The EU General Data Protection Regulation (GDPR) imposes stringent standards of data protection when handling EU citizens’ personal data.
We at Body Mind Acupuncture are committed to protecting your personal data.
The use of your personal data is strictly limited to the following two purposes:
We will never share your personal details with third parties for marketing purposes.
The type of data we collect and how we use it
We do not collect any personal data on our website that would allow us to identify you. Where we use third parties to provide our services (e.g. for website hosting and sending emails) we ensure that they comply with the GDPR and use your data in accordance with our privacy standards.
Where we collect your personal data (e.g. on patient forms and during treatment sessions), we do so solely to provide our services to you and to comply with our legal obligations:
Retention and disclosure of your personal data
For insurance purposes, we are required to take written notes of each treatment session and to retain these for 7 years following the last occasion on which treatment was given. In the case of minors, notes must be kept for 7 years after they reach the age of 18.
Treatment records are confidential and will not be disclosed to a third party without your written consent.
Protecting your data is important to us and we have security measures in place to prevent your data from being accidentally lost, used or accessed in an unauthorised way.
We have procedures in place to deal with personal data breaches and will notify you of a breach where we are legally required to do so.
You have certain rights in relation to your personal data. These are set out at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
You can request a copy of the data we hold about you, including your patient file. We will reply within one month of the date of the request and if possible earlier. Requests must be submitted in writing to email@example.com.
We will not charge a fee for responding to your request unless it is repetitive or excessive in which case we may charge a reasonable fee or decline to respond.