Who I am

 

My website address is: https://krysaliswellbeing.co.uk

 

My name is Karen Runacres. I will use my initials for the rest of this document

 

What personal data we collect and why we collect it

I (KR) take the privacy rights of my patients very seriously. This privacy policy sets out how I deal with your personal information, that is, information that could identify, or is related to the identity of, an individual

 

Name

 

Gender

 

Date of Birth – this occurs during our consultation

 

Home address – this occurs during our consultation

 

Email address

 

Telephone number

 

Medical history – this occurs during our consultation

 

To this, over time I will add details of the conditions for which you have consulted me and the remedies and other therapies that I have prescribed or recommended

 

I (KR) use your personal information to analyse the conditions for which you have consulted me and to prescribe remedies and other therapies.

 

I (KR) will communicate with you by email, other digital methods, by telephone and by post.

 

Comments

 

When visitors leave comments on the site, we collect the data shown in the comments form, and the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

If you submit a contact form the following data is collected

Name

Email address

Your reason for contacting me

I am obliged to store patient information for seven years. I do not share this or any other information with outside parties.

 

If you have requested health updates from me, I will use your email address to provide these for you

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

I (KR) use Google Analytics

Here is the link to Google’s privacy policy 

https://privacy.google.com/businesses/compliance/

Who we share your data with

I share information with payment providers PayPal / Izettle

 

With both companies the data shared would be

 

Name

 

Email address

 

Payment method and card details

 

Link to PayPal

https://www.paypal.com/dm/smarthelp/contact-us

 

Link to Izettle

 https://www.izettle.com/gb/contact-us

How long we retain your data

I (KR) need to keep your information for as long as you continue to consult me. Since patients often return for more consultations after a period of absence, I will keep your information for seven years after your last consultation. in the case of children, seven years after their 18th birthday. At that point, your file will be securely destroyed, and any digital information will be erased from my computer systems.

If you leave a comment on the website, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

 

What rights you have over your data

My (KR) patients are entitled to request access to the information that is held by myself. The request needs to be received in the form of a written request to me.

On receipt of the request, the request will be formally acknowledged and dealt with within 14 days unless there are exceptional circumstances as to why the request cannot be granted, I (KR) will provide a written response detailing all the information held on my patient. A record shall be kept of the date of the request and the date of the response.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

 

Where we send your data

 

I (KR) will not disclose any personal information that I hold on you to any unrelated third party except where required by law.

Website visitor comments may be checked through an automated spam detection service.

 

Your contact information

If you have any concerns with regard to your privacy you can contact Krysalis Well-being on 01726 860572 or karenhomoeopath@gmail.com

How we protect your data

My (KR) patient files are paper-based and are held securely within my consulting room. I (KR)  take steps to protect your personal information against loss or theft as well as unauthorised access, disclosure, copying, use or modification.

Your email address is held securely on the servers of my (KR) email providers, currently BT Internet and Google mail.

I (KR) have a responsibility to ensure that data is both securely held and processed. This includes:

using strong passwords for information held within computer systems

restricting access to computer and paper-based files

using password protection on laptops and PC’s that contain or access personal information

using password protection or secure cloud systems

providing adequate virus-protection and firewall software to secure computer-based systems

 

What data breach procedures we have in place

Were a data breach to occur, action shall be taken to minimise the harm. I (KR) will inform any patients where I (KR) believe personal information may have been compromised. Where necessary, the Information Commissioner’s Office will be notified

If a patient contacts me to say that they feel that there has been a breach by myself (KR), I (KR) will ask the patient to provide an outline of their concerns. If the initial contact is by telephone, I (KR) will ask the patient to follow this up with an email or a letter detailing their concern. The concern will then be investigated fully, and a response made to the patient. Breach matters will be subject to a full investigation, records will be kept and all those involved notified of the outcome

What third parties we receive data from

not applicable

What automated decision making and/or profiling we do with user data

not applicable

Industry regulatory disclosure requirements

I (KR) will not disclose any personal information that I (KR) hold on you to any unrelated third party except where required by law.