Privacy Policy
This Privacy Policy statement explains the data processing practices of Eri Ito. It is to explain why I collect your personal data, what I do with it, and to ensure I am working in accordance with the new EU General Data Protection Regulation (GDPR). If you have any requests concerning your personal information or any queries with regard to these practices please contact our Privacy Officer by e-mail.
-
Eri Ito takes the privacy of its users seriously. I am committed to safeguarding the privacy of our users while providing a personalised and valuable service.
-
My site contains links to third party sites which are not subject to this privacy policy. We recommend that you read the privacy policy of any such sites that you visit.
Information Collected
-
Personal information is collected by Eri Ito for and on behalf of Eri Ito only.
-
All information provided will be treated as confidential and will not be given to any other person/organisation without the patient's written consent.
-
As part of the Patient Record, Eri Ito is required to retain information for the purpose of consultation for treatment and recording subsequent treatments.
-
I collect personally identifiable information about you (your "Data") through:
-
the use of enquiry and registration forms
-
when you purchase any of our services
-
the provision of your details to us either online or offline
Why I collect your data:
When you supply your personal details to me, when we communicate by email or text, and when I take notes in the clinic, this information is stored and processed for three reasons in line with the GDPR requirements:
-
I need to collect personal information about your health in order to provide you with the best possible treatment—your request for treatment and our agreement to provide that care constitutes law an (unwritten) contract.
-
I have a legitimate interest in collecting that information. Because without it, I could not practice acupuncture effectively and safely.
-
I keep records of your contact information because I think it is essential to contact you to confirm your appointments with me.
How the data is stored:
-
After you complete and submit the Patient Details Form, Data Protection and Consent Forms online, all the information will be electronically stored in a secure practice management software called Cliniko (https://www.cliniko.com). The software can be accessed via online either on a password-protected computer, iphone or iPad.
-
Your clinical records are scanned or stored on a web-based cloud (Cliniko) on a computer or retained as paper records in a secure cabinet in my home, for as long as you remain a patient of the clinic, and after that for a period of 7 years. After this period I will delete your records.
-
Information held both manually and electronically in files will be accessible only by myself directly involved in the data entry and processing of patient records.
-
Text messages are stored on a password-protected phone.
Security Policy:
Eri Ito has appropriate measures in place to ensure that our users' Data is protected against unauthorised access or use, alteration, unlawful or accidental destruction and accidental loss. User Data may be transferred outside Eri Ito to data processors such as fulfillment houses but they will act only on our instructions to provide the services required.
-
I will never share your information with anyone who does not have a legal right to access without your written consent.
-
In line with the Data Protection (1998) Act, details of consultations and treatment can only be released to third-party medical and health practitioners with the patient's specific written permission.
User Access and Control of Data:
-
You have the right to see what personal data of yours I hold, and you can also ask me to correct any factual errors. I am legally required to respond to a patient's request to see their personal data within a timescale of 30 days.
-
If you wish to amend any of the Data which we hold about you, or update your marketing preferences, please contact us. In accordance with the Data Protection Act 1998, you may request a copy of the personal information we hold about you by contacting the Privacy Officer by e-mail. We may charge the statutory allowable fee for provision of this information.
You can raise any concerns directly with the Information Commissioner’s Office on https://ico.org.uk/concerns/
Transfer of Data
-
The Internet is a global environment. Using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Therefore, by browsing Eri Ito's Sites and communicating electronically with me you acknowledge and agree to our processing of personal data in this way.
-
By agreeing to our transfer of your Data to third party organisations for them to send you details of products and services offered (as detailed above) you are deemed to provide your consent to any transfer of your Data to organisations based outside the European Economic Area.
Children Under 14
-
I do not intentionally collect any information on children under 14 years of age.
-
I will undertake to delete any details of such users where a parent or guardian has notified us that any such details have been obtained.
Changes to this Policy
This policy is effective December 2011. From time to time I may make changes to this privacy policy statement to reflect any changes to our privacy practices in accordance with changes to legislation, best practice or website enhancements.