balance your body, calm your mind

Reflexology Practice in Milton Keynes

Privacy policy

Your Personal Information – General Data Protection Regulation (GDPR)

This tells you what personal information I hold and why, and what your rights are.

The Purpose of Processing Client Data 

I hold and use client data in order to provide you with the best possible treatment options, support and advice.

Lawful Basis for Holding and Using Client Information

The lawful basis under which I hold and use for information is my legitimate interests i.e. my requirement to retain the information in order to provide you with the most appropriate treatment options and advice.

As I hold special category data (i.e. health related information), the “Additional condition” under which I hold and use this information, is for me to fulfil my role as health care practitioner bound under the AoR Confidentiality as defined in the AoR Code of Practice and Ethics.

The Information I hold and What I Do with It 

In order to give professional reflexology treatments, I will need to gather and keep potentially sensitive information about your health. The information to be held is:

  • Your contact details
  • Medical history and other health-related information
  • Treatment details and related notes
  • Reflective notes – my thoughts on how the treatments are progressing

I may contact you by email, phone or text in relation to:

  • Appointment times
  • Reflexology information or information related to your health

I will NOT share your information with anyone else (other than within my own practice, or as required for legal process). I will keep your information for the following periods in line with the lawful basis listed: claims occurring insurance records to be kept for 7 years after the last treatment and children’s records to be kept until the child is 25 or if 17 when treated, then 26.

Protecting your Personal Data 

I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information I collect from you. I will contact you using the contact preferences you have given me.

Your Rights 

GDPR gives you the following rights:

  • The right to be informed: to know how your information will be held and used
  • The right to access: to see your therapist’s records of your professional information, so you know what is held about you and can verify it
  • The right to rectification: to tell your therapist to make changes to your personal information if it is incorrect or incomplete
  • The right to erasure: for you to request your therapist to erase any information they hold about you
  • The right to restrict processing of personal data: you have the right to request limits on how your therapist uses your personal information
  • The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems
  • The right to object: to be able to tell your therapist you don’t want them to use certain parts of your information, or only to use it for certain purposes
  • Rights in relation to automated decision making and profiling
  • The right to lodge a complaint with the information commissioner’s office: if you feel your details are nor correct, if they are not being used in a way that you have given permission for, or when they are being stored when they don’t have to be.

Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you wish to exercise any of these rights, please use the contact details given above. If you are dissatisfied with the response you can complain to the Information Commissioner’s Office; their contact details are at www.ico.org.uk

Practitioner’s Rights 

Your therapist has to keep the records of your treatment for a certain period, as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed.

Your therapist can move records between their computers and IT systems, as long as your details are protected from being seen by others without your permission.

Once you have read this, I will ask you to complete and sign a declaration on the bottom.

Note: for children under 16 a parental or guardian signature is required