Ann's Natural Touch

It is my policy to collect, process and share your Data provided to me by you in order to carry out the services requested by you and any contact in relation to those services only. Your Data will not be used for any other purposes other than those explicitly stated in this policy or requested by you in your dealings with us.

This Privacy Policy describes how I collect, use, protect, process and share your personal data (Data) when you book appointments directly with me and avail of treatments with me or otherwise interact with us.

Ann's Natural Touch’s Privacy Policy does not apply to the information processed by third parties on behalf of Ann's Natural Touch, however I have reviewed their Privacy Policies and am happy that they meet General Data Protection Regulations 2018 (GDPR) standards.

I may update this Privacy Policy at any time to ensure I can carry out the services I provide in the most effective and efficient way possible. If I make changes I will notify you by revising the date on my published document on my website and in clinic, or for more substantial changes by contacting you via email or text to seek consent.

1. The identity of the controller.

You are hereby informed that the Data that you provide is collected, used, protected, processed and shared by the owner, Ann Kelly.

2. Collection of Data

I may collect Data about my clients, prospects and visitors.

Your Data is collected when you contact me via email, phone or in person.

Data I collect fall into the following categories:

Identification information
Contact information
Medical information
Transaction history
CV’s

These Data am gathered directly from you via direct communication with me, i.e. client intake form, emails, phone calls, transactions.

2.1. Information you provide to me

I process Data you provide directly to me, in particular when you complete a client intake form.

For example, I collect Data when you create a booking, apply for a job, request customer support or otherwise communicate with us.

The Data may include the following data as well as any other type of information that I specifically request you to provide to me through my client intake forms, such as:

Names
Address
Date of Birth
Phone no
Email
Doctor’s details
Emergency contact details
Medical history
Treatment notes
Transaction history
CV’s

3. How I use the Data

I may use information about you for the following purposes:

provide, maintain and improve my services
provide and deliver the service you request, process transactions and send you related information including confirmations and invoices
in the case of emergency contact details, to hold and act on that data only where it is warranted to serve the vital interests of one of my clients who has provided your details
send you technical notices, updates, security alerts and support and administrative messages
respond to your comments, questions, requests and provide customer service
monitor and analyse trends, usage and activities in connection with my services
personalize and improve the services I provide

According to the GDPR, each Data processing is performed on one of the following legal bases:

your consent
the performance of the service requested by you

4. How I share your Data

I share some of your Data with Gmail for business, in order to provide customer service relating to my business.
In response to a request for information if I am required by, or believe disclosure is required by any applicable law, regulation or legal process, including in connection with lawful requests by law enforcement, national security, or other public authorities, with the proper authority to submit such a request.

5. The period of Data retention

My insurance providers require me to retain all records for a period of 7 years after the last appointment, or in the case of minors, for 7 years after their 18th birthday. I work off this for all data.

6. Data transfer

Upon receiving a written request from you seeking Data transfer, I will provide a hardcopy copy of your original treatment notes with no alterations from the original. These will be handed in person or send by registered post.

7. Data amendments

Upon receiving a request from you in regards to updating Data held by us, I will seek to correct my records at the earliest possible time.

8. Security

I am committed to taking appropriate measures designed to keep your Data secure. My technical, administrative and physical procedures are designed to protect Data from loss, theft, misuse and accidental, unlawful or unauthorized access, disclosure, alteration, use and destruction. I follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received.

9. Your rights

Under the General Data Protection Regulations 2018 (GDPR) individuals have the significantly strengthened rights to:

obtain details about how their data is processed by an organisation or business;
obtain copies of personal data that an organisation holds on them;
have incorrect or incomplete data corrected;
have their data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the data;
obtain their data from an organisation and to have that data transmitted to another organisation (Data Portability);
object to the processing of their data by an organisation in certain circumstances;
not to be subject to (with some exceptions) automated decision making, including profiling.

10. In the event of a Breach

Every precaution will be taken to avoid a breach of your Data, but if such a breach should occur, it will be documented, assessed as to its severity and appropriate action taken. The Data Protection Commissioner will be informed, An Garda Siochana and financial institutions will be contacted for assistance and you will be contacted to help you take steps to mitigate the risks to yourself, if it is deemed a severe enough breach as to put you, your identity, your financial means etc. at risk.