Privacy Policy

www.lornahawthorne.com

​

Privacy Policy for Lorna Hawthorne

Effective Date: 01.09.2025

​

1. Introduction

This Privacy Policy explains how I collect, use, store and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​

2. Who I Am

I am Lorna Hawthorne, a registered homeopath trading as lornahawthorne.com.
I am the data controller for the personal information I hold.

Contact details: 
Email: lornafbhawthorne@gmail.com
Telephone: 07863 209814

​

3. The Personal Data I Collect

I may collect and store the following information:

• Name, address, date of birth and contact details.

• Medical history and health information.

• Notes taken during consultations.

• Appointment records.

• Payment and invoicing information.

• Any correspondence you have with me (email, text, etc.).

• ​

4. Special Category Data

Health information is classed as special category data under UK GDPR. I only collect this information where necessary for providing homeopathic treatment and with your explicit consent.

​

5. How I Use Your Data

I use your personal data to:

• Provide homeopathic consultations and treatment.

• Maintain accurate clinical records.

• Communicate with you about appointments or treatment.

• Process payments and keep financial records.

• Comply with legal and professional obligations.

• ​

6. Lawful Basis for Processing

I process your data under the following lawful bases:

• Consent – you have given clear consent for me to process your personal data.

• Contract – processing is necessary to provide my services to you.

• Legal obligation – where required by law.

​

7. How Your Data Is Stored

Your data is stored securely:

• Paper records are kept in locked storage.

• Digital records are password-protected and encrypted where possible.

• Only I have access to your records unless legally required otherwise.

​

8. How Long I Keep Your Data

I retain client records for [e.g. 7 years after the last consultation], in line with professional guidance and legal requirements. After this time, records are securely destroyed.

​

9. Sharing Your Data

I do not share your personal data with third parties unless:

• You have given explicit consent.

• I am legally required to do so.

• It is necessary for professional supervision or insurance purposes (with confidentiality maintained).

​

10. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data I hold about you.

• Request correction of inaccurate data.

• Request deletion of your data (where legally possible).

• Withdraw consent at any time.

• Object to or restrict processing.

• Lodge a complaint with the Information Commissioner’s Office (ICO).

​

11. Data Breaches

In the unlikely event of a data breach that risks your rights or freedoms, I will notify you and the ICO where required.

​

12. Cookies and Website Data (if applicable)

If you have a website, it may use basic cookies for functionality. No unnecessary tracking cookies are used without consent.

​

13. Changes to This Policy

This Privacy Policy may be updated from time to time. The latest version will always be available on request or on my website.

​

14. Contact

If you have any questions about this Privacy Policy or how your data is handled, please contact me using the details in Section 2.

​

Thank you for trusting me with your personal information.