In this document, "we", "our", or "us" and “FTR” refer to the Frome Therapy Rooms.
Our policy complies with UK law, including that required by the EU General Data Protection Regulation (GDPR). This policy may be subject to change, so please check our website regularly for any changes.
How the law protects you
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing your personal data includes, but is not limited to, your consent, correspondence regarding a room hire agreement, to enable invoicing, and to contact you for clinic room purposes.
Why we collect personal data from you?
When you supply your personal details to us, they are stored and processed for four reasons (the bits in bold are the relevant terms used in the Data protection Act 2018, which includes the General Data Protection Regulation):
If you contact us with an enquiry, when there is no contractual relationship between us, such as asking us to provide you with more information about our services, you provide your consent to us to process your personal information. When you request information in this way, you implicitly give your consent.
When entering into a room hire agreement with us, this constitutes a contract. In order to process your room hire agreement, we need to collect personal information about you. This includes data to:
identify your professional qualifications, memberships and associations;
enable us to respond to your requests if you contact us with a query;
send invoices and process payments;
provide relevant information pertaining to your room hire agreement;
inform you of service updates and price changes.
process data for record keeping and administration of our business.
You can, of course, refuse to provide the information, but if you were to do that, we would be unable to offer you a room hire agreement.
We have a “Legitimate Interest” in collecting your personal and professional information, because provision of such data is a pre-requisite of entering into a room hire agreement with us. Also, we are required by law, to sometimes process your information in order to comply with a statutory obligation.
We also think that it is important that we can contact you in order to update you on matters related to your room hire agreement with us. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.
We shall continue to process this information until the room hire agreement between us ends or is terminated by either party under the terms of the contract. You may withdraw your consent at any time by writing to us at the clinic or by e-mail to email@example.com. If you do so, we shall not be able to provide our services further.
What type of data do we collect from you?
We collect your personal data when you enquire through our website. This will include your name, email address and telephone number provided by you. In doing so, you consent to using this information to contact you in order to answer your enquiry.
When joining the Frome Therapy Rooms, we may also collect from you your home/work address, website and copies of your qualification certificates, insurance certificate, and professional membership.
How long will we keep your data?
The Frome Therapy Rooms will retain personal data from enquiries for:
such time as this is required in connection with the enquiry you have raised;
a period of 1 years from the date of your enquiry.
We will retain your personal data regarding your room hire agreement for:
such time as this is required in connection with the services we are supplying to you;
a period of 1 years from the termination of your contract with us.
We may retain personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person.
Where we store your personal data:
Your personal data is stored:
on paper and our office computer in the case of correspondence, room hire agreements, professional documents and invoices etc. Computers are password-protected and backed up regularly.
Who has access to your data?
We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies will have routine access to your data:
The Frome Therapy Rooms Business Owners, and our accountant.
From time to time, we may have to employ consultants to perform tasks which might give them access to your personal data. We will ensure that they are fully aware that they must treat that information as confidential, and we will ensure that they sign a non-disclosure agreement.
Accessing and updating your data
Practitioners are responsible for maintaining the accuracy of all their details which we hold. This includes, but not limited to: name, address, phone number, e-mail address. Also, practitioners are obliged to provide us with up to date copies of their professional memberships, associations, qualifications and professional/public indemnity insurances. Any changes can be notified by contacting the Frome Therapy Rooms directly or via email to firstname.lastname@example.org
At any time you may request that we remove personally identifiable information that we hold about you. However, in restricting the use of your personal data it may prevent us from being able to provide our services to you as outlined above.
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.
Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
The Frome Therapy Rooms uses closed circuit television (CCTV) images to provide a safe and secure environment for practitioners and for visitors to the business premises, such as clients, customers, contractors and suppliers, and to protect the property and its contents.
This policy sets out the use and management of the CCTV equipment and images in compliance with the Data Protection Act 1998 and the CCTV Code of Practice.
FTR’s CCTV facility records images only. There is no audio recording i.e. conversations are not recorded on CCTV.
Purposes of CCTV
To assist in the prevention of crime and the identification and prosecution of offenders.
To monitor security and assist with the identification of unauthorised entry to the premises.
To assist in protecting the safety of users of the premises during hours of use.
Location of cameras
Cameras are located at strategic points throughout the clinic premises, principally at the entrance, hallway and unmanned reception for the purposes outlined above. All cameras are clearly visible.
No cameras are, or will be, used in any of the therapy rooms.
Appropriate signs are prominently displayed so that practitioners, clients, customers and other visitors are aware they are entering an area covered by CCTV.
Recording and retention of images
Images produced by the CCTV equipment are intended to be as clear as possible so that they are effective for the purposes set out above.
Maintenance checks of the equipment are undertaken on a regular basis to ensure it is working properly and that the media is producing high quality images.
Images may be recorded either in constant real-time (24 hours a day throughout the year), or only at certain times, as the needs of the business dictate.
As the recording system records digital images, any CCTV images that are held on the hard drive of a PC or server are deleted and overwritten on a recycling basis and, in any event, are not held for more than six months. Once a hard drive has reached the end of its use, it will be erased prior to disposal.
However, where a law enforcement agency is investigating a crime, images may need to be retained for a longer period.
Access to and disclosure of images
Access to, and disclosure of, images recorded on CCTV is restricted. This ensures that the rights of individuals are retained. Images can only be disclosed in accordance with the purposes for which they were originally collected.
The images that are filmed are recorded centrally and held in a secure location. Access to recorded images is restricted to the operators of the CCTV system and to those line managers who are authorised to view them in accordance with the purposes of the system. Viewing of recorded images will take place in a restricted area to which other employees will not have access when viewing is occurring. If media on which images are recorded are removed for viewing purposes, this will be documented.
Disclosure of images to other third parties will only be made in accordance with the purposes for which the system is used and will be limited to:
The police and other law enforcement agencies, where the images recorded could assist in the prevention or detection of a crime or the identification and prosecution of an offender or the identification of a victim or witness.
Prosecution agencies, such as the Crown Prosecution Service.
Relevant legal representatives.
The FTR Business Owners (or another senior director acting in their absence) are the only people who are permitted to authorise disclosure of images to external third parties such as law enforcement agencies.
All requests for disclosure and access to images will be documented, including the date of the disclosure, to whom the images have been provided and the reasons why they are required. If disclosure is denied, the reason will be recorded.
Individuals’ access rights
Under the Data Protection Act 1998, individuals have the right on request to receive a copy of the personal data that FTR holds about them, including CCTV images if they are recognisable from the image.
If you wish to access any CCTV images relating to you, you must make a written request to the Company’s Data Protection Officer and the Company reserves the right to charge you a fee of £10.00 for the supply of the images requested. Your request must include the date and approximate time when the images were recorded and the location of the particular CCTV camera, so that the images can be easily located and your identity can be established as the person in the images. The Company will respond promptly and in any case within 40 calendar days of receiving the request.
The Data Protection Officer will first determine whether disclosure of your images will reveal third party information as you have no right to access CCTV images relating to other people. In this case, the images of third parties may need to be obscured if it would otherwise involve an unfair intrusion into their privacy.
If the Company is unable to comply with your request because access could prejudice the prevention or detection of crime or the apprehension or prosecution of offenders, you will be advised accordingly.
FTR are responsible for the implementation of and compliance with this policy and the operation of the CCTV system and they will conduct a regular review of FTR’s use of CCTV. Any complaints or enquiries about the operation of the Company’s CCTV system should be addressed to us.
In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.
Your right to make a complaint
We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
Of course, if you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to what is referred to in the jargon as the “Data Controller”.
Here are the details you need for that:
Data Controller, Frome Therapy Rooms, Turnpike House, 18 Bridge St, Frome BA11 1BB
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.