Who I am
My website address is: https://krysaliswellbeing.co.uk
My name is Karen Runacres. I will use my initials for the rest of this document
What personal data we collect and why we collect it
Date of Birth – this occurs during our consultation
Home address – this occurs during our consultation
Medical history – this occurs during our consultation
To this, over time I will add details of the conditions for which you have consulted me and the remedies and other therapies that I have prescribed or recommended
I (KR) use your personal information to analyse the conditions for which you have consulted me and to prescribe remedies and other therapies.
I (KR) will communicate with you by email, other digital methods, by telephone and by post.
When visitors leave comments on the site, we collect the data shown in the comments form, and the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you submit a contact form the following data is collected
Your reason for contacting me
I am obliged to store patient information for seven years. I do not share this or any other information with outside parties.
If you have requested health updates from me, I will use your email address to provide these for you
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
I (KR) use Google Analytics
Who we share your data with
I share information with payment providers PayPal / Izettle
With both companies the data shared would be
Payment method and card details
Link to PayPal
Link to Izettle
How long we retain your data
I (KR) need to keep your information for as long as you continue to consult me. Since patients often return for more consultations after a period of absence, I will keep your information for seven years after your last consultation. in the case of children, seven years after their 18th birthday. At that point, your file will be securely destroyed, and any digital information will be erased from my computer systems.
If you leave a comment on the website, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
My (KR) patients are entitled to request access to the information that is held by myself. The request needs to be received in the form of a written request to me.
On receipt of the request, the request will be formally acknowledged and dealt with within 14 days unless there are exceptional circumstances as to why the request cannot be granted, I (KR) will provide a written response detailing all the information held on my patient. A record shall be kept of the date of the request and the date of the response.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
I (KR) will not disclose any personal information that I hold on you to any unrelated third party except where required by law.
Website visitor comments may be checked through an automated spam detection service.
Your contact information
If you have any concerns with regard to your privacy you can contact Krysalis Well-being on 01726 860572 or firstname.lastname@example.org
How we protect your data
My (KR) patient files are paper-based and are held securely within my consulting room. I (KR) take steps to protect your personal information against loss or theft as well as unauthorised access, disclosure, copying, use or modification.
Your email address is held securely on the servers of my (KR) email providers, currently BT Internet and Google mail.
I (KR) have a responsibility to ensure that data is both securely held and processed. This includes:
using strong passwords for information held within computer systems
restricting access to computer and paper-based files
using password protection on laptops and PC’s that contain or access personal information
using password protection or secure cloud systems
providing adequate virus-protection and firewall software to secure computer-based systems
What data breach procedures we have in place
Were a data breach to occur, action shall be taken to minimise the harm. I (KR) will inform any patients where I (KR) believe personal information may have been compromised. Where necessary, the Information Commissioner’s Office will be notified
If a patient contacts me to say that they feel that there has been a breach by myself (KR), I (KR) will ask the patient to provide an outline of their concerns. If the initial contact is by telephone, I (KR) will ask the patient to follow this up with an email or a letter detailing their concern. The concern will then be investigated fully, and a response made to the patient. Breach matters will be subject to a full investigation, records will be kept and all those involved notified of the outcome
What third parties we receive data from
What automated decision making and/or profiling we do with user data
Industry regulatory disclosure requirements
I (KR) will not disclose any personal information that I (KR) hold on you to any unrelated third party except where required by law.