The General Data Protection Regulation (GDPR), is EU wide legislation which came into effect on 25th May 2018 and is currently being enacted into UK law and will become the 2018 Data Protection Act.
This legislation affects every business that handles personal data for clients or staff. Personal data has been defined by the act as ‘any information relating to an identifiable person who can be directly or indirectly identified’; this will include such data as name and contact details, but may also information such as IP addresses.
The personal data rb massage collects about you will include data relating to your name, address, date of birth, wider contact details and data relating to ‘health’.
Your data will also be used to manage future communications between rb massage and yourself including information about services. You can opt out from receiving such communications services at any time by emailing email@example.com
rb massage is serious about protecting the data of clients. If you have any queries regarding rb massage’s handling of your personal data, please contact Rachel on 07713 623219 or firstname.lastname@example.org
What information does rb massage collect?
rb massage collects personal data that includes your name, date of birth, address, telephone number, email address and health information including your medical history, medication and treatment information.
What does rb massage do with your data?
rb massage client notes in relation to the initial consultation and subsequent consultations are paper files and kept in a lockable filing cabinet. The contents of these notes are not shared with anyone without your permission.
rb massage stores all client contact details on a password protected spreadsheet which is only accessible by rb massage.
rb massage stores your name and contact telephone number on rb massage’s mobile phone and ipad. This is to enable reminder text messages to be sent and also for Rachel to know who is texting and calling her. The mobile phone and ipad are password protected.
rb massage uses a calendar on rb massage’s mobile phone and ipad to book appointments using your name and telephone number. The mobile phone and ipad are password protected.
rb massage plans to move to a different system in which appointments will be booked on a web based system. To allow this to take place your name and telephone number will be stored on this programme.
rb massage uses your email to send you occasional newsletters about updates in terms of the business and information that rb massage thinks will be of interest to its clients.
Who rb massage share your data with?
rb massage does not share your data or information about you without your consent, unless required to do so by law. As rb massage likes to work in harmony with other health professionals if they are treating you, your permission may be asked to contact these professionals and discuss your overall treatment. This contact will only take place with your explicit consent.
rb massage does not give your data to third parties for the use of marketing purposes.
How long does rb massage keep your data?
rb massage keeps clients data in terms of records for at least 7 years following the last occasion on which treatment was given. In the case of treatment to minors, it is advisable that records should be kept or at least 7 years after they reach the age of majority (18).
All clients will be asked to sign a form to confirm they understand the above at their initial appointment.