Part 1: Data We Hold
Client Sensitive Data
What do we hold? We hold client date (personal information, notes, test results etc.)
Why do we hold it? To enable us to use and recall client-centred information in and around their consultations and treatments
For how long? For the period we are actively working together + 12 months
What happens next? After this period hard data (paper files) will be shredded and soft data will be deleted.
How do we tell them? Upon booking the consultation the prospective client will receive a document by email explaining this and will also be informed at the commencement of the consultation.
Who else might we share it with? No sensitive data is passed onto external contacts. Internally, information may be shared with Melanie Brown associates working directly with the client. For the purposes of on-going CPD, anonymised client data may be shared with a coaching supervisor or the professional bodies of which Melanie Brown is a member
Client Contact Details
What do we hold? We retain client email addresses.
Why do we hold it? To enable me to contact clients regarding their work with me should that be necessary.
For how long? For the period of 8 years.
What happens next? Nothing, unless there is a request to the contrary, in which case we shall comply within 48 hours.
Who else might we share it with? No information is passed onto external contacts. With permission from the client, names, phone numbers or email addresses will be included for referrals from me to internal contacts involved in the care of the client.
Part 2: How do we hold data?
Our digital data is held securely on password-protected computers backed up digitally. Our paperwork is held in locked cabinets.
Part 3: Response Strategy
We will do everything possible to avoid or minimise the impact of any breach of privacy. In the unlikely event of a breach then we commit to:
Within 72 hours, contacting the person whose details have been compromised to inform them of of the nature of the breach informing
- of the information that may have been compromised
- of the actions we are taking
- of how we will keep them up to date
Where appropriate, inform the Information Commissioner’s Office (ICO) of the same.
Part 4: External Parties
All Melanie Brown Nutrition associate consultants/coaches are required to confirm that they are GDPR compliant before working with any client data.
Part 5: Changes to this Policy
Part 6: How to contact us
Everyone has the right to “be forgotten”, to be able to have their information updated and to see what we hold that relates to them. Should anyone need to contact us regarding any of the above or any matter relating to GDPR, we can be contacted on firstname.lastname@example.org. We commit to reply promptly but certainly within one week.