YOUR PERSONAL INFORMATION – GENERAL DATA PROTECTION REGULATION (GDPR)
GDPR stands for General Data Protection Regulation and details the rights of the individual who has supplied their personal information and establishes the obligations of those who are responsible for controlling and holding data.
This basically will inform you about the personal data I hold for you on file or collected via my website, why I hold the data and how I will use and store your data. It will also detail what your rights are regarding your personal data.
Purpose of processing client data
In order to provide professional Reflexology and Massage treatments, it is necessary for me to gather and retain potentially sensitive information relating to your health. I will only use this information for your reflexology or massage treatments and any associated suggestions or recommendations concerning aspects of health and well-being which may be applicable.
I will only ask for your basic contact details for bookings via my website. These details are used for the purposes of handling your bookings and allowing me, if necessary, to contact you.
Lawful basis for holding and using client information
As a full member of the Association of Reflexologists and the Federation of Holistic Therapists, I abide by their Codes of Practice and Ethics.
The lawful basis for me holding and using your information is
- my legitimate interest, the requirement for me to retain the information in order to provide you with the most appropriate treatment options and relevant advice.
- My requirement to hold your information for the following legal reasons:
“Claims occurring” insurance
The law regarding children’s records
As I hold a special category data (ie. health related information), the Additional Condition under which I hold and use this information is for me to fulfill my role as a health care practitioner bound under the AOR and FHT confidentially as defined in their Codes of Practice and Ethics.
What information I hold and what I do with it
In order for me to provided you with professional Reflexology and Massage treatments, I will be required to ask you and retain information regarding your health. I will only use this information for your reflexology or massage treatments and for any associated advice I may provide following your treatment.
The information I will hold will be:
- Your contact details (mobile and email address)
- Your medical history and other health related information (This information will be taken from you at the initial consultation)
- Treatment information and any relevant notes after each treatment.
I will NOT share your information with anyone outside of my practice (with the exception of the requirement of a legal process) without explaining why it is necessary, and obtaining your explicit consent.
How long I retain your data
I will retain your information for the following durations:
- ‘Claims occurring’ insurance ( records must be kept for 7 years after the last treatment)
- Law regarding children’s records (records must be kept until the child is 25 or if 17 when treated, then 26 years)
Your data will not be transferred outside the EU without your consent.
Protecting your personal data
I am committed to ensuring that your personal data is is secure in order to prevent any unauthorised access or disclosure. I have implemented physical and managerial procedures to safeguard and secure the information I have collected from you.
I will only contact you using the contact preferences provided by you for the following:
- Arranging/amending appointments
- Appropriate information or advice relating to your health your reflexology or massage treatments
- You can unsubscribe from my Facebook page at anytime if you do not wish to see any special offers or promotions.
GDPR provides you with the following rights regarding your data:
- The right to be informed: To be aware of how your information will be held and used (this notice)
- The right of access: To see your therapist’s records of your personal information, so you know exactly what data is held about you and can verify it.
- The right to rectification: Advise your therapist to make any changes to your personal information if it is incorrect of incomplete.
- The right to erasure (also known as “the right to be forgotten): For you to request your therapist to erase any information they hold regarding you.
- The right to restrict processing of personal data: You have the right to request limit is on how your therapist uses your personal information.
- The right to data portability: Under certain circumstances you can request a copy of personal information held electronically in order for it to be reused on other systems.
- The right to object: Have the ability to advise your therapist you don’t want them to use certain parts of your information, or only to use it for certain purposes.
- Rights in relation to automated decision making and profiling.
- The right to lodge a complaint with the Information Commissioner’s Office: To be able to lodge a complaint with the ICO if you feel your details are incorrect, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.
Full details of your rights can be found using this link below:
If you wish to exercise any of the rights my contact details are listed below.
Therapist’s name: Emma Midghall
Telephone number: 07624 463200
Email address: firstname.lastname@example.org
Address: 1a Derby Road, Douglas, IM2 3EU
Data controller: Emma Midghall
- If you do not agree to your therapist keeping records of information regarding you and your treatments, or if you do not allow them to use the information required for the treatments, your therapist may not be able to treat you.
- It is a requirement for your therapist to retain your records of treatment for a certain period, as detailed above. This may mean that even if you request them to erase any information about you, they may have to keep this information until after that period has passed.
- Your therapist can move their records between their computers and IT systems, provided your information is protected from being seen by others without your permission.