Privacy Policy

Contact Details:

Email:                    drjennycropper@outlook.com

Website :             drjennycropper.com

Dr Jenny Cropper wishes to be as clear as possible about how and why information about you may be used so that you can be confident that your privacy is protected. This policy describes the information that is collected when you use this service.

This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 and the subsequent UK Data Protection Act dated May 2018. This policy describes how your information is managed when you use this service, including any contact with Dr Cropper.

As per these laws, Dr Jenny Cropper is the data controller; if another party has access to your data, you will be informed if they are acting as a data controller or a data processor, who they are, what they are doing with your data and why Dr Cropper needs to provide them with the information. If your questions are not fully answered by this policy, please contact Dr Cropper.  If you are not satisfied with the answers given, then you can contact the Information Commissioner Office (ICO) https://ico.org.uk 

1. Why do you need to collect my personal data?

Information needs to be collected about you so that Dr Cropper can:

  1. Know who you are and communicate with you in a personal way. The legal basis for this is a legitimate interest.
  2. Provide services to you. The legal basis for this is the contract with you.
  3. Process your payment for services. The legal basis for this is the contract with you.
  4. Provide you with a useful and relevant website. The legal basis for this is legitimate interest.

2. What personal information do you collect and when do you collect it?

For Dr Cropper to provide you with services, we need to collect the following information:

  1. Your name, date of birth & GP contact details.
  2. Your contact details including a postal address, telephone number(s) and electronic contact such as email address.
  3. Health information about you so as to provide services to you.
  4. Website user information (including user journeys and cookie tracking).

This information is collected directly from you.

Information about you may also be collected from third parties; for example, if a referral is received from another health professional (such as your Doctor or Occupational Therapist)

3. How do you use the information that you collect?

Data that is collected from you is used in the following ways:

  1. To communicate with you. So that you can be informed about your appointments with Dr Cropper, your name and your contact details such as your telephone number, email address or postal address will be used.
  2. To create your invoice, your name and email address will be used.
  3. To process your payment.
  4. To provide services to you.

4. Where do you keep the information?

Your information is kept in the stores described below.

4.1. On a computer

Dr Cropper uses a personal computer that is password protected. The password is not shared. Dr Cropper also uses a specific smartphone for the purposes of contacting clients that is password protected. Both devices are kept securely and carefully.

Microsoft Word and Excel are used to store your therapy notes, records and contact information. These programs store the information on the computer hard drive and backed up to a secure server (One Drive) which is cloud based storage held in the United States (US) and the European Union (EU). A further backup is held by Dropbox, whose servers are in the US and EU. These records include your contact details and the date your records are due to be deleted. Dr Cropper uses accounting software called ‘Freeagent’ in order to produce and send invoices. The data held by this program is stored in the EU. Dr Cropper uses an electronic notepad made by ‘Remarkable’. The information is temporarily stored on servers in the EU before being deleted when the note is deleted from the pad.

4.2. Paper Records

No paper based records are kept

5. How long do you keep the information?

Contact information is kept for a period of 6 months if you do not become a client of Dr Cropper, this is then permanently and securely deleted. Your records are kept for 7 years as this is the minimum/maximum length for records to be retained and then they are permanently and securely deleted.  Electronic invoices are kept for seven years as this is the required length to comply with the HMRC requirements.

6. Who do you send the information to?

Information can be sent to you and anyone Dr Cropper is required by law to inform. This includes organisations Dr Cropper needs to share information with for safeguarding reasons and emergency services where necessary.

7. How can I see all the information you have about me?

Under data protection law, you have rights to a Subject Access Request, which includes:

Your right of access – You have the right to ask Dr Cropper for copies of your personal data.

Your right to rectification – You have the right to ask Dr Cropper to rectify personal data you think is inaccurate. You also have the right to ask Dr Cropper to complete information you think is incomplete.

Your right to erasure – You have the right to ask Dr Cropper to erase your personal data in certain circumstances.

Your right to restriction of processing – You have the right to ask Dr Cropper to restrict the processing of your personal data in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.

Your right to data portability – You have the right to ask that Dr Cropper transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

Your right to withdraw consent – When Dr Cropper uses consent as the lawful basis you have the right to withdraw your consent.

You don’t usually need to pay a fee to exercise your rights. If you make a request, Dr Cropper has one calendar month to respond to you.

You can make a subject access request (SAR) by contacting Dr Cropper. Additional verification may be required to ensure you are who you say you are to process this request. Such personal information may be withheld to the extent permitted by law. In practice, this means that Dr Cropper may not provide information if it is considered that providing the information will violate your vital interests.

8. What if my information is incorrect or I wish to be removed from your system?

Please contact Dr Cropper. Additional verification may be required to determine that you are who you say you are to process this request. If you wish to have your information corrected, you must provide Dr Cropper with the correct data and after the data in our systems has been corrected you will be sent a copy of the updated information in the same format at the subject access request in section 7.

9. How can I have my information removed?

If you want to have your data removed, Dr Cropper has to determine if the data needs to be kept, for example if HMRC wish to inspect the records. If it is decided that the data can be deleted, this will be done without undue delay.

10. Will you send emails and text messages to me?

As part of providing a service to you, Dr Cropper will send information to you via email. Sensitive information will be encrypted and password protected.

Also, in order to send details of your appointments to you, Dr Cropper may also use SMS (text messages) or WhatsApp messaging (which is end -to-end encrypted). Consent for methods of communication is given by yourself on our terms and conditions sheet.

How to complain

If you have any concerns about the use of your personal data, you can make a complaint to Dr Cropper using the contact details at the top of this privacy notice. If you remain unhappy with how your data has been used after raising a complaint, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated:  7/3/25

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.