Privacy Policy
This privacy policy is in accordance with the General Data Protection Regulations (GDPR) of May 2018.
How I use your information
I take my role in protecting the personal data of my clients seriously. All personal information and photographs I gather from acupuncture and face-reading clients are used solely in relation to your acupuncture treatments or face readings.
From time to time, I would like to provide you with information, services or products regarding my acupuncture and face-reading practice. I aim to contact, via email, only those who have expressed an interest in and consented to receiving such information. You can opt out of receiving these emails at any time.
I never pass on personal data to third parties for marketing purposes.
I do ask all acupuncture clients for your GP’s details, but would only contact your GP in the event of a referral if you had first given me consent to do so.
If you are transferring to another acupuncture practitioner and would like me to share information from your treatment records with them, I would first need your consent.
The only exception to passing on personal data to third parties not mentioned above would be in the unlikely event I were required by law to do so.
How I protect and store your information
Acupuncture clients
All the information you share as my client during acupuncture appointments is recorded on paper and added to your file. Any personal information you share with me electronically is printed out or noted and added to your private file.
Face-reading clients
For face readings, any personal information you share with me via email is printed out and added to a file I create for you. Emails are deleted after our communications end. Personal information includes your name, email address, date of birth and any other sensitive information you choose to share with me. I apply the same level of privacy, protection and security to all clients, whether you are based in Britain, Europe or elsewhere in the world.
All paper files are stored in filing cabinets to which only I have access. My mobile phone is protected by a pin, and computer by a password. I am unable, however, to send or receive encrypted emails, so clients need to be aware that emails might not be protected in transit. I do have an SSL (security layer denoted by https) on my website and email.
Any photographs that face-reading clients send me electronically are downloaded by me to my computer for the sole purpose of writing your face reading. I keep an electronic copy of your email face reading, and/or a printed copy in your paper file, as well as the photographs you send me, solely for reference, in case you have any further questions or return for further face readings.
How long I store your data for
I keep acupuncture and face-reading files for up to seven years maximum, dated from your last appointment, in line with standard healthcare and accountancy practice. I keep them solely for reference in case you return to me for further sessions, questions or readings.
If you are no longer a client, you can request at any time that I delete your data. At that time, I will destroy your paper file, and delete all emails, photographs and electronic documents from you containing personal information.
PayPal and Google Analytics
For email face-reading clients, once you have been transferred to the PayPal site for payment, please note that I cannot be responsible for the protection and privacy of any information you provide while on the PayPal site.
PayPal provides me with the names, addresses and email addresses of clients who have paid for face readings via my website. I only use your name in relation to accountancy purposes, and do not share your details with any third party.
Google Analytics provides me with basic generalised anonymous data on visitors to my website, including country location, how many times someone has visited my site, which pages they have visited and for how long. I am provided with no personal data from Google Analytics and regularly monitor the Google Analytics privacy settings for my site to ensure they’re on the tightest settings.
Your rights
According to the GDPR, you have a right to request:
- Access to the personal information I hold about you, which I will provide you within 30 days.
- Not to be contacted regarding my acupuncture and face-reading practice, services or products.
- To have your personal data either deleted if electronic or destroyed if on paper. I would only retain essential information in the event of a legal case.
- If you wish to exercise any of these rights, please email me at saffron@saffronellidge.com.
ICO registration
I am registered with the Information Commissioner’s Office (ICO), the UK’s independent body set up to uphold information rights: www.ico.org.uk. In the unlikely event that I suffer a data breach via my computer or filing cabinets, I am legally obliged to notify the ICO, and any clients whose critical data has been affected, within 72 hours.