Privacy Notice

This is the Privacy Notice for Neil Lawson and www.backtorights.com and tells you about the personal information I hold, how and why I use it and your rights under the General Data Protection Regulations (GDPR).  For both our sanities it is drafted with brevity and clarity in mind and does not provide exhaustive detail of all aspects of my collection and use of personal information.  However, I am happy to provide any additional information or explanation needed.  Any requests for this should be sent to the contact details on my Contacts page.  I keep my privacy notice under regular review. This privacy notice was last updated on May 25th 2018.

How I use your information

I use personal information to create and manage appointments and provide reminders to assist you in improving and maintaining your health as you desire it to be.  I use the information you provide at appointments to effectively and safely work with you.  However, I only use these details to provide the service you have requested and – if you have agreed – to send other communication such as follow-up emails.

I do not share, sell, copy or disclose any information you provide, other than via the systems listed below and then only according to their terms and conditions.  The only exception to this would be to contact your GP or medical specialist to confirm that it is safe to work with you and I would discuss this with you and ask your permission first.

When you Contact Me

If you contact me via social media, the message will be archived within the social media platform it was sent to unless you delete it.  If you contact me via the Contact Me form on my website, an email is sent to me.

When you book online, or call me to book, your details are entered into my booking system Acuity Scheduling.  Here is a link to their Privacy Policy.  I also create a Google Contact.

Acuity sends confirmation and reminder emails (if you supply an email address).  You can request to receive no further emails either by unsubscribing via the link at the bottom of emails, or by replying to me saying you don’t wish to receive any more emails.

If you pay online, this is done using the Stripe card processing system.  Here is a link to their Privacy Policy.  I do not record any card details on my website.

Cookies

In common with many websites these days, my website uses cookies – small text files that are placed on your machine to help the site provide a better user experience.  My website uses cookies to retain your preferences, store information for booking & paying online and anonymised tracking data for Google Analytics.

As a rule, cookies will make your browsing experience better.  However, if you prefer to disable cookies on this site and on others, the most effective way to do this is to disable cookies in your browser.  Consult the Help section of your browser or take a look at the About Cookies website which offers guidance for all modern browsers.

Lawful Basis & Retention periods

I process data under the lawful basis of Consent and retain personal data for 7 years after your last interaction with me.

Your rights

You have rights in relation to the information I hold about you.  You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/  Specifically, you have the following rights:

  • the right to be informed how I use your data (this notice)
  • the right of access to that data (just ask me)
  • the right to rectification if anything is incorrect
  • the right to erasure – i.e to “forget” you
  • the right to restrict processing of your data (again, just ask me)
  • the right to data portability – to get a copy of your data
  • the right to object to how I process your data
  • the right not to be subjected to automated decision-making including profiling (which I do not do anyway)

To learn more, visit the Information Commissioner’s Office website: www.ico.org.uk

 

Access to personal information

I aim to be as open as I can be in terms of giving people access to their personal information.  You can find out if I hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998.  If I do hold information about you I will:

  • give you a description of it;
  • tell you why I am holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form

To make a request for any personal information I may hold please put the request in writing to the contact details on my Contacts page.  If you agree, I will aim to deal with your request informally, for example by providing you with the specific information you need over the telephone.  If I do hold information about you that is incorrect, you can ask me to correct any mistakes by contacting me.

 

Data Controller & Data Protection Officer

I personally undertake the roles of Data Controller and Data Protection Officer for all personal data I handle.

 

Complaints or queries

Please bring to my attention anything about my collection or use of your information which you think is unfair, misleading or inappropriate.  I also welcome any suggestions for improving my procedures.  I aim to meet the highest standards when collecting and using personal information. For this reason, I take any complaints I receive about this very seriously.  If you wish to make a complaint about the way I have processed your personal information, you can do so via the ICO website.