Heavenly Star Acupuncture Privacy Policy

 

This privacy policy tells you what to expect us to do with your personal information when you make contact with us or use one of our services.

How we get information

Most of the personal information we process is provided to us directly by you for one of the following reasons:

• You have made an enquiry to us.

• You engage one of our services.

Your rights

You have the following rights in relation to the information we process:

Access: you have the right to ask us for copies of your personal information.

Rectification: you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Erasure: You have the right to ask us to erase your personal information in certain circumstances. For example, if you withdraw your consent for us to process your data.

Restriction of processing: you have the right to ask us to restrict the processing of your information in certain circumstances. For example, if you are considering an objection to the accuracy of the information we hold.

Data portability: this only applies to information you have given us. You have the right to ask that we transfer the information you gave us to someone else or give it to you.

You do not have to pay a charge for exercising your rights. We have one month to respond to you.

How you contact us

You contact us in the following ways:

• By phone – call, text message

• By email

• By completing the form on our website

• By WhatsApp or Messenger

• Via our Facebook page

• In person

Why you contact us

You contact us for the following reasons:

• Make an enquiry

• Book an appointment

• Return an intake form

• Attend an event at which we’re present

• Make a payment for our service

When you contact us to make an enquiry we collect information, including your personal information so we can respond to it. The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR.

When you book an appointment, we collect information including your personal data in order that we can provide a full effective and efficient service that meet your needs. The legal basis we rely on for processing your personal data is to fulfil our obligations to you under article 6(1)(b) of the GDPR.

When you attend appointments, we collect information from you to facilitate and record our ongoing work with you. The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR.

Some of the information we collect is special category data for example information relating to your health. The legal basis we rely on for processing your personal data in these circumstances is your personal consent under article 9(2)(a).

How we keep store information and how long we keep it

Emails are deleted within 3 months.

Intake forms are printed and put into a client file. Digital records are deleted immediately, as are WhatsApp, Messenger and phone voice, and text messages.

Each client has a paper file that is kept in the administrative office at Aalsmeerweg 110, 1059 AP Amsterdam and digitalised. Access to the administrative office is restricted and all files are kept in secure, lockable cabinets.

We retain all medical files for a period of 20 years to fulfil our obligations under Dutch law.

Our accounts system is part paper-based and part digitalised. All information relating to invoices and payments is stored in the administrative office at Aalsmeerweg 110, 1059 AP Amsterdam or at a secure storage facility nearby. Access is restricted and all files are kept in secure, lockable cabinets. Digital accounts are only shared with the practice accountant at Agterberg IFC for the purpose of preparing tax returns.

We keep all records relating to our financial accounts and invoices for 7 years as required under Dutch law.

Email provider

We use Gmail for our emails. You can read more about Google’s Privacy Policy here.

Payment Processors

We use iZettle for debit card payments and the ING bank to process payments.

Visitors to our website

Our website is built on a platform called Squarespace and they are responsible for managing, monitoring and updating the software on which the site is built. Squarespace uses Secure Sockets Layer, or SSL, which is a technology that secures the connection between your browser and our website.

SSL provides three important security benefits:

  • Privacy: Encrypts the connection between the browser and web server and securely transmits information (like login credentials) to prevent unauthorized parties from eavesdropping.

  • Data integrity: Prevents unauthorized parties from altering data during transmission

  • Authentication: Protects against impersonation by requiring web server proof of identity.

Our website has a SSL certificate so all visitors view it over an HTTPS connection which means all communications between your browser and the website are encrypted.

Analytics: When you visit https://www.heavenlystaracupuncture.com we use Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone.

To opt out of being tracked by Google Analytics, visit http://tools.google.com/dlpage/gaoptout.

Cookies: We use cookies, small pieces of data that websites store on your device, to help your site run effectively and provide the best experience for you. Squarespace uses some necessary functional cookies on the site as well as performance cookies. You can find out more about them here. As a user you control the cookies. For the most common browsers, you can see which cookies are active and you can clear them either from your browser or device, either globally or from a specific website.

Find out how to manage cookies on popular browsers:

Google Chrome

Mozilla Firefox

Microsoft Internet Explorer

Apple Safari

The purpose for implementing the above is to maintain and monitor the performance of our website and to improve the performance and content of the site. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when it is necessary for the purposes of our legitimate interests.

Sharing your information

We will not share your information with any third parties for the purposes of direct marketing.

Links to other websites

Where we provide links to third-party websites, this privacy policy does not cover how they process personal information. We encourage you to read the privacy policies on the other websites you visit.

Your right to complain

We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at heavenlystaracupuncture@gmail.com and we’ll respond.

If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Dutch Data Protection Authority (DPA).

Our contact details

The practice is based near the Hoofddorpplein at Hillegomstraat 14, 1058 LS Amsterdam

Telephone Number: +31 (0)6 39 35 60 65

Email Address: heavenlystaracupuncture@gmail.com

You can also contact us via a form on our website.

Changes to this policy

We keep our privacy policy under regular review to make sure it is up to date and accurate.


Heavenly Star Acupuncture

September 2023