The General Data Protection Regulation (GDPR, implemented by DPA 2018 in the UK) brought in new legal protection for personal information from May 2018. Please read the details below which tells you what personal information I need to hold and why, and what your rights are. Once you have read it please complete and sign the declaration/statement of consent at the bottom.
Name of Reflexologist / Data controller: Ildiko Horvath MAR
Therapist’s Contact Details:
The purpose of processing client data:
In order to give professional reflexology treatments, I will need to gather and retain potentially sensitive information about your health. I will only use this information for informing reflexology treatments and associated recommendations concerning aspects of health and wellbeing which I will offer to you.
Lawful basis for holding and using client information:
As a full member of the Association of Reflexologists, I abide by the AoR Code of Practice and Ethics and will hold you information for the following reasons:
As I hold special category data (i.e. health related information), the Additional Condition under which I hold and use this information is: for me to fulfil my role as a health care practitioner bound under the AoR Confidentiality as defined in the AoR Code of Practice and Ethics.
What information I hold and what I do with it:
In order to give professional reflexology treatments, I will need to ask for and keep information about your health. I will only use this for informing reflexology treatments and any advice I give as a result of your treatment. The information to be held is:
I will NOT share your information with anyone else (other than within my own practice, or as required for legal process) without explaining why it is necessary, and getting your explicit consent.
How long your information will be retained for:
I will keep your information for the following periods:
I will not transfer your data outside the EU without your consent, though I would like to make you aware of the third party services I use as part of my business.
Website/Email: My website and email are provided by Webhealer which is based in the UK. However Webhealer is also committed to complying with GDPR privacy laws and you can read their privacy policy here.
Client consultation form: My client consultation form is based on the platform by Jotform, which is based outside of the UK. However, Jotform is also committed to complying with applicable privacy laws, including the GDPR. You can read Jotform’s privacy policy here.
Protecting your personal data:
I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect from you.
I will contact you using the contact preferences you give me in relation to:
Your rights:
GDPR gives you the following rights:
Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
If you wish to exercise any of these rights, please use the contact details given above. If you are dissatisfied with the response you can complain to the Information Commissioner's Office; their contact details are at: www.ico.org.uk.
Therapist's rights:
Please note: