Privacy and Data Protection
Terranova Wellness takes the responsibility of safeguarding your data seriously. We have a transparent data protection process to ensure you can access your data when required and know what we hold, why we hold it and how it is used. Below are the principles by which Terranova Wellness treats your data, we promise to:
- Value the personal information entrusted to us and make sure we respect that trust
- Go further than just the letter of the law when it comes to handling personal information, and adopt good practice standards
- Consider and address the privacy risks first when we are planning to use or hold personal information in new ways, such as when introducing new systems
- Be open with individuals about how we use their information and who we give it to
- Make it easy for individuals to access and correct their personal information
- Keep personal information to the minimum necessary and delete it when we no longer need it
- Have effective safeguards in place to make sure personal information is kept securely and does not fall into the wrong hands
- Provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or don’t look after personal information properly
- Put appropriate financial and human resources into looking after personal information to make sure we can live up to our promises
- Regularly check that we are living up to our promises and report on how we are doing
How we use your information
The following is a broad description of the way Terranova Wellness processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received from Christina, check any privacy notices provided or contact email@example.com to ask about your personal circumstances.
We process personal information to enable us to provide health services to our patients, to maintain our accounts and records and to promote our services. We endeavour to make clients aware of the reason for holding that data, and what it will be used for, during the process of a consultation.
Type/classes of information processed
We process information relevant to the above reasons/purposes but only if it is absolutely necessary to do so and of value to the care of the client. This information may include:
- personal details – these include your name, address and email address to allow Christina to contact you for reasons including your treatment, consultation bookings or products.
- family details – relevant to your medical history
- lifestyle and social circumstances – lifestyle is a significant aspect of health and important in all consultations
- goods and services – that you may have either purchased or indicated that you wish to
- financial details – card details are not stored by Terranova Wellness, transactions are processed via our partner iZettle or online via Stripe, a multinational payment processor. Information required to process a refund will haowever need to be held if required for that specific purpose
- employment details – employment is a significant part of lifestyle and medical history
We also process sensitive classes of information in order to treat our clients, this may include:
- Physical or mental health details
- Medical history
- Sexual life
- Racial or ethnic origin
- Religious or other beliefs of a similar nature
Data Storage – Electronic
File security starts with encryption in transit and at rest in Microsoft datacenters. Client data is safeguarded with some of the strongest encryption and detection technologies available. All client data is encrypted in transit (TLS 1.0, 1.1, and 1.2) between Terranova Wellness systems and Microsoft datacenters. All connections are established using 2048-bit keys and all data is encrypted at rest using both disk-level encryption and per-file encryption.No personal data is currently held on the website terranovawellness.com.
Data Storage – Physical
All physical written data is stored in a locked filing cabinet.
Client data will be retained for a maximum of 7 years following the most recent consultation. Electronic data reaching this threshold is securely deleted and physical data is shredded annually.
Data is accessed by Christina for the purpose of treating clients. One employee has access to client contact information in the course of managing Terranova Wellness but does not have access to consultation or medical details. Clients requiring a copy of all their data held by Terranova Wellness may obtain this by making a written request to firstname.lastname@example.org.
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themself and also with other healthcare professionals with the client’s consent and for the client’s benefit. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA).
Terranova Wellness is registered on the Information Commissioner’s Office Register of Data Controllers (registration reference: ZA295794).
June 23, 2018