Hello

I'm committed to respecting your privacy and personal information in line with GDPR legislation.

Data Protection & Privacy Notice

In line with the new GDPR legislation, this notice tells you what personal information I hold and why, and what your rights are. This notice does not provide exhaustive detail, however I am happy to provide any additional information or explanation needed. Any such requests should be sent to info@jennitherapy.com. This privacy notice was last reviewed September 2018.

Ways I collect your data:

If you have a one to one appointment for reflexology or yoga I collect information via client health/registration questionnaires. This may be completed online, by emailed document or in person on paper.
You may have signed up to my newsletter either online or via a paper form.
You may have attended a workshop or retreat or other event run by me.
You may have emailed me directly.

Processing your Data

Your data may be used in the following ways:

To enable me to provide you with a professional service (for example: making appointments, keeping treatment notes and follow-up information and support etc.).
To contact you about services I offer.
With your consent/request, information may be shared with other health professionals.

I will never share your personal information to third parties without your express written permission or request.

Retaining your data:

I have a legal obligation to retain your client records as a health care practitioner for the following reasons:

Insurance and accounts records for 7 years
children’s records until they are 25 (26 if treated at age 17)
CNHC requirements to retain information for 8 years

In addition, information collected about your current health and medical history is for me to fulfil my role as a health care practitioner bound under the Confidentiality clauses of the Code of Practice and Ethics of both the BWY and the AoR.

Data Security:

My database is registered with the ICO under the Data Protection Act and is stored on a passcode protected laptop. It is also backed up on a Microsoft cloud server which is GDPR compliant.
Emails are stored by a passcode protected account and are deleted on a regular basis unless required for legal purposes.
Any data accessible via my smartphone is also protected by a passcode and is GDPR complaint via Apple software.
My mailing list is held via Mailchimp in a passcode protected account and is GDPR compliant via Mailchimp procedures.
Paper client notes are filed securely in my home or carried by me personally.

Your Rights:

You are entitled to request access to the data I hold about you, to verify it is lawfully processed. I will respond to any request within 30 days.
You also have the right to request correction of any data that you feel is inaccurate or incomplete.
At any time you may unsubscribe/be removed from my newsletter and other marketing.
You may ask to be deleted from my database and have your notes destroyed once the legal timeframe outlined above has lapsed.