Privacy Policy

Records, data protection and disclosure
All information regarding my clients is strictly confidential. Written and stored information complies with the Data Protection Act and the General Data Protection Regulation (GDPR) from May 2018. I do not discuss or share any details concerning my clients with any third party, except under certain specified circumstances.

Records
I keep concise records of all healing sessions. These records are kept for the purposes of keeping for your safety, accurate records relevant to sessions in compliance with my professional code of conduct. The contents of these records are not disclosed to anyone unless written permission is given by you, and records remain confidential.

Data protection
I comply with all relevant data protection legislation which is currently the Data Protection Act 1998 and the General Data Protection Regulation [GDPR] from May 2018, where personal data is being held. Personal data is information that can identify an individual and sensitive data is information about racial origin and other sensitive issues including physical and mental health.

Storage
Records are kept in good condition and stored in a secure place.

Protection
Paper records are kept locked; computer records are password protected and/or encrypted and regularly backed up.

Data protection includes the use of tablet, laptop, PC, and smartphone.

Privacy
Records are only accessed by healers authorised to do so.

Length of time
Records are kept for a minimum of 7 years after the last healing session and then securely destroyed. Records of a deceased person are kept for 10 years.

Children
Records relating to a child are kept indefinitely.

Consent
I will confirm with you why your personal data is required at our appointment, how it will be used, that it will be kept secure and that it will not be passed on to any other organisation. You will be asked to consent to your data being held for these purposes, and your agreement will be noted.

I or my designated Team Leader will be designated as the data processor and will be responsible for the safe keeping, security and privacy of client records held by me at my premises.