This privacy notice sets out how the Sole Trader, Livia Zoller collects, processes and protects any information that you provide in accordance with the General Data Protection Regulation (GDPR) that came into force on 25 May 2018.
Livia Zoller is committed to ensuring that your privacy is protected. Should you provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy statement. Livia Zoller may amend this policy by updating this page, and you should check this page from time to time to ensure that you are happy with the changes.
This policy is effective from 01 May 2018, and was last updated on 28 May 2018.
This notice does not provide exhaustive detail. If you require any additional information or explanation, please send request to firstname.lastname@example.org.
Livia Zoller, Sole Trader is the data controller and is responsible for your personal data (will be referred to as “we”, “us” or “our” in this privacy notice).
What We Do
We provide holistic and complementary therapies including but not limited to nutritional therapy, naturopathic medicine, and energy therapy to clients who want to improve their physical, mental and emotional health. We operate as a "health or health-related professional" and focus on preventative healthcare, the optimisation and management of chronic conditions and mind-body-soul balance. Through our therapeutic interaction with you, we aim to understand the underlying causes of your health issues which we will seek to address either through personalised nutrition programmes, nutraceutical recommendations (supplements), lifestyle advice, holistic and complementary therapies, mind-body-soul approaches or the combination of these. We provide these services within the scope of our practice and qualifications. We don't treat, diagnose or cure medical conditions and don't give advice on prescribed medication. Our approach is holistic and complementary to your health and can be applied alongside conventional treatment methods.
What Data We Collect
PERSONAL DATA PROVIDED BY YOU
Personal data means any information that can directly or indirectly identify an individual. It does not include anonymised data.
We may collect the following personal data from you:
- identity data such as your full name, maiden name, marital status, title, date of birth and gender.
- contact details such as your billing address, delivery address, email address, telephone numbers, and contact details of your next of kin.
- details of contact we have had with you such as referrals and appointment requests.
- GP's name, address and contact information.
- financial data such as bank account and payment card details.
- transaction data such as details about payments between us.
- feedback regarding our services.
- marketing data.
We collect and process these data in accordance with the "legitimate interest" condition. This means that the lawful basis of our holding your personal data is for legitimate interest.
SPECIAL CATEGORY DATA/SENSITIVE DATA
Special category data is personal data which according to the GDPR is considered more sensitive and therefore needs more protection.
Such data includes details about your race or ethnic origin, religious views and beliefs, sex life or sexual orientation, political opinions, trade union membership, information about your health and genetics and biometric data.
We collect the following sensitive data about you:
- health information provided by you including your previous and present medical history covering your physical and mental health, and details of diagnosed conditions.
- dietary and lifestyle habits and supplementation details.
- details on your past and present medication.
- copies of NHS or private medical test results such as blood tests, x rays etc. provided by you.
- third party/functional biochemical test results and genetic information.
- clinic notes and health improvement programmes.
We use this information in order to provide you with direct healthcare. Even though, we may seek your explicit consent for processing, our primary condition for processing is "preventative healthcare and health management", and the the lawful basis of our holding your personal data is for legitimate interest.
On occasions, we may also obtain sensitive data from other healthcare providers or individuals authorised by you to give out such information. The provision of this information is subject to you giving us your express consent. If we do not receive this consent from you, we will not be able to coordinate your healthcare with these providers.
We also understand that collecting, processing and holding your special category data requires us to comply with the "common law of confidentiality", independently of the GDPR regulations.
How We Collect Your Personal Data
We may collect your personal data in the following ways:
- by completing a health, medical and lifestyle questionnaire.
- by signing a terms of engagement form if applicable.
- during a personal one-on-one consultation.
- through email, Skype, telephone, post, online chat or social media.
- by completing surveys.
- by taking debit/credit card and online payment.
- through automated technologies such as cookies.
Our purpose of collecting your data through the above ways is to provide you with direct healthcare, and the legal basis of our holding your personal data is for legitimate interest.
How Long We Hold Your Data
Following completion of your therapy, we will hold records of your personal data for at least 7 years following the last occasion on which treatment was given. In the case of treatment to minors, we will keep the records at least 7 years after they reach the age of majority (18).
This is in accordance with our professional association's and insurance company's policy, and it enables us to process any complaint you may make. In this case the lawful basis of our holding your personal data is for legitimate interests.
You have the right to object and the right to request your data to be erased. However, such requests will be declined under provisions of the GDPR which gives us the overriding right to hold your data in order to comply with legal obligations.
How We Use Your Personal Data
We act as a data controller for use of your personal data to provide direct healthcare. We also act as a controller and processor in regard to the processing of your data from third parties such as functional testing companies, supplement companies and other healthcare providers. We act as a data controller and processor in regard to the processing of debit/credit card and online payments.
We undertake at all times to protect your personal data, including any health, medical, identity and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data storage.
We may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime. We will do this in accordance of the "vital interest" condition. We will also be obliged to share your data when there is a legal requirement such as a formal court order. This will be on the basis of "legal obligation". We may use your data for marketing purposes such as newsletters but this would be subject to you giving us your express consent.
Disclosure Of Your Personal Data
We will keep information about you strictly confidential, and will not disclose your data with other third parties without your express consent.
Exceptions to this apply for the following categories of third parties:
- Our professional association we are a member of and our insurance company for the processing of a complaint made by you.
- Biochemical/Functional testing companies and supplement companies as part of providing you with direct healthcare.
- Your GP, healthcare providers, police, social services in a case when we believe your life is in danger on the lawful basis of vital interest.
- Anyone to whom we may transfer our rights and duties under any agreement we have with you.
- Any legal or crime prevention agencies and/or to satisfy any regulatory request if we have a duty to do so or if the law allows us to do so.
On occasions, we may share a brief summary of your health problems in an anonymised form for the purpose to seek professional health opinion in order to provide you with better healthcare, or for the purpose of professional development. This may be at clinical supervision meetings, conferences, private and professional health online forums. In such cases your personal data and identity will not be disclosed and will remain fully confidential.
We may publish your anonymised full case history in medical journals, trade magazines or online professional sites. We will seek your explicit consent before processing your data in this way.
Your Legal Rights
Every individual has the right to see, amend, delete or have a copy of data held that can identify you, with some exceptions. You do not need to give a reason to see your data.
The GDPR defines the following rights in relation to your personal data:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling (not relevant to us)
If you would like to invoke any of the above rights then please email the Data Controller at email@example.com. We shall respond within 30 days from the point of receiving the request and all necessary information from you.
Under certain circumstances, some information may be withheld.
Data Protection And Security
We only use information that may identify you in accordance with the GDPR. This requires us to process personal data only if there is a lawful basis for doing so and that any processing must be fair and lawful.
We have put in place appropriate security measures to prevent your personal data from being accessed, changed or used in an unauthorised way. We keep a paper copy of your personal data, including sensitive data in a secure filing system accessible only by us. We may also keep a copy of such data electronically on a laptop with encryption (which masks data so that unauthorised users cannot see or make sense of it). We use email providers who use encryption to secure cyber transit of your personal data and we take responsibility for the protection of your data upon receipt. However, we do not take responsibility for the security measures you are taking at your end when you provide your data to us electronically.
We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
Cookies are small pieces of data stored in encrypted text files and located in browser directories. Their purpose is to make the website easier to use, help analyse web traffic or remember your preferences either for a single visit (through session cookies) or for repeated visits (through persistent cookies).
To find out more about how to manage and delete cookies, visit aboutcookies.org. For more details about advertising cookies, and how to manage them, visit youronlinechoices.eu (EU based), or aboutads.info (US based).
We do use electronic forms on our website making use of an available ‘forms module’ which has a number of built-in features to help ensure privacy. We also aim to use secure forms where appropriate.
If you have a complaint regarding the use of your personal data then please email us at firstname.lastname@example.org and we will do our best to help you.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 1231113.