General Data Protection Regulations (GDPR) is bringing in new legal protection for personal information from May 2018. This tells you what personal information I gather via my website and treatment consultations, why and what your rights are.
Business and Therapist’s Name: Natural Balance Clinical Reflexology Emily Doherty
Therapist’s Contact Details: +34613223809
email address: firstname.lastname@example.org
Data Controller Contact Details: as above
Natural Balance Clinical Reflexology is a holistic therapy business delivering clinical reflexology services including individual treatments. Your privacy is very important to me. Natural Balance Clinical Reflexology is bound by the General Data Protection Regulations (GDPR).
What information do I hold and why?
In order to give professional reflexology treatments, I will need to gather and retain potentially sensitive information about your health. I will only use this information for informing reflexology treatments and associated recommendations concerning aspects of health and wellbeing which I will offer to you. I take only basic contact details via my website to allow me to return your contact and handle bookings.
At your initial consultation appointment I collect personal data that includes:
Name, Date of birth, Address, Phone number, Email address (optional), GP information, lifestyle, health and wellbeing information and treatment details.
I collect this information based on your explicit consent. You can refuse to share the above information at any time, but please be advised that this may affect my ability to deliver your treatment. I retain the right to refuse treatment if I cannot collect the minimum information needed to safely work with you. Treatment details and related notes will also be taken after each appointment.
Lawful Basis for holding and using Client Information
The lawful basis under which I hold and use your information is
my legitimate interests i.e. my requirement to retain the information in order to provide you with the best possible treatment options and advice
my requirement to hold your information for the following legal reasons
‘claims occurring’ insurance
law regarding children’s records
As I hold special category data (i.e. health related information), the Additional Condition under which I hold and use this information is: for me to fulfil my role as a health care practitioner bound under the AoR Confidentiality as defined in the AoR Code of Practice and Ethics.
How is your information used?
Your information will be used for informing reflexology treatments, any advice I give as a result of your treatment and to communicate with you about your appointments. Where you have indicated your consent, (on consultation) I may also use your contact information to communicate with you about news and offers.
I store your contact information on a secure, locally held database that is password protected. I make handwritten notes of all of your treatments and your assessment information. Hard copies of treatment notes and assessment information are kept securely in a locked filing cabinet.
I never share your information with third party sellers.
How Long I Retain Your Information for?
I will keep your information for the following periods
‘claims occurring’ insurance: (records to be kept for 7 years after last treatment)
law regarding children’s records (records to be kept until the child is 25 or if 17 when treated, then 26)
Your data will not be transferred outside the EU without your consent.
Protecting Your Personal Data
I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information I collect from you.
I will contact you using the contact preferences you give me in relation to:
Reflexology information or information related to your health
Special offers and promotions
For complete information about your rights under the GDPR regulations, please see the ICO website. In particular, I would like to bring your attention to the following:
Access and rectification
You have the right to access your information or rectify errors in your information within one month of formally requesting this from me.
You have the ‘right to be forgotten’. At your request I will delete your data from my secure, locally held database, and securely destroy any hard copy information I hold, providing there is no legal reason that precludes this.
Where you have given your explicit consent, I will store your contact information on a secure, locally held database, so that I can communicate with you about any offers or news. I do not share this information with any third-party seller. If you contact me using my website contact form, I will receive an email containing your details. This information is used to reply to your query and not processed further without your explicit consent.
if you don’t agree to your therapist keeping records of information about you and your treatments, or if you don’t allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you
Your therapist has to keep your records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed
Your therapist can move their records between their computers and IT systems, as long as your details are protected from being seen by others without your permission.
Complaints or Queries
If you are unhappy about how I have processed your personal information you can contact the Information Commissioners Office here: https://ico.org.uk/concerns, or by telephoning 0303 123 1113.