My Privacy statement
Gillian Board Privacy Statement for Foot Health Practice and Reflexology Businesses (01/06/2018)
“The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU)” (https://www.investopedia.com). It took effect from 25th May 2018.
I will review this policy annually to ensure that I am following any changes to data protection regulations.
Your Right to be Informed
About why personal information is needed and how it is used. Informed consent is obtained from each Patient/Client prior to initial treatment. If I treat a child, I would obtain this from the Child (where age-appropriate) and Parent/Guardian. A Client/Patient has the right to request the personal data held.
Your right to data portability
You will be able to receive your personal data in a commonly used format and have the right to transmit this data to another.
All personal information collected by myself will be available to my Clients/Patients.
Use of your personal data
Personal and health information is obtained from the Patient/Client at the first and subsequent treatments using a hard copy health consultation questionnaire and subsequent treatment sheet. The purposes for doing this is to produce personal treatment plans for that person, which may require changes along the way. Any changes to their information would be updated and the Patient/Client asked to countersign those changes. You have the right to have any incomplete personal data completed, but please note that if any individual is factually wrong then changing records of personal data will be falsification.
Photographs may be taken of the feet (hands if undertaking hand reflexology) to record visual observations for the purposes of customising a treatment. These are taken on an electronic device (Tablet or smartphone), and later deleted once I have replicated the observations onto your treatment paperwork.
Telephone numbers may be stored on a smartphone and Emails may be sent to and received from Patients/Clients; if consent to do that has been obtained from the Patient/Client beforehand.
Your Right to restrict processing where
The accuracy of the personal data is contested by you, its use will be restricted until the accuracy of the data has been verified.
I no longer need the personal data for the purposes of a treatment, but it is required by the Client/Patient for legal claims.
Personal Data and Third Parties
Personal, Contact details and health information is not passed onto any third parties, unless with written Patient/Client consent. Any subsequent information from the third party would then be passed onto the Patient/Client.
Storage of your personal data
All Patient/Client personal data is kept in a locked filing cabinet. Only I have access to personal data for my Clients/Patients. I am obliged to keep your personal data for 7 years, because of “claims occurring” insurance. In the case of Children, records must be kept until the Child is 25 years of age, or if 17 years when treated then kept until they are 26.
Updated March 2020