Purpose of privacy notice
Sacred Guide is the data controller: contact details Jean Hammond, jeanie@sacredguide.co.uk. This means we decide how your personal data is processed and for what purposes.
The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the GDPR). This legislation has replaced the previous data privacy law, giving more rights to you as an individual and more obligations to organisations holding your personal data.
One of the rights is a right to be informed about how we use, share and store your personal information.
This privacy notice applies to information we collect from patients and participants of courses, workshops and other group activities (shortened to “patients and participants” from here on), as run by Whitegold Discovery:
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. Examples of personal data we may hold about you include your contact and appointment details.
Special category data is a sub-category of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Examples of special category data we may hold about you include your patient notes.
We comply with our obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the purposes set out below.
Sections 1 – 15 apply to our patients and participants, prospective patients participants, former patients and participants of Whitegold Discovery (Also, please state how you store and transport your records: paper or electronically.)
Section 16 applies to those who complain about our services (please delete all sections that do not apply to your practice or amend those that need amending)) (Also, please state how you store and transport your records: paper or electronically.)
help the
British Acupuncture Council to develop its safe practice guidelines, as well as
providing research data and information for the BAcC’s insurers and other interested
parties.
19. When we receive a complaint from a person we make up an electronic or paper file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis. We may need to provide personal information collected and processed in relation to complaints to the British Acupuncture Council or our insurance company.
We will keep personal information contained in complaint files, electronically or in paper form, in line with our retention policy. This means that information relating to a
|4
complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
Sections 17 and 18 apply to subscribers to our newsletters (please delete all sections that do not apply to your practice or amend those that need amending)) (Also, please state how you store and transport your records: paper or electronically.)
20. We maintain and use electronic records of subscribers to our newsletters, only with their consent, for marketing purposes.
Sections 19 – 23 apply to our website users (please delete all sections that do not apply to your practice or amend those that need amending)) (Also, please state how you store and transport your records: paper or electronically.)
21.
When someone visits
our website
we may use a third party service, Google
Analytics, to collect standard internet log information and details of visitor behaviour
patterns. We do this to find out things such as the number of visitors to the various
parts of the site. This information is only processed in a way which does not identify
anyone. We do not make, and do not allow Google to make, any attempt to find out
the identities of those visiting our website. If we do want to collect personally
identifiable information through our website, we will be up front about this. We will
make it clear when we collect personal information and will explain what we intend to
do with it.
22. We may use website cookies to
23.
24.
cookie’ – or for repeat visits – using a ‘persistent cookie’.
improve user experience of our website by enabling
our website to ‘remember’ users, either for the duration of their visit – using a ‘session
Search queries and results may be logged anonymously to help us improve our
website and search functionality. No user-specific data is collected by us or any third
party.
We use a third party service Ethical Internet to help maintain the security and
performance of our website. To deliver this service it processes the IP addresses of
visitors to our website.
25.Out website, whitegolddiscovery.co.uk, is powered by WordPress (https://wordpress.com) and hosted at Ethical Internet (https://ethicalinternet.co.uk/). We do all content management and design ourselves with use of standard tools and plugins provided through WordPress or Ethical Internet. We may use standard tools
|5
provided through WordPress or Ethical Internet to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it.
Sections 24 to 28 apply to job applicants, current and former employees (please delete all sections that do not apply to your practice or amend those that need amending) (Also, please state how you store and transport your records: paper or electronically.)
26. We are the data controller for the information job applicants provide during the process.
27. If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre- employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide:
|6
28. If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any references.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the recruitment process.
Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the recruitment process.
29. All of the information gathered during the application process is taken into account to make final recruitment decisions.
30.You are able to ask about decisions made about your application by speaking to (insert name) or by emailing (insert email address).
Sharing your personal data
Your personal data will be treated as strictly confidential, and will be shared:
For further details about the situations when information about you might be shared please see the Information Commissioner’s website at https://ico.org.uk/for-the-public/personal- information/sharing-my-info/
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary.
|7
We keep patient and participant records for a period of 7 years in accordance with the British Acupuncture Code of Professional Conduct https://www.acupuncture.org.uk/public- content/effective-practice/bacc-professional-codes.html and to meet tax and insurance requirements.
We keep employee records until the end of the tax year following employment termination, or for the duration of pending disputes.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have certain rights with respect to your personal data as set out below.
For further details about these rights please see the Information Commissioner’s website at
https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
Further processing
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Website by Trish Fitzroy. © Jean Hammond 2023.