This tells you what personal information we gather via our website and through our business practice. It explains why this data needs to be collected and how it is securely stored. It also states what your rights are in terms of how we use your data in line with new GDPR regulations.
Data Controller and Business Owner
Email address: firstname.lastname@example.org
Business Address: Kelly Zilz Complementary Therapies, 36 The Hordens, Barns Green, West Sussex, RH13 0PJ
The Purpose of Processing Client Data
In order to provide professional reflexology and complementary therapy treatments, I will need to obtain certain information from you
• Consultation forms- We would require your contact details, medical history and other health-related information.
• Client records- We will also write up session details following each session relating to the session and notes for future session.
We collect personal information about you when you:
• Book an appointment or contact us, either by text, phone, website, facebook messenger or email. Social media and email details will be deleted and stored securely, either in a locked box or in a dropbox file which has been encrypted and password protected.
• Fill out a consultation form
• Sign up to our newsletter- we would ask for your first name, last name and email address
• Visit our website please note that your your IP address is noted and used within Google Analytics for statistical data reporting.
We collect the information in order to:
• Confirm your appointment, send you reminders and a follow up email about your appointment
• Ensure that it is safe to proceed with the complementary therapy session based on your medical records
• Email you newsletters about the latest news and special offers- you can unsubscribe from this service at any point.
• Business records- ensuring that they are accurate and keeping them for both legal purposes and end of year tax return purposes
I will not share your information with anyone else without explaining why it is necessary and getting your explicit consent beforehand. Likewise, your data will not be transferred outside the EU without your consent
Lawful Basis for holding and using Client Information
As a full member of the Association of Reflexologists, we abide by the AoR Code of Practice and Ethics. The lawful basis under which we hold and use your information our legitimate interests, our requirement to retain the information in order to provide you with the best possible treatment options and advice.
Before commencing any complementary therapy session we have a legal obligation to obtain special category data to ensure that we can provide a safe and effective treatment for you and in order to do this medical information will be requested and such records retained for insurance purposes.
• WordPress- the web platform we use to build our website
• Neal’s Yard Remedies- as a Neals Yard independent consultant I display a third party link, which takes you to the Neal’s Yard Shop page and all orders are processed by Neal’s Yard themselves. Being an independent consultant, I do receive some information about the order and contact details but will never use this information for marketing purposes and please be assured that this information will be securely stored.
• Mailchimp-not used at present but will be in the near future
• Paypal- not used at present but will be used in future
• Google analytics- not used at present but will be in the future
How Long I Keep Your Information for
I will keep your information for 7 years in line with current guidelines
Protecting Your Personal Data
We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect from you.
I will contact you using the contact preferences you give me in relation to:
• Appointment times
• Reflexology information or information related to your health
• Special offers and promotions (you may unsubscribe from this at any time)
The new GDPR legislation gives you the following rights:
• The right to be informed:
To know how your information will be held and used.
• The right of access:
To see your therapist’s records of your personal information, so you know what is held about you and can verify it.
• The right to rectification:
To tell your therapist to make changes to your personal information if it is incorrect or incomplete.
• The right to erasure
For you to request your therapist to erase any information they hold about you
• The right to restrict processing of personal data:.
You have the right to request limits on how your therapist uses your personal information.
• The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
• The right to object:
To be able to tell your therapist you don’t want them to use certain parts of your information, or only to use it for certain purposes.
• Rights in relation to automated decision-making and profiling.
• The right to lodge a complaint with the Information Commissioner’s Office:
To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.
Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights
If you wish to complain, please contact us on the details given below in the first instance and we will endeavour to rectify the problem for you.
However, If you are still dissatisfied with the response received, you can take the complaint further to the Information Commissioner’s Office; their contact details are at: http://www.ico.org.uk
• if you don’t agree to your therapist keeping records of information about you and your treatments, or if you don’t allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you
• Your therapist is legally obliged to keep your records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed
• Your therapist can move their records between their computers and IT systems, as long as your details are protected from being seen by others without your permission.
Commitment to Protecting Information
We are committed to ensuring that your personal information is secure and protected. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical procedures to safeguard and secure the information we collect from you.
This policy was last updated on 25/05/18 in accordance with the new GDPR legislation.