PRIVACY POLICY

Last updated: 25 May 2018

PRIVACY STATEMENT

Remedy Massage is committed to protecting and respecting the privacy of its clients and associates. Remedy Massage is also aware that as a client or associate you care about the security and privacy of your information. Any personal information that you volunteer or provide to Remedy Massage, either as a client, someone who contacts us or works with us, will be treated with the highest standards of security and confidentiality, in compliance with the General Data Protection Regulation 2018 (GDPR).

1. WHAT THIS DOCUMENT IS ABOUT

It is our policy to collect, process and share your Data provided to us by you in order to carry out the services requested by you and any contact in relation to those services only. Your Data will not be used for any other purposes other than those explicitly stated in this policy or requested by you in your dealings with us.

This Privacy Policy describes how we collect, use, protect, process and share your personal data (Data) when you book appointments with us and avail of treatments with us or otherwise interact with us, in accordance with the General Data Protection Regulation (GDPR) EU 2016/679, which came into effect 25th May 2018, replacing the previous data protection framework under the EU Data Protection Directive. More information about GDPR is available at www.dataprotection.ie.

This Privacy Policy does not apply to the information processed by third parties on behalf of Remedy Massage, however we have reviewed their Privacy Policies and are happy they meet General Data Protection Regulation 2018 (GDPR) standards.

We may update this Privacy Policy at any time to ensure we can carry out the services we provide in the most effective and efficient way possible. If we make changes we will notify you by revising the date on our published document on our website and in clinic, or for more substantial changes by contacting you via email or text to seek consent.

2. IDENTITY OF THE CONTROLLER

You are hereby informed that the Data that you provide is collected, used, protected, processed and shared by Staś Bernasiński, owner of Remedy Massage.

3. COLLECTION OF DATA

We may collect Data about our clients, prospects and visitors. Your Data may be collected when you contact us via email, phone or in person or through our website.

Data we collect fall into the following categories:

      • Identification information
      • Contact information
      • Medical information
      • Browsing information

These Data are gathered directly from you from direct communication with us, i.e. client intake form, phone calls, emails, transactions. Browsing history is currently not collected.

3.1. INFORMATION YOU PROVIDE TO US

We process Data you provide directly to us, in particular when you complete a client intake form or our contact form.

The Data may include the following data as well as any other type of information that we specifically request you to provide to us through our client intake form, such as:

      • Names
      • Address
      • Date of Birth
      • Phone number
      • Email address
      • Occupation
      • Doctor’s details
      • Next of kin
      • Medical history
      • Medical red flag
      • Lifestyle choices
      • Treatment notes
      • Relationship data

When you complete the contact form on our website, the following Data is collected and used exclusively for the sole purpose of, and no other than, providing you with a response to the enquiry which you requested:

      • Names
      • Phone number
      • Email address

3.2. DATA WE COLLECT AUTOMATICALLY WHEN YOU USE OUR WEBSITE

When you access or use our website, we currently do not collect any Data, including cookies nor any other tracking technologies. This Privacy Policy will be updated in the event that we will add online services and begin automatically collecting information about you through your web browser.

4. HOW WE USE YOUR DATA

We may use information about you for the following purposes:

      • Provide, maintain and improve our services
      • Provide and deliver the service you request, process transactions and send you related information including confirmations and invoices
      • Send you technical notices, updates, security alerts and support and administrative messages
      • Respond to your comments, questions, requests and provide customer service
      • Monitor and analyse trends, usage and activities in connection with our services
      • Personalise and improve the services we provide

According to the GDPR, each Data processing is performed on one of the following legal basis: 

      • Your consent
      • The performance of the service requested by you

5. HOW WE SHARE YOUR DATA

In response to a request for information if we are required by, or believe disclosure is required by, any applicable law, regulation or legal process, including in connection with lawful requests by law enforcement, national security, or other public authorities.

6. PERIOD OF DATA RETENTION

Our insurance providers require us to retain all records for a period of 7 years after the last appointment, or in the case of minors, for 7 years after their 18th birthday. We work off this for all Data. (GDPR states that clients have a right to be forgotten and can request data deleted – queries have been put to the Data Protection Commissioners in regards to the conflict here.)

Card details when card payments are taken over the phone or in person: the card number is typed directly into the terminal and is never written or stored anywhere.

7. DATA TRANSFER

Upon receiving a written request from you seeking Data transfer, we will provide a hardcopy copy of your original treatment notes with no alterations from the original. These will be handed in person or sent by registered post.

8. DATA AMENDMENTS

Upon receiving a request from you in regards to updating Data held by us, we will seek to correct our records at the earliest possible time.

9. SECURITY

We are committed to taking appropriate measures designed to keep your Data secure. Our technical, administrative and physical procedures are designed to protect Data from loss, theft, misuse and accidental, unlawful or unauthorised access, disclosure, alteration, use and destruction. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received.

10. YOUR RIGHTS

Under the General Data Protection Regulation 2018 (GDPR) individuals have the significantly strengthened rights to:

      • Obtain details about how their Data is processed by an organisation or business
      • Obtain copies of personal Data that an organisation holds on them
      • Have incorrect or incomplete Data corrected
      • Have their Data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the Data
      • Obtain their Data from an organisation and to have that Data transmitted to another
        organisation (Data Portability)
      • Object to the processing of their Data by an organisation in certain circumstances
      • Not to be subject to (with some exceptions) automated decision making, including profiling

11. IN THE EVENT OF A BREACH

Every precaution will be taken to avoid a breach of your Data, but if such a breach should occur, it will be documented, assessed as to its severity and appropriate action taken. The Data Protection Commissioner will be informed, An Garda Siochana and financial institutions (as necessary) will be contacted for assistance and you will be contacted to help you take steps to mitigate the risks to yourself, if it is deemed a severe enough breach as to put you, your identity, your financial means etc., at risk.

12. CONTACTING US

Please direct all enquiries to the Data Controller, Staś Bernasiński, at:

      • Phone:  086 0606376
      • Email:  info@remedymassage.ie
      • Post:  Remedy Massage, Therapy Rooms, Victoria Cross, Cork T12 T1XC, Ireland

13. UPDATES TO THIS PRIVACY STATEMENT

We may make changes to this privacy statement, however the “last updated” date will always be listed at the top of this page. Any changes will be effective immediately.

14. UPDATES TO THIS PRIVACY POLICY

We may make changes to this privacy policy, however the “last updated” date will always be listed at the top of this page. Any changes will be effective immediately.