Holistic Lifepath GDPR Policy - 2021

Along with all UK business since 25 May 2018, Holistic Lifepath follows the guidelines outlined by the General Data Protection Regulations (GDPR). This covers the collection of personal data, with the philosophy of Privacy by Design and Privacy by Default.

As a small organisation with the purpose of providing training and support in an integrated, holistic approach to animal health, there is only a limited amount of personal data that will ever be collected. We will work to ensure:

  • Lawfulness, fairness and transparency.

  • We only collect the data that is needed for a purpose that we will make clear.

  • The information is up to date and accurate.

  • It will only be kept for the length of time that it is needed.

  • We work with accountability, integrity and confidentiality, there by maintaining security.

Below is any outline of the framework we follow.

What Collected

Contact details:

  • Name

  • Address

  • Phone

  • Email

  • Other contact details such as WhatsApp, Skype, FaceTime.


Consent:

  • To be contacted about Holistic Lifepath activities.

The details listed above will be referred to as “the data”.

Purpose

The purpose in collecting the data is to allow effective communication to provide the service offered by Holistic Lifepath.

Consent

We will always seek consent for collection of the data. This will be in the form of:

  • Verbal consent - where a note is made that it has been given.

  • Written consent - where you may be asked to sign a form to say you are happy to give the information.

Many owners have asked for me to keep them informed about educational support, events, courses and workshops that Holistic Lifepath may be involved in providing. If you are interested in this we will give you an opportunity to give:

  • Your consent for me to keep you informed by positively opting in.

This consent will be added to the data collected.

I will keep you informed by email.

Privacy

The data provided will only be used with activities associated with Holistic Lifepath.

Responsibility

We will take responsibility for ensuring that systems are set up and managed correctly.

There will be an annual review of policy.

We will train any employees on how to use the systems correctly.

Training will be reviewed on an annual basis or at any point there needs to be a change in the system.

Impact assessment

I will undertake an impact assessment any time a new system is introduced. There will be a form for each change in the system.

Records will be kept of any changes, specifically to cover:

  • Does this have an impact on privacy?

If the answer is yes, then further information will be included:

  • What is the change in policy?

  • Why is it necessary?

  • What impact will it have on privacy?


Data Transfer

No intention to routinely transfer data outside of organisation.

The ability to transfer the data will be in place if appropriate requests are received.

A register will be kept of all requests and action taken. This will be a spreadsheet.

Requests may include:

  • Right to be informed - who collecting and purpose

  • Right to be forgotten - on certain grounds, if data no longer needed for the purpose, within 1 month of request.

  • Transfer of data:

    • To client

    • To third party

If personal data is received by email, then we will:

  • Transfer it to our record keeping system.

  • Acknowledge the email and then delete the email containing the personal data.

If a “right to be forgotten” request is acted on, this will include a process of deleting relevant emails from the system. Please note:

  • We will copy the content of the emails to be stored in an anonymous fashion.

    • This is to ensure accuracy of our animal records.

  • Then we will delete all emails.

Data Breach

If discovered, we will:

  • Inform data protection authority within 72 hours.

  • Have an administration meeting to review the details.

  • Take action to contain the breach.

  • Estimate total numbers involved.

  • List the type of data.

  • List security measures that were in place before breach.

  • Update the security measures as appropriate.


Current security measures include:

  • Staff loyalty training.

  • Use of password protected hardware.

  • Use of password protected software.

  • Only storing Personal data in password protected locations.

Annex

In addition to the personal data that is governed by the GDPR regulations, we may collect other information that is beyond the scope of this legislation. In the spirit of completeness below are details of the sort of information we may collect and the responsibility we take around looking after it. 

Information that may be collected

  • Animal case history

  • Photo/Video/Audio

  • Background farm or stable details

Purpose

  • All information collected with the end goal of creating optimum health and vitality for the animals.

  • Data for analysis for research purposes and to improve quality of care.

  • Teaching material to help inspire other animal owners.

Privacy

Any teaching material is only used in an anonymous fashion, unless express written permission is obtained from the client. 

Responsibility
Current security measures include:

  • Staff loyalty training.

  • Use of password protected hardware.

  • Use of password protected software.