Privacy Policy

For Client’s Aged 17 or Over

Or a client’s representative (where a client’s aged 16 or under)

Ruth = Ruth Tarr, an integrative psychotherapist and energy healer, at Holistic Health York.

You, your = you, the client (or a client’s representative, and the client aged 16 years or under).

Session(s) = any integrative psychotherapy, energy healing and information offered by Ruth (including but not limited to paid, free, online, phone, in person, 1-2-1, group, single session, package, programme).

Client information = any personal, medical or mental health information about you that you share with Ruth at any time (including, but not limited to verbal and written communication, in person, phone call, video call, SMS, offline emails, completing forms, third party platforms like social media, message boards, booking facilities etc.), and the notes Ruth makes during or in between sessions.

How to Contact Ruth

Address: Ruth Tarr, Holistic Health York,

7 Fairway, Rawcliffe, York, YO30 5QA

Telephone:         07783131678

Email:                 holistichealthyork@hotmail.com

Client Information

Client information is kept and used by Ruth in line with the Data Protection Act 2018 and the General Data Protection Regulation.

Client information Ruth keeps may include, but is not limited to, your:

  • Personal data (information which can identify you – name, address, date of birth).
  • Special category data (information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, health or sexual life, genetic data).
  • Reasons for wanting to work with Ruth.
  • Past and present health issues (medical and mental).
  • Past and present personal, social, financial circumstances, background and family history.
  • Contact details (phone number, email address) and availability.

Client information may be stored as:

  • Paper records.
  • Electronic records.

Ruth needs client information to:

  • Work safely with you and help you.
  • Send you information that may help you.
  • Obey the law by keeping accurate client information for the required time.
  • Communicate with you about sessions and get feedback to improve them.
  • Check in with you after you’ve stopped working with Ruth.

Confidentiality

Client information is kept confidential by Ruth.  When Ruth works with children or young people, they have the same level of confidentiality as an adult has, regardless of who pays for the sessions. Ruth would discuss nothing a child says with the client’s representative, unless the client was at risk, or the client specifically asked Ruth to.

Legally Ruth has to keep client information for 5 years from the last session date and financial records for 7 years from your last payment date.  Once the 5 or 7 years is up paper copies of client information are destroyed by shredding and recycling, and electronic client data and information is deleted.

Sometimes, confidentiality can be broken, without your knowledge or permission, such as:

  • To prevent serious harm to a you or others, which includes murder, manslaughter, rape, treason, kidnapping, child abuse, or when people have been seriously harmed. As well as serious harm to the security of the state or to public order and crimes that involve substantial financial gain and loss.   
  • If Ruth thinks you or someone you mention could be at risk or in danger, or if you’ve mentioned illegal or unethical activities.
  • If Ruth needs professional advice (Ruth may share certain things, anonymously and hypothetically, with other professionals for supervision, training or consultation) or for auditing reasons.
  • To help prevent or detect a crime. 
  • The legal obligation to disclose known or believed information about an act of terrorism in the UK (The Terrorism Act 2000).
  • A court order request to disclose client information in writing or in court.  A client’s written consent would be required, where possible. A client can request access to the report (see Your Rights section of this policy) unless there is a strong, convincing reason why the client shouldn’t.

If you want Ruth to share client information with someone else, you must give Ruth written permission saying what you want Ruth to share, why and who you want it shared with.

Security

Client information is kept as safe as possible: 

  • Paper copies are under lock and key, and removed when Ruth uses them. 
  • Electronic information (excluding SMS, offline email, webserver and third-party platforms) is on an encrypted portable hard drive under lock and key, and removed when Ruth uses it.
  • Ruth’s laptop has anti-virus software.
  • Electronic communication via SMS, offline email, and third-party platforms, requires access via password-protected authentication, or by reputable service providers using secure internet ‘cloud’ technology.

Ruth can’t guarantee the security of client information when you communicate via SMS, offline email, and third-party platforms – you do so at your own risk.

Your Rights

Contact Ruth (see the How to Contact Ruth section of this policy) to use the following rights. Ruth has one calendar month from your request to share client information with you.  However, if Ruth needs to confirm your identity, Ruth has one calendar month from the time your identity is confirmed to share client information with you.  Your client information will be shared electronically or as hard copies (at Ruth’s discretion).

*If you don’t give Ruth permission to ­­save and or use client information, Ruth will have to stop working with you, due to safety and legal reasons.  Client information would still be held by Ruth for the required legal period of 5 or 7 years.

Right to Access – You can ask to see client information.

Right to Rectification – You can ask Ruth to change any incorrect or incomplete client information where possible. If this client information has been shared with third parties, they will be told about these changes.

Right to Erasure – Due to legal requirements, client information can only be deleted 5 years from the last session date, and financial data deleted 7 years from the last payment date.

Right to Restriction of Processing – You can ask Ruth not to collect any client information about you.*

Right to Object – You can object to Ruth using or changing client information.*

Right to Data Portability – You can ask for an electronic copy of your electronic client information (this excludes all paper files and paper-based communication).  Ruth will share it in a commonly used machine-readable electronic format.  You can ask Ruth, in writing, to share client information directly to another data controller.

If you are worried about your information, have a question or complaint about it, please contact Ruth first (see the How to Contact Ruth section of this policy).  If you do not want to speak to Ruth, you can call the people who are in charge of these laws, the Information Commissioner’s Office (ICO), on 0303 123 1113.

Marketing Communications

Ruth may send you marketing information (like a newsletter, promotions, new services) after you:

  • Request information or purchasing sessions from Ruth.
  • Give Ruth your details by entering a competition or registering for a promotion or free resources.

You can request to opt-out of these marketing messages by emailing holistichealthyork@hotmail.com and asking to opt-out. 

You will be asked separately for your opt-in consent for Ruth to share your personal data with any third party, for marketing purposes. If you opt-in for this, you can opt-out by contacting the third party direct, or clicking and completing the opt-out links in the third party marketing emails.

Please note that opting out of Ruth’s or third party marketing communications doesn’t apply to Ruth communicating with you for any booked sessions you have made.

Third Party Links

Ruth’s website (https://holistichealthyork.co.uk) may include links to third-party websites, plug-ins and applications, such as:

  • You Can Book Me – the third party electronic booking system Ruth uses
  • Stripe – the third party electronic payment system Ruth uses.

If you click on those links or enable connections this may allow third parties to collect or share data about you. Ruth doesn’t control any third-party website, and is not responsible for their privacy policies – you should always read the third party privacy policies before you agree to their terms and conditions.

Cookies

Ruth’s website (hosted by WordPress) may have cookies which are text files with small pieces of data — like a username and password — that identify your computer when you use a network. A cookie is created by the server when you connect to it, and is given a unique ID for you and your computer. Cookies can help a server know what information to specifically serve you.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of Ruth’s website may become inaccessible or not function properly.

What happens if the Data Protection Rules are Broken

If a personal data breach occurs which is likely to result in a high risk to your rights and freedoms (e.g.  a significant financial loss, breach of confidentiality, discrimination, reputational damage, or other social or economic damage), Ruth must ensure that:

  • ICO is informed of the breach without delay, and in any event, within 72 hours of Ruth becoming aware of it.
  • All affected clients are directly told about the breach without undue delay.
  • Breaches are fully investigated and the relevant security measures assessed and reviewed.

Changes to the Privacy & Data Protection Policy

Ruth reviews and updates this policy, and shares updates on the Holistic Health York website https://holistichealthyork.co.uk/policies-and-procedures.

Last updated: February 2024