Privacy Policy

Head4Health (“I” Head4Health) am committed to protecting and respecting the confidentiality, integrity and security of the personal information about individuals whose data I hold.
This policy sets out the basis on which any personal data I collect from you, or that you provide to me, will be processed by me, and how Head4Health complies with its responsibilities under applicable data protection laws, including, when and to the extent in force, the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679) and the Privacy and Electronic Communications Regulations 2003 (“Data Protection Laws“). Please read this policy carefully.
I will never sell, rent or otherwise distribute or make public your personal information.

Data Controller

For the purpose of the Data Protection Laws, the data controller and data processor is Ray Head at Head4Health,4 Ravelston Dykes Road EH4 3PQ.

Personal data collection

Personal data, or personal information, means any information about an individual from which that person can be identified.
I hold personal data about you which you provide to me in the course of treatment or correspondence between you and me, or (where you are a patient or potential patient) via my Consultation Form, Online Patient Contact Form or email correspondence or messaging or via phone.
I may collect the following information from you

-Name
-Gender
-Age
-Address*
-Contact Details
-Medical Information
-Transaction Data. If you use my website to purchase vouchers I have a record of your transaction which will include, address, email, transaction amount. The transaction is via a third party provider called Paypal who do not disclose your exact card or account details.I may also collect Aggregated Data from my website such as statistical or demographic data. Aggregated Data may be derived from your personal data but is not considered personal data as this data does not directly or indirectly reveal your identity.

* Prior to May 25th 2018 you were asked to provide your home address. This is no longer deemed necessary as long as I can contact you by phone or email. Therefore, the address box will be dropped from future consultation forms. It will still appear if you make a purchase via the website.

Children

Any data pertaining to a child under the age of 17 must be provided by their parent or guardian and include their written consent.

Use of personal data and legal basis for processing

All personal data I hold about you will only be used for the purposes set out below or for any other purpose specifically permitted by the Data Protection Laws or which you may authorise (which may include direct marketing, if you authorise me to do so).

If you are a patient, I may use information you provide to me to:

-Provide Sports Therapy Treatment
-Send you a copy of my email newsletter (if you agree)
-Email you with rehabilitation information if you have agreed for me to do so.
-Contact you as a follow-up to treatment if you have agreed that this is appropriate.

Where you provide personal information to me, I am processing it in order to perform my obligations under my agreement with you or in order to take steps at your request prior to entering into a treatment service with you.

You may provide your personal data or transaction data by filling in forms, or corresponding to me by email, phone, text, post or otherwise.

Where you provide personal information to me, you will be asked if you consent to me adding you to my database and also my distribution list for my email newsletter and offers. If you give your consent, I am processing your information for that purpose on the basis of your consent. No data will be stored until consent has been obtained.

The written Consultation Form is completed when you visit me for your first treatment. It will ask for your name and contact details. It will also ask questions about your general health and health history. I require these details to keep a record of your treatment history and therefore they will need to be retained. Please inform me if any of these details have changed from your first visit.
The information from your written Consultation Form will also be transferred to a Spreadsheet database for ease of access. Again, this data will only be transferred if permission is given. Please see the section on Security for more information.

Access and other rights

You may request to view or receive copies of records held about you at any point by making a request via email or writing to me at 4 Ravelston Dykes Road EH4 3PQ or email at Ray@Head4Health.com. This request will be responded to within 30 working days. If I require more time to respond fully to any request, I will notify you in writing within the 30-day period referred to.

You also have other rights under Data Protection Laws in relation to your personal data. In particular, you may have (i) the right to request that I rectify or erase information I hold about you in certain circumstances, (ii) the right to ask me to limit my processing of your information, (iii) the right (if I am processing information based on your consent, such as for marketing purposes) to withdraw your consent, (iv) the right to object to certain processing of your information (including the right to object to processing of your personal data for direct marketing purposes at any time), (v) the right to ask me to move, copy or transfer your personal information to another organisation. If you wish to exercise any of these rights, please contact me at 4 Ravelston Dykes Road EH4 3PQ or email me at Ray@head4health.com.

Accuracy of personal data

At Head4Health I try to ensure that personal data I hold about you is accurate and kept up-to-date. If you believe that any information I am holding about you is inaccurate, out-of-date or incomplete, please notify me at 4 Ravelston Dykes Road eh4 3pq or email Ray@Hea4Health.com as soon as possible. I will promptly correct or delete any information found to be incorrect.

Blog and Posts

Should you choose to add a comment to any posts that I have published on my Head4Health website My Blog the name and email address with your comment will be saved to this website’s database along with the date and time you submitted the comment. This information is only used internally to identify you as a contributor to the comment section of the respective post and is not passed on to third parties or used by me. Presently, I do not display comments on the public-facing website and so your details will not appear.

If I do display your comments, the associated personal data will remain on the site until I either 1. remove the comment or 2. remove the blog post. Should you wish to have you comment and its associated personal data deleted then please email me using the email address that you commented with.

Security

I have put in place what I consider to be appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.

Written Forms: These forms are stored in a secure cabinet only accessible by myself.

Online: If you choose to contact me using the contact form on the “Contact” page of Head4Health, none of the data (name and email) you supply will be stored by a third party processor. Instead, the data will be collated into an email using Simple Mail Transfer Protocol (SMTP).In my case I will receive a normal email via Googlemail. Therefore, your data is encrypted before being sent to me.

Transaction data that is received if you choose to buy a voucher via my website is passed via Paypal. Please see the Third Party Processors section for details of their privacy policy. The data I receive regarding the transaction can only be accessed by a password protected login.

Spreadsheet Database: This database is stored on a USB Memory stick which is password protected and kept in a locked container.

Disclosure and sharing of your personal data .
I will retain records of patients/clients for 7 years, after which they will be destroyed.
I will take all reasonable steps to destroy, or erase from our systems, all personal data which is no longer required.
Please note that you may contact at any time at 4 Ravelston Dykes Road EH4 3PQ and ask for your details to be removed. I may not be able to continue to provide you with our services in the event you request that your details are removed. I may also refuse to destroy treatment records prior to the 7-year retention period after consultation with my Practice Liability insurance provider.

Cookies

I will use “cookies” from time to time on the Head4Health website. Otherwise known as a type of tracking software, a cookie is a small, unique text file that is sent to your browser from a web server and stored on your computer’s hard drive. Cookies will help my website tailor the information presented to you based on your preferences by collecting information such as which areas of the website you have visited and for how long, so the next time you visit the site, those pages may be readily accessible. Cookies will also allow me to collect statistical information such as areas of the UK that find my webpage, search engines used, how many visitors use the Contact Page or use e-commerce to book vouchers. I will also be able to study how visitors navigate around the site and this will help me manage and improve the site where necessary.

A cookie cannot read data off your hard disk or read cookie files created by other sites and cookies do not damage your system. You can choose whether to accept cookies by changing the settings on your browser so that it rejects them or notifies you when a website tries to send you a cookie.

<3>Third-Party Data

I use a few third parties to process your personal data. They all comply with current data protection policies and are EU-U.S. Privacy Shield compliant. Please read their own privacy policies if you need more information on their own data security procedures.

Paypal Privacy Policy
Anyone purchasing treatment vouchers via my website will need to complete the transaction using Paypal. Paypal will retain all of your financial details, whilst I will receive an email of the transaction request and will also see details including name, address, transaction amount when I process the request via the Woocommerce application which is password protected.

MailChimp Privacy Policy
Occasionally I may send out a group email or newsletter. You will have either opted in or out of receiving these mails. Mailchimp allows me to send emails to multiple clients at once. They cannot access your data, it is mine to use as a list.

Google Analytics Privacy Policy
Like most websites Head4Health uses Google Analytics (GA) to track user interaction. This data can tell me the number of people who click onto my website and allows me to better understand how they find the web pages and to see their journey through the site. Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to me.

About Website Hosting and Administration

My Head4Health website www.head4health.com is hosted and administered by Jellyhound . They are located just outside Edinburgh. Feel free to check out their own privacy and security policies if you require any further information.

Data Breaches

In the unlikely event of a personal data breach I will notify you and any applicable regulator of a breach where I am legally required to do so.

Changes to this Privacy Policy

This privacy policy may change from time to time in line with legislation or industry developments. I will not explicitly inform clients or website users of these changes. Instead I recommend that you check this page occasionally for any policy changes.