Personal Data Protection Policy
Massagebylouise is committed to protecting and respecting your privacy. This policy contains important information about how we will use and treat your personal data in line with the GDPR which took effect on 25th May 2018.
This policy sets out to help you understand what kind of information we collect in relation to our services and how we collect, use, share, retain and safeguard personal data as well as your rights on what we do with that data.
Information you give us
You may give us information over the phone, via email, by SMS text or via our facebook business page https://www.facebook.com/louisesportsmassage/ when you first contact us. This includes collecting your name and a contact number/email and brief details of why you are contacting us.
This initial information gathered is needed is to ensure we can contact you regarding your appointment and select the best service and length of appointment necessary.
At your appointment we collect and process the following data about you via our consultation form:
- Demographic information
- Contact numbers
- Email address
- Next of kin name and contact number
- Health/medical background
If you object to giving this information we may not be able to safely provide you with our services.
The therapist’s assessment/treatment notes are added to your data which may include sensitive data about your medical background, height, weight, posture, injuries and any other findings during the treatment
Why we need this data
We keep your data to contact you regarding your appointments, provide the best service according to your individual needs and send marketing emails about products and services we offer. You can opt out of these at any time and you will not receive them unless you have opted in on the consultation from at the time of your first appointment
In line with our insurance providers, the records are kept for at least 7 years following the last occasion on which treatment was given. In the case of treatment to minors records are kept for 7 years after they reach the age of majority (18). After this retention period records are destroyed.
We do not share any of your personal data with 3rd parties unless consent has been given to pass on details to an osteopath, chiropractor or GP in case of further referral. We would not do this without your permission.
You have the right to:
- be informed about the personal data being used
- access to your personal data
- object to the processing of your data
- restrict the processing of your personal data
- rectification of your personal data
- the erasure of your personal data
- receive an electronic copy of your personal data (please write to us or email us) firstname.lastname@example.org.
If you request the deletion of your personal data, we may be required to retain some data for taxation and account purposes but personal identifiable data will be deleted.
By law we will not charge you for accessing your data/copies of your data, however, if your request is considered excessive/unfounded we are entitled to charge an administration fee.
How data is protected
We take appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data. Regular data audits will be undertaken and an annual review of this policy.
If you are not happy with any aspect of our record keeping or the confidentiality of your data you have the right to complain. In the first instance please contact ourselves with regards to your concern so we know what you are concerned about. This will also help ensure measures are taken to prevent further breaches.
Please contact email@example.com or telephone 07766 406097
If you do not wish to contact us then you can contact the ICO by visiting. www.ico.org.uk or by calling their helpline on 0303 123 113