PRIVACY POLICY
This Privacy Policy explains why I collect information about you and how that information may be used.
How I Use Your Personal Information
I will record your health information as part of the consultation that takes place. This includes if you just drop in and see me for a chat. The records may be electronic, on paper or a mixture of both. I use a combination of working practices and technology to ensure that your information is kept confidential and secure. The personal information I process will be provided to me directly by you.
Records I may hold about you may include the following information;
-
Details about you, such as your name, address, carers, legal representatives and emergency contact details
-
Any contact I have had with you, such as appointments, clinic visits, emails and telephone calls, etc.
-
Notes and reports about your health
-
Details about your treatment and care
-
When provided by you, results of investigations such as laboratory tests, x-rays, etc.
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public. Where I do this, I take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested/used for research purposes – I will always gain your consent before releasing the information for this purpose.
​
Your name and address will be used to deliver your order via Royal mail.
Your email address will be used for communication about your appointment times and treatments. If you join the mailing list, I will also use your email address to inform you of upcoming events and blog posts.
Your payment details: All payment information is handled by professional payment portals: Wix and SumUp. No credit card information is stored on the premises. Credit card details are encrypted, and once used, are no longer accessible. For their privacy policies, see their individual websites.
​
I review these procedures and the data I hold on patients on an annual basis.
​
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases I rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time (see below).
(b) I have a legal obligation.
How I Maintain the Confidentiality of Your Records
I am committed to protecting your privacy and will only use information collected lawfully in accordance with:
-
Data Protection Act 1998 and General Data Protection Regulation 2016
-
Human Rights Act 1998
-
Common Law Duty of Confidentiality
-
Health and Social Care Act 2012
-
My insurance policy as a Medical herbalist
Your information is securely stored for a minimum of seven years. Electronic information is stored on password protected devices. Hard copy material is stored in a locked cabinet on my private property. I will dispose of your information by electronic deletion and the shredding of hard copy materials.
​
I will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.
​
Withdrawal of Consent
In order for me to keep your data I need your consent. This takes the form of a consent form that you will be asked to read and sign. You have the option to withdraw your consent at any time by contacting me via email or post.
Access to Personal Information
Under data protection law you have a right to request access to view or to obtain copies of the information I hold about you. You have the right to ask me to rectify personal information you think is inaccurate. You also have the right to ask me to complete information you think is incomplete. In order to request this, you need to do the following:
-
Your request must be made in writing.
-
There may be a charge to have a printed copy of the information held about you.
-
I am required to respond to you within 40 days
-
You will need to give adequate information (for example full name, address, date of birth and details of your request) so that your identity can be verified and your records located.
Objections and Complaints
Should you have any concerns about how your information is managed, please contact Anneliese Lambeth-Mansell. If you are still unhappy following a review by Anneliese Lambeth-Mansell, you can then complain to the Information Commissioners Office (ICO) via their website (www.ico.gov.uk).
​
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
​
If you are happy for your data to be extracted and used for the purposes described in this privacy policy then you do not need to do anything. If you have any concerns about how your data is shared then please contact Anneliese Lambeth-Mansell.
Change of Details
It is important that you tell me if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform me of any changes so my records are accurate and up to date for you.
Notification
Data Protection law requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.
​
This information is publicly available on the Information Commissioners Office website www.ico.org.uk. I am registered with the Information Commissioners Office (ICO).
Additional information for website policy
Website Policy
Newsletter subscription
When you receive a newsletter, your personal data is held by the third party that I use for sending these mailings (Wix). You can view their privacy policy on their website. At any time if you would like to unsubscribe from receiving future emails, we include unsubscribe instructions at the bottom of each email.
​
Use of Cookies
A cookie consists of information sent by a web server to a web browser, and is stored by the website visitor’s browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track how the web browser is using our website.
​
This website uses cookies to monitor its visitors to better understand how they use it. Tracking software allows me to understand things such as which pages a visitor views, for how long and how a visitor came to the website (from which source e.g. Google, Facebook, Instagram). Without these cookies, this understanding and some functionality on the site may be lost. Cookies also allow us to better the users experience while visiting the website.
You have the option to disable cookies on this website via the pop-up cookie banner.
​
Google Analytics
I use Google Analytics to help me understand how my website is being used so that I can improve it and my services. Google Analytics generates statistical and other information about how websites are used by using cookies which are stored on users’ computers. Google will store this information. You can find their privacy policy and more detail about the information they collect on their website. Most browsers allow you to refuse to accept cookies.
Who is the Data Controller?
The Data Controller, responsible for keeping your information secure and confidential is:
Anneliese Lambeth-Mansell, Bsc (Hons), MSc, Dip Med.Herb., MNIMH.
Complaints