D-Restricted Ltd:®

Privacy & Cookies Notice

 

D-Restricted Ltd take your privacy very seriously.  D-Restricted Ltd will only ever use your information for admin purposes for your infant’s case, and continuity of care.  This is in order to provide accurate treatment and care to the parent-baby dyad; that you have sought from D-Restricted Ltd.

Your information is NOT stored online, and is NOT passed on to third parties, and D-Restricted Ltd do NOT subscribe you to mailing lists.

At your appointment, you will be asked to sign to say that you agree to this 'Privacy Notice' as set out below:

​

This privacy notice only covers D-Restricted Ltd (www.tongue-tie.info  and www.d-restricted.co.uk).  It does not cover all sites that can be linked/accessed to via these sites, so you should always be aware when you are moving to another site to read the privacy statement on that site too.  This includes if D-Restricted Ltd were to recommend a site to read for your information only, which may be sent to you via email or text, but also if you choose to 'like' or join any related social media pages, such as the D-Restricted Ltd FaceBook support group https://www.facebook.com/groups/219881955258950/.

Should you choose to leave feedback on either website, only your first name/username is displayed alongside your comment and star rating.

 

The Data Protection Act (1998)

The GDPR (General Data Protection Regulations 2018) enhances and replaces the current Data Protection Regulations as of 1998.  Anyone who holds personal data of any EU citizen through personal identifiable records and mailing lists are obliged to comply.

Under the Data Protection Act (1998) I have a legal duty to protect any information D-Restricted Ltd holds about you.  D-Restricted Ltd use leading technologies and encryption software to safeguard your personal information and keep strict security standards to prevent any unauthorised access to it.

D-Restricted Ltd DOES NOT pass your details on to any third parties.  There are 2 exceptions to this:

• Your GP needs to be informed of any treatment/procedure undertaken. Minimal identifiable data is included on this letter and D-Restricted Ltd currently uses Royal Mail post to send this to them. If during your consultation D-Restricted Ltd suspect additional minor health factors these may also be included this on the GP letter too.

• Should D-Restricted Ltd have concerns relating to the welfare of an infant or adult D-Restricted Ltd believes to be "at risk" to self or others, safeguarding concerns or health complications out of my sphere of practice, D-Restricted Ltd may contact other professionals for additional intervention, thus breaching confidentiality.  This may include the GP, Health Visitor, Social Worker or Police.

 

How will D-Restricted Ltd use the information held against me?

To provide continuation of care by D-Restricted Ltd only, through assessment, treatment and support, as appropriate throughout your feeding journey for you and your infant.

​

In order to care for/be accountable to the parent-infant dyad, it is necessary for D-Restricted Ltd to hold your personal information, but it is also a legal requirement to do so as recognised by the NMC (Nursing and Midwifery Council) who stipulate that records are to be kept for 25 years post last contact made.  After the 25 years has passed, the records are securely destroyed (cross-shredded, erased, or burnt etc).

​

D-Restricted Ltd may use your infant's information, anonolysed, without notice; for auditing or research purposes.

​

Online submission of personal information

This website is powered by Wix (www.wix.com). The online submission of your details when booking or contacting me are sent via Wix (the Data Processor) to myself (the Data Controller)-for both booking and appointment, or completing feedback.  Please note that www.wix.com is certified under the EU-US Privacy Shield Framework and the Swiss-US privacy shield framework as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union to the United States, and therefore adheres to the Privacy Shield Principles.  Their platform also claims to be compliant to the new GDPR regulations from May 2018.

 

PCI Compliance

All merchants, regardless of the size of their company who process card payments have to comply with PCI DSS.

Your online deposit is processed through 'Stripe' (card payment processor) who are compliant in this instance as your card payment details are not visible to D-Restricted Ltd. Further information from them is found here:     https://stripe.com/docs/security  

​

Should you have concerns re fraud or card data use since using your card details, you are encouraged to contact your card provider immediately. 

​

Cookies

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

​

What information do you hold about me/my child?

The records that have been made at your assessment appointment, treatment/procedural appointment, and any written follow ups/notes made.  These have been made in conjunction with the parent(s).

There is also a CCTV camera to the front and rear of the property: which captures images of you entering the building and the immediate vicinity. Images are stored for 30 days before deletion.  This is registered with and complies with the regulations as set by ICO #C8004862.

​

Photographs

D-Restricted Ltd take 'before' and 'after' photographs as a visual aid for documentation, and is of your infant's mouth area only.  Photographs are taken with your knowledge, and may be utilised for training, online publication (website and facebook group) or related demonstration purposes only and will only be done so with your signed consent/agreement. 

Please note that if you are to send photographs/videos to my phone/other devices (text, Whatsapp!, messenger, email etc) to observe feeding behaviours during the aftercare period these photos are automatically saved to my phone. D-Restricted Ltd are the only person(s) who use this phone and it is both fingerprint and password protected should it be mislaid, these photos are saved to your infant's records. D-Restricted Ltd periodically delete photos that have been saved to my devices for privacy purposes. These photos are not used elsewhere.

​

Accessing copies

If you would like a copy of your records please just ask me! D-Restricted Ltd can print this off for you at your appointment, or we can arrange a time for you to collect them from me.  Emailing or posting documentation/records is not a secure way to transfer and protect your personal sensitive information.  

Your records will be available to you, free of charge, within 10 working days of the request being received. Upon receipt of receiving the record D-Restricted Ltd will require identification (child’s red health care book/eRedBook, NHS number, Proof of address, date of birth) and a signature to say you have received it.

As D-Restricted Ltd have to hold your records for 25 years post contact, if you wanted a copy of that record you can still do so.  If in the event D-Restricted Ltd has ceased trading, measures are in place to allow you to still access your records. You would need to contact the ICO to trace the appointed data controller: stating business name: D-Restricted Ltd and Membership number: ZA100466. That will give you the details of who to contact.

​

What if D-Restricted Ltd is unable to fulfill the appointment(s)?

In the event that D-Restricted Ltd is ill, you will be informed of this as soon as D-Restricted Ltd is able. A full refund will be made so you may be able to arrange another appointment with another practitioner as soon as possible (www.tongue-tie.org.uk/find-a-practitioner).

In the event of sudden serious illness where D-Restricted Ltd would be unable to contact you, or in the event of death, all appointments would be cancelled by a third party (also healthcare professional who is DBS checked) and arrange a refund as able. Of course the nominated person will need to gain access to your name, telephone number and payment details in order to do so and access to this is protected so may take a while for them to access this information legally.   The Association of Tongue-Tie Practitioners (ATP) would be made aware to remove D-Restricted Ltd name from their approved listings/directory, and notices would be put on both of the websites and social media pages. Patient records will see be available should you wish to view them for 25 years post division. If D-Restricted Ltd is deceased, Please contact ICO (details below) for details of the successor who will be able to arrange this for you ensuring you can provide the required formal identification.

​

Your right to withdraw

Until you have achieved your infant feeding goals, D-Restricted Ltd like to contact you periodically to assist/guide/support you through this.  This maybe through signposting you to information and alternative websites via text or email, or a service review.  Once you are happy and discharged from my care, D-Restricted Ltd is obligated by law to hold your records for a further 25 years. 

You may 'opt-out' of any follow-up texts/support at any point.

Should you wish to withdraw from future correspondence regarding the feeding related care of your child you may do so at any point. Either inform me at your appointment that you wish no further contact, or in response to the correspondence I give you.

​

How are my records stored?

Active records (from point of initial contact up until formal date of agreed discharge) are held on an electronic device (iOS), and also a NAS 'home cloud' device.   This is password protected with additional fingerprint recognition to access emails.

Once discharged, your record is transferred to an external storage device, which is also encrypted/password protected, and the NAS 'home cloud' document is updated, and the file is securely deleted from the iOS device. This is so that there is always a minimum of 2 copies in D-Restricted Ltd possession.  This allows for a second back-up copy at all times.

Both active and dormant records are held in a locked safe, which is stored in a locked fire proof cabinet, in a locked clinic room.  The clinic room has both a motion sensor burglar alarm and the external building also houses CCTV camera.  D-Restricted Ltd also have business level anti-virus/spyware Protection too.

​

I wish to make a Data Protection related complaint

The ICO (information Commissioner’s Office) is the regulator of the GDPR (General Data Protection Regulations) and complaints should be forwarded to them if it is related to a breech in data collection or record keeping. D-Restricted Ltd is registered with ICO, Membership number ZA100466.  www.ico.org,uk , telephone: 0303 123 1113

Head Office,

Information Commissioner’s Office,

Wycliffe House,

Water Lane,

Wilmslow

Cheshire,

SK9 5AF

​

 

If you have any questions about these terms and conditions, or the practises of D-Restricted Ltd please contact me in writing at:

 

D-Restricted Ltd, 31 Avondale Road, Barlestone, Nuneaton, Warwickshire CV13 0HX,

or email diana@tongue-tie.info

 

​