Call to book
YOUR PERSONAL INFORMATION - GENERAL DATA PROTECTION REGULATION (GDPR)
GDPR is bringing in new legal protection for personal information from 25 May 2018. This notice tells you what client information I hold and why, and what clients' rights are.
If you contact me via this website...
I take basic contact details and information to allow me to contact you and handle bookings.
If you become a client...
In order to give professional reflexology, shiatsu, Indian head massage treatments, I need to ask for and retain potentially sensitive information about your health. I will use this information only for informing the treatments and any subsequent advice. At the initial consultation I will give you a copy of this notice and ask you to sign that you have received it.
Lawful basis for holding and using client information
As a full member of the Association of Reflexologists (www.aor.org.uk), I abide by the AoR Code of Practice and Ethics. The lawful basis under which I hold and use your information is my legitimate interests i.e. my requirement to retain the information in order to provide you with the best possible treatment options and advice.
What information I hold and what I do with it
As required, I have registered with the Information Commissioner's Office.
Because I hold special category data (i.e. health-related information), the Additional Condition under which I hold and use this information is for me to fulfil my role as a healthcare practitioner bound under the AoR Confidentiality as defined in the AoR Code of Practice and Ethics.
The information I hold is:
Clients' contact details on my smart phone, iPad and desktop computer (all protected by secure password)
Medical history at first consultation in paper format only.
Treatment details and related notes after each consultation in paper format only.
How long will I retain this information for:
"Claims occurring” insurance: records to be kept for 7 years after last treatment
Children: records to be kept until the child is 25 or if 17 when treated, then 26
What I do with the information:
I use the contact details you give me in relation to contacting you about:
reflexology information or information related to your health
Special offers/promotions if you have subscribed (you may unsubscribe at any time)
I will NOT share your information with anyone else (other than as required for legal process) without explaining why it is necessary, and getting your explicit consent.
Your data will NOT be transferred outside the EU without your consent.
Protecting your personal data
I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information I collect from you.
GDPR gives you the following rights:
The right to be informed: to know how your information will be held and used (this notice).
The right of access: to see my records of your personal information, so you know what is held about you and can verify it.
The right to rectification: to tell me to make changes to your personal information if it is incorrect or incomplete.
The right to erasure (also called “the right to be forgotten”): for you to request me to erase any information I hold about you.
The right to restrict processing of personal data: you have the right to request limits on how I use your personal information.
The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
The right to object: to be able to tell me you don’t want me to use certain parts of your information, or only to use it for certain purposes.
Rights in relation to automated decision-making and profiling.
The right to lodge a complaint with the Information Commissioner’s Office: to be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.
Full details of your rights can be found at .uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you wish to exercise any of these rights, please use the contact details given above.
If you are dissatisfied with the response you can complain to the ICO at: www.ico.org.uk
Please note: if you do not agree to me keeping records of information about you and your treatments, or if you do not allow me to use the information in the way I need to for treatments, I may not be able to treat you.
As described above, I have to keep your records of treatment for a certain period, which may mean that even if you ask me to erase any details about you, I might have to keep these details until after that period has passed unless you forfeit your right to “Claims Occurring Insurance”.
I may move my records between my computers and IT systems, ensuring your details are protected from being seen by others without your permission.
Relax & Revive
Tel: 07813 742424
Notice created 28 April 2018
"Under Kate's skilful hands, the healing power of shiatsu is obvious to me by the sensation of vibrant energy surging through me and the feeling that my whole spinal column is being bathed in a flow of warm oil.
Gift vouchers are available for any occasion