1.1 I am committed to safeguarding the privacy of my website visitors and service users.
1.2 This policy applies where I am acting as a data controller with respect to the personal data of my website visitors and service users; in other words, where I determine the purposes and means of the processing of that personal data.
2. How I use your personal data
2.1 I may process data about your use of my website and services, including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is my analytics tracking system (Google Analytics). This usage data may be processed for the purposes of analysing the use of the website and my services for legitimate interests, namely monitoring and improving my website and services.
2.2 I may process information contained in or relating to any communication that you send to me. This may include the communication content and metadata associated with the communication.
2.3 I may process your account data, which may include your name, email address, postal address, contact phone number and the name of a medical practice where you are registered. The source of this account data is you. The account data may be processed for the purposes of providing my services and communicating with you. Your information is stored securely for use only in the event of need. I use email and text based messaging services as my primary means of communication about practical matters not dealt with during sessions, such as arranging session times. I do not refer to or discuss matters pertaining to the content of sessions by these means. I do not record sessions. Any written notes I take about the content of sessions are made on paper form, stored and disposed of securely.
2.4 I will not share your personal data with others under any normal circumstance. In exceptional circumstances where safeguarding of you or someone else is a concern, I may seek to communicate with your GP or named emergency contact; I will only take this step with your knowledge. I may also share your information where required by court order, or where otherwise legally obliged to do so or for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is my legitimate interests, namely the protection and assertion of my legal rights, your legal rights and the legal rights of others.
2.5 Financial transactions relating to my services are or may be handled by my payment services provider (currently NatWest Bank and PayPal). I share transaction data with my payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
3. Retaining and deleting your personal data
3.1 Personal data that I process for any purpose shall not be kept for longer than is necessary for that purpose. The period of retention of account data will be determined based on what is considered reasonable. To ensure I can meet any legal or insurance related obligations to which I may be subject, this period shall not normally be less than three years or more than seven years.
4.1 I will review this policy at least annually and may update it from time to time as I revise relevant policies and systems, by publishing a new version on our website.
5. My details
5.1 This website is owned and operated by Melissa Dunlop
5.2 If you have any queries about this policy you can contact me by email using the email address published on my website: firstname.lastname@example.org.