GDPR Privacy Policy

 General Data Protection Regulation (GDPR) Policy

 

I am committed to protecting and respecting the privacy of all my clients.

This policy has been prepared in accordance with GDPR and may be changed from time to time as updates are required. It is effective from 25th May 2018 and has had minor updates in July 2019 and November 2021.

 

Why is my data being collected?

As a therapist, I collect and process your data to ensure I provide you with a good standard of service, care and treatment and to comply with my insurance requirements.

 

Who is collecting it?

I am a self-employed qualified Bowen Therapy Practitioner trading as Bowen by Danielle.

 

What information is being collected?

A record of your personal details, date of birth, address, telephone numbers, email, your next of kin (if provided), relevant medical information including medication, health problems, symptoms and concerns along with treatment information is kept on file.

Pictures taken for assessment or comparison purposes are also kept on record. These pictures will not be used in any marketing material and will not be shown to anyone else without your consent.

 

How is it collected?

Any information I hold on file has come directly from you, the person who booked the appointment or a parent/guardian of a client under the age of 16.

 

Where do I keep your information?

From September 2012 – October 2014 I operated with a paper-based system. All notes from this time are now held electronically and the original has been destroyed.

Since October 2014 I have used an online or ‘cloud based’ client record system called ‘WriteUpp’ to store all the data I hold on file for you. This information is not held locally on my computer or backed up to any physical device in my possession.

WriteUpp is classified as my data processor and have policies and procedures in place to keep your data safe, to allow me to process it in the most efficient way and to comply with GDPR.

 

How will I use your information?

Data will be used to communicate appointments, session information, progress, relevant referrals, a record of treatment and to contact you with marketing information such as an email newsletter. I use an online company called Mail Chimp that are compliant with GDPR.

You are welcome to opt out of email or text reminders regarding your appointment and the newsletter at any time. The information you provide along with details of your treatments are treated as confidential.

 

Who will it be shared with?

I do not share your personal data with third parties unless specifically asked to do so by you.

 

How long will I keep your data?

I will keep your details and supplementary information for as long as necessary. As a minimum this will be 7 years following the last occasion on which treatment was given. In the case of a minor, 7 years after they reach the age of 18 years old.

 

Security

All computers, laptops, tablets and phones are locked with passcodes. Online software is password protected with MFA.

In the unfortunate event of a data breach, I will notify you as soon as reasonably possible.

 

Persons under the age of 16 years old

The data I collect for persons under that age of 16 years old is within the same categories for adults. In addition, a parent or guardian is required to read and sign a consent form for bowen therapy treatment. A parent or guardian is required to be present at the time of treatment for any person under that age of 16 years old.

 

Your Rights

Under GDPR you have certain rights. These include the right to…

Consent for Treatment

You will be required to read and consent to this privacy policy before treatment can commence. If you choose not to give consent, treatment will not be carried out and the initial details provided will be deleted.