Privacy Statement
I am committed to comply with the terms of the General Data Protection Regulation (GDPR) regarding the responsible and secure use of your personal data. I will need to process personal data in order to provide yoga therapy and group classes and am therefore registered with the Information Commissioner's Office (ICO). The purpose of this statement is to let you know how I collect, use and manage your data. When you undertake yoga therapy with me or join group classes and courses, you will be asked to consent to the processing of your data under the terms of this policy.
What information do I collect?
I collect personal data such as your name, date of birth, telephone number, email, FaceTime and Skype addresses. During the course of our work together, I will also learn about your personal background, alongside potentially sensitive data relating to medical and mental health conditions.
What do I use your information for?
· To provide you with yoga therapy or teaching that is most appropriate for your needs.
· To notify you about changes to your appointments or other services that I provide.
· To fulfill any administrative, legal, ethical and contractual obligations.
What information do I share?
I will not share any information about you with other organisations or people, except in the following situations:
· Administration - The administrator(s) of appointments and classes have access to contact information, visit history and any notes submitted while booking an appointment for the purpose of administration of appointments and classes, and for marketing if you have opted in to receive marketing communications. Administrators do not have access to client notes from clinic sessions.
· Consent – I will share information with relevant medical professionals or others whom you have requested or agreed I need to contact.
· Serious harm – I may share your information with the relevant authorities if I have reason to believe that this may prevent serious harm being caused to you or another person.
· Compliance with law – I may share information when the law requires me to - i.e. in case of safeguarding, terrorism, drug trafficking or serious crime.
How do I keep your information safe?
· All information that you provide to me is stored as securely as possible. I take all reasonable precautions to prevent the loss, misuse or alteration of information given.
· My process notes of our sessions are kept separate from your identifiable personal information.
· All paper forms and correspondence are kept in locked filing cabinets. All electronic files are kept on password-protected devices with virus protection software.
· Whilst I endeavor to keep my systems and communications protected against viruses and other harmful effects, I cannot bear responsibility for all communications being virus free.
· Client notes and other documentation are destroyed seven years after the end of treatment.
· Any known data breaches will be reported to the Information Commissioner's Office (ICO) within 72 hours.
· My website and general mailing list is hosted by Squarespace, you can read their privacy policy here.
· My clinic mailing list is hosted by Mailchimp, their privacy policy can be read here.
· Appointment bookings and Lotus Healing Centre classes are hosted through Simplybook. If you book online your personal details are kept securely in the booking system. View their privacy policy here.
· The Learning Management System that the Kundalini Medicine program uses for courses is Canvas. Read their privacy policy here.
Under the GDPR, you have the right to:
· Access your personal data, rectify or restrict your data, object to the processing of your data, and /or request transfer of your data. Requests for personal data need to be made directly to me and will be supplied within one month.
· You may withdraw consent for me to hold and process your data at any time by sending me an email or filling out the contact form on my website. However, if you do this while actively receiving yoga therapy, we will need to discuss whether it is possible to continue treatment.
· If you have any concerns about the way that I handle your data please contact me through the contact page or email. If you feel after this that your issue has not been resolved effectively, you have the right to contact the Information Commissioners Office (www.ico.org.uk)
Changes to this policy
Last updated October 2021
· This policy is reviewed periodically. If there is a change to this policy, I will notify users via email notice and by updating my website.