GDPR (Privacy) Policy for Reiki sessions
I am registered with the Information Commissioners Office in the UK (ICO) (security number CSN5986266) and adhere to the GDPR guidelines for the UK and for the EU. As I am self-employed, I operate as the data controller for all my therapeutic work.
Personal information that I collect
When you contact me and as part of our initial assessment, I will ask you for the following information:
- Name, telephone number, email address, address
- Gender, date of birth
- Key relationships, occupation
- Doctor’s name and address, plus any medical conditions you feel may be relevant to undergoing a course of Reiki or that may present in the therapy room, including any prescribed medication
- Emergency contact and relationship to you
- Therapeutic/healing history and current reasons for seeking Reiki
How I will store your information
• Mobile phone
I will store your contact information (name, mobile number, email address and address – item 1 above) and your emergency contact information (item 5 above) on a mobile phone that is reserved for therapy purposes. This allows me to contact you when necessary, but does not allow the information to be shared elsewhere. I use WhatsApp for business on this phone to send messages, so any correspondence between us will be stored there.
All other information collected during the assessment session (items 2-6 above) will be stored electronically on a password-protected laptop that will be kept in a locked filing cabinet in my home or office. This laptop utilises two-part verification for all external purposes (enhanced security measure).
I sometimes make brief notes after sessions. I will store your anonymised session notes in a file (identified only by your initials). This will be kept in a locked filing cabinet in my home or office when not in use.
• Email/text messaging/WhatsApp
Any emails you send me will be saved as a PDF and stored on my laptop, then deleted from my email account.
Any text messages or WhatsApp messages will be stored in my phone until they are deleted by me (usually at the end of our last session together). Electronic correspondence will also be held by whatever method you use to contact me, unless/until you delete it yourself (e.g. by WhatsApp, by your email provider or on your phone).
I use a password-protected account on my computer for my therapy work, separate to my personal account. My email is dedicated to therapy work and only available via this password-protected account. This ensures no overlap between personal and professional use of my electronic devices.
None of your personal information is stored on my website.
How I may share your personal information
• Therapeutic Will
Your name and contact details will be shared with my Therapeutic Executor. This is so that should I die unexpectedly while we are working together, you will be contacted and offered alternative support.
In the event of a physical or mental health emergency, you can either call 1177 or you can contact Mind at [email protected] or on 08–34 70 65. With your consent wherever possible, if I am seriously concerned about you or your health, I may share your contact information with an emergency healthcare service (e.g. the health service on 1177 or Norra Stockholms psykiatri on 08-123 400 00).
If you share with me your intention to cause harm to another person or organisation (e.g. terrorism), I may be legally required to inform an authority without seeking your permission. In such a situation, I may also be required to share your personal information without your knowledge.
How long do I hold your information?
When we have finished working together, I will delete electronic copies of your information and correspondence within one month. I will hold onto your session information (written or electronic) for up to seven years past the end of our working together. This is so that I have a reference of our work in situations such as you returning to counselling in the future. After this time has passed, I will shred or permanently delete the session information.
You have the following rights:
- To know what information I hold about you (outlined on this page).
- To see the information I hold about you (free of charge for the initial request).
- To amend any inaccurate or incomplete personal information I hold about you.
- To withdraw consent to me using your personal information.
- To request that I delete any personal information I hold about you (though I can decline if the information is needed for me to practice lawfully and competently).
You can complain to the ICO if you are unhappy with how I have used your data using this contact information: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF // +44 (0)303 123 1113.
This document outlines what I have done to ensure the confidentiality of your data and personal information, according to legal requirements. However, it is important to be aware that I do not have control over external software, apps or service providers, including those that you use. As such, it is important that you are happy with the services you use at your end. In addition, there are sometimes rare and unforeseen data breaches over which I have no control, such as hacking incidents.