Privacy Notice

 

1.      Purpose

This is the Privacy Notice for White Lotus Wellness which applies to users of our website: prospective, existing and former patients of White Lotus Wellness; and subscribers to our newsletter (collectively “Users”). The purpose of this Privacy Notice is to inform Users of how we hold and process their Personal Data.

Our Data Protection Officer can be contacted by email.

 

2.      Definitions

Criminal Offence Data: data relating to an individual’s criminal convictions and offences, which includes details of any criminal allegations, investigations and proceedings.

Data Controller: the individual or organisation that determines the purposes and means of processing Personal Data. For the purposes of this Privacy Notice the Data Controller is Hina Patel.

ICO: the Information Commissioner’s Office which is the UK's independent body set up to uphold information rights.

Personal Data: information which relates to a living individual who can be identified from that data, either by that information alone or in conjunction with any other information in the Data Controller’s possession or that is likely to come into their possession. Personal Data includes Special Category Personal Data and Criminal Offence Data.

Process or Processing: any activity that involves the use of Personal Data, including collecting, storing, retrieving, amending, disclosing to third parties, erasing, or destroying Personal Data. 

Special Category Personal Data: information that reveals any of the following in relation to an individual: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data; biometric data; health conditions; sexual life; or sexual orientation.

 

3.      How we Process Personal Data

We ensure any Personal Data that we Process is:

  • collected and stored for a legitimate purpose only;

  • kept up-to-date;

  • stored securely;

  • not retained for longer than is necessary or beyond what is required by law or a relevant professional body;

  • protected from loss, misuse or unauthorised access;

  • destroyed securely; and

  • not shared with third parties without your consent.

Depending on the nature of your relationship with us, your Personal Data will be Processed as set out below in sections 4 to 6.

 

4.          Personal Data held for prospective, existing and former patients

Your request to receive treatment by us and our agreement to provide that care constitutes in law an (unwritten) contract.

We use your name, telephone number and email address to allow you to make or rearrange appointments.  We use a third-party provider to allow patients to make or rearrange appointments.

We use details of your presenting complaint and symptoms and relevant medical and family history reported by you to us for the purposes of making a full traditional diagnosis, formulating a treatment strategy and treatment planning in order to provide you with the best possible treatment.

We keep a record of your treatments, details of progress of your case and any advice given to you for a period of seven years following your most recent appointment (or once you have reached age 25 if longer). 

We keep a permanent attendance register which records all appointments for patients attending our clinic to secure potential evidence in the event of criminal prosecution, civil litigation, insurance claim or complaint to my regulatory body.

We keep a record of all payments made by each patient for accounting and tax purposes.

We will use your GP’s name, telephone number or address in the event that we need to contact your GP either due to an emergency or because we are required to refer your case to your GP for medical purposes.

Provided we have your consent (which includes verbal consent), we may send you health information by email in the form of articles or advice. You may withdraw this consent at any time.

In the event of an adverse incident occurring to any of our patients, we report the matter to our professional body and insurance company to deal with any potential claims.

 

5.          Personal Data held for subscribers to our newsletter

We maintain and use records of subscribers to our newsletter with the express consent of the subscriber for marketing purposes only.

We will only hold your first name, last name and email address. This data will only be used for the purpose of sending you our newsletter, which will be distributed using a third-party provider.

You can withdraw your consent to receiving our newsletter at any time by contacting us.

 

6.          Personal Data held for users of our website

For anyone who visits our website, we use a third-party service to collect standard internet log information and details of visitor behavioural patterns. We collect such data to monitor the number of visitors to our website and how our website it used. This information is processed in a way which does not identify any individual. We do not make, or allow the third-party provider, to make any attempt to find out the identities of those visiting our website.

We may use website cookies to improve the user experience of our website by enabling our website to ‘remember’ users, either for the duration of their visit (using a session cookie) or for repeat visits (using a persistent cookie).

Website search queries and results are logged anonymously to help us improve our website and search functionality. No data which identifies an individual is collected by us or any third-party.

We use a third-party provider to help maintain the security and performance of our website who processes the IP addresses of visitors to our website.

We use a third-party provider to host our website. They collects anonymous information about user activity to monitor and report on the effectiveness of our website and to help us improve it.

 

7.          Storing your Personal Data

Your Personal Data will only be held for as long as reasonably necessary to fulfil the purpose for which it was collected.  Patient records will be kept for a period of seven years following your most recent appointment (or once you have reached age 25 if longer). Following this, your Personal Data will be securely destroyed.

Your Personal Data will be stored securely on either a password protected device or, if held in paper form, in a locked cabinet. 

 

8.          Sharing your Personal Data

Your Personal Data will be treated as strictly confidential and will only be shared when necessary with:

  • an acupuncture supervisor/mentor (with your personal details being removed) to seek advice on your case;

  • named third parties with your explicit consent;

  • a relevant authority, such as the police of a court of law, if necessary for us for us to comply with a legal obligation;

  • your doctor or the police if necessary to protect your or another person’s life;

  • the police or a local authority for the purpose of safeguarding a child or vulnerable adult;

  • any relevant professional body or insurance company in the event of a complaint or legal or insurance claim;

  • my solicitor or any member of my legal team in the event of an investigation or legal proceedings brought against me; or

  • professional advisers or third party suppliers which we engage with for the purposes of conducting our business, such as banks, payment providers, regulatory bodies and accountancy firms.

 

9.          Your rights in respect of your Personal Data

You have the following rights in relation to your Personal Data that we hold:

  • Access: you have the right to access information and copies of the Personal Data that we hold about you.

  • Rectification: you have the right to have any inaccurate or incomplete Personal Data we hold about you corrected.

  • Deletion: you have the right to request that your Personal Data be deleted in specific circumstances, such as in the event that it is no longer necessary for us to hold your Personal Data in relation to the purpose for which it was originally collected or Processed. It therefore may not always be possible for us to delete all your Personal Data.

  • Restrict Processing: you have the right to restrict that your Personal Data be Processed in specific circumstances, such as in the event you contest the accuracy of your Personal Data.

  • Object to Processing: you have the right to object to the Processing of your Personal Data in specific circumstances and have an absolute right to object to your Personal Data being used for direct marketing.

  • Data portability: you have the right to request that we transfer any Personal Data that you gave us to another organisation or to you.

If you wish to exercise any of these rights, please contact us. You will not have to pay a fee when exercising any of your rights, however we may charge a reasonable fee if your request is proven to be unfounded, repetitive or excessive.  Alternatively, we could refuse to comply with your request in such circumstances.

We aim to respond to all legitimate requests within one month, however it could take us longer if the request is complex. In this instance, we will keep you notified of when your request will be processed.

 

10.       Making a complaint

If you have any complaints regarding the Processing of your Personal Data, please in the first instance contact us so that we can address your concerns directly. However, you can raise the complaint directly with the ICO whose contact details are available at on their website.