Please expand each section below to read through our Terms and Conditions
Please be careful when choosing items, as a general rule we do not exchange goods if you change your mind, returns postage plus a handling fee may be incurred to the purchaser in these circumstances.
GDPR: Data Protection Policy: Chi Medics
Moss Arnold and Sharon Windle
48, Yew Tree Drive, Somesall, Chesterfield. S40 3NB
Moss and Sharon- Chi Medics Phone- 07 579 785 232
This policy outlines our compliance with the GDPR and data protection.
1. The data that we process and how it flows into, through and out of our business.
Data comes into the business in 5 ways:
Email messages to Chi Medics from prospective participants, hosts, organisers and organisations.
Chi Medics website
Chi medics Face Book Group
It flows through our business via:
● Our laptops, which never leave the premises and are Firewalled and password protected.
● Our smart phone, which are also fingerprint and password protected.
● Our paper file, kept securely in the Chi Medics Home Office, which is protected by secure locks on all access points.
The information is not in any form shared or distributed in any form, other than Attendance Records taken from the Office to the venue and returned, as required.
2. The personal data we hold, where it came from, who I share it with and what I do with it.
Information Asset Register
● We hold personal information about prospective participants, hosts, organisers and organisations that have been received from them.
● This includes name, address, location and contact details.
● No information is shared with anyone outside of Chi Medics (Moss & Sharon).
● We keep all data for our business such as advertising and promotional reasons as well as to inform and education those interested in Chi Medics, unless requested to unsubscribe.
3. The lawful bases for me to process personal data and special categories of data.
We process the personal data under:
● Legitimate interest: We are required to keep attendance and academic records by the professional organisation and issue certificates of Attendance.
● Special Category Data – Health Related: We process under special category data, therefore the additional condition under which we hold and use this information is for Chi Medics which is AoR Approved CPD provider, to fulfil this role, bound under the AoR Confidentiality as defined in their Code of Practice and Ethics.
4. Privacy Notice
We have written a privacy notice for prospective participants, hosts, organisers and organisations, and have ensured that the privacy notice includes all of the information included in the ICO privacy notice checklist at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed#table
5. Processes to recognise and respond to individuals’ requests to access their personal data.
Anyone who wishes their personal data to be removed from your systems, only has to request this either via text, email or in writing. We will removal and respond to their request at our earliest convenience.
6. Processes to ensure that the personal data we hold remains accurate and up to date.
We will ensure that prospective participants, hosts, organisers and organisations information is kept up to date, and will update said information as we are informed of any changes. This will be reviewed periodically.
7. Schedule to dispose of various categories of data, and its secure disposal.
Upon request, all such data will be removed from all locations, including email address books. Laptops, mobile phones, etc.
8. Procedures to respond to an individual’s request to restrict the processing of their personal data.
9. Processes to allow individuals to move, copy or transfer their personal data from one IT environment to another in a safe and secure way, without hindrance to usability.
There should be no situation where data held by Chi Medics would need to be copied or transferred, other than between us (laptops and mobiles).
10. Procedures to handle an individual’s objection to the processing of their personal data.
We will inform prospective participants, hosts, organisers and organisations of their right to object “at the point of first communication” and this is clearly explained in our privacy notice.
11. Processing operations that constitute automated decision making.
There are no such processing operations in Chi Medics and therefore, do not currently require procedures in place to deal with this requirements. This right is, however, included in the privacy statement.
12. Data Protection Policy
This document forms the Chi Medics data protection policy and demonstrates compliance with GDPR. As this is a live document, it will be amended as and when any changes to our data processing occurs, and as a minimum annually.
13. Effective and structured information risks management
The risks associated with our data, and how that risk is managed is as follows:
● Theft of electronic devices – all such devices have at least password protection and some fingerprint as well, and these are not shared with anyone, except each other.
● Break in to home – all our paper files are stored in a locked filing cabinet.
14. Named Data Protection Officer (DPO) and Management Responsibility
Although not required to have a named DPO, as the sole trader Moss Arnold will be the designated Chi Medics DPO and will ensure that Chi Medics remain compliant with GDPR.
15. Security Policy
As detailed in our risk assessment, we have also chosen our electronic equipment based on their industry record as having the most robust inbuilt protection possible, including Firewall, Software and Shareware protection, which will be maintained at the highest possible level.
16. Data Breach Policy
A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
If there is a breach of this policy, such as theft we will notify the ICO of said breach where it is likely to result in a risk to the rights and freedoms of individuals.
Where a breach is likely to result in a high risk to the rights and freedoms of individuals,we will also notify those concerned directly and without undue delay.
In all cases we will maintain records of personal data breaches, whether or not they were notifiable to the ICO.
Date of Next Review: 30th May 2021
Moss Arnold & Sharon Windle
ALL PROSPECTIVE PARTICIPANTS, HOSTS. ORGANISERS AND ORGANISATIONS INFORMATION IS CONFIDENTIAL BETWEEN THE INDIVIDUAL/ORGANISATION AND CHI MEDICS AND NOT SHARED WITH ANYONE ELSE
All of Chi Medics (incorporating Chi-Reflexology, Clinical Reflexology and The Release Points/Poison Points) Professional Training, is undertaken with signed agreement on each day of your course (in-person or online), as determined under Trade Mark and copyright laws.
You agree to use the information in any form for individual use only. You are agreeing to call Chi Medics by its correct name and not use any part of the content or techniques, merge it with other treatments and re-name it. You are using Chi Medics knowledge and techniques. In addition, you agree not to share the content, publications, DVDs, videos, charts, booklets etc in any form, either physically or electronically.
You also agree not to teach any aspect of the course in any form or variation. Chi Medics (and anything connected to Chi Medics, such as Chi-Reflexology, The Release points/ Poison Points), owns all intellectual property rights to all these materials and training.
The Ki of Life