How we use your Data – GDPR – Thierry-Health Data Compliance Policy
About this document
The information we collect about you
As patients / customer, we need and require you to provide us with the following information:
Your civil information: name, date of birth and place of birth
Your contact details: including address, telephone numbers and email address
Health information related to your need for holistic treatment, including medical tests, health details and medical history. You are free to share as much or as little as you want or feel required.
How we collect information about you
We collect and update personal information from you directly:
– at a consultation, either face-to-face, telephone of online consultation
– through our questionnaires
– when you send or respond to email communications (please note, that as we often state this is not our preferred way to receive information).
How we use and share your information
We store and use your personal information, as is necessary for our legitimate interests:
– we provide you with holistic treatment
– we use your civil information to book appointments. These are shared with our reception service on a secure booking system called open office
– if you have requested us to do so, we share your contact details to order supplements and products’ orders. These are only given to the relevant supplier.
– we also from time to time use your name and email to send updates on the clinic or news information. You are free to opt out of these using our GDPR-Compliant system on each email.
– we need to fulfil any obligations owed to a relevant regulator, tax authority, holistic and conventional health authority.
Who we share your data with
We share your civil information with our online reception service using a secure system called open office.
We share your civil information, contact details and health information to other health organisations, such as medical diagnostic test providers, nutritional plans providers or supplement providers. These are only given to the relevant supplier for the purpose of providing such additional services under your request.
We also use the GDPR compliant email newsletter tool to give you information from time to time. Only your name and your email address are stored on these systems. You can unsubscribe whenever you wish of this service and we will not add your name and email without your request.
How we store your data
Your data is securely stored electronically using GDPR compliant systems. Only authorised individuals have access to your data, and all electronic systems are password protected. We back-up data on a daily basis to reduce the likelihood of accidental loss or damage to files.
Your civil information, contact details and health information are kept securely in separate areas. Especially, the health information, you share, are stored separately from your civil information and contact details, in order to make it extremely difficult to link your health information to you without knowing you very well. So your health information are kept anonymously as much as possible.
How long do we keep your information
We will retain your personal information for a number of purposes, as necessary to allow us to carry out our business. Your information will be kept for up to 7 years, after which time it will be archived or deleted. Any retention of personal data will be done in compliance with legal and regulatory obligations. Please note that data retention periods may be subject to change without further notice as a result of changes to associated law or regulations.
Under GDPR you have the following rights:
– to obtain copies of the personal information that we hold about you
– to require us not to send you news or marketing communications
– to require us to erase your personal information – this must be a written request, with your reasons for requesting erasure clearly stated
Please note that these rights may be limited by Data Protection legislation, Contract law, Criminal law and Human Rights legislation, and we may be required to refuse requests where exemptions apply.
A data breach
In the event of a data breach occurring, we would immediately inform everyone affected and the relevant authorities.