GDPR: General Data Protection Regulation Policy
What information is being collected?
As part of visiting me as a Holistic Therapy Practitioner I will
need to have a record of your personal details, date of birth,
address, telephone numbers, email and relevant medical
information relating to your session.
Personal data about your presenting symptoms and treatment
provided will also be documented in detail. You have access to
this information at all times.
All data will be held in a locked filing cabinet.
No client files are left on surfaces for other client /persons.
All data taken whilst on a mobile treatment will be transported
in a locked bag, out of sight in a boot. No notes are left
unattended in a vehicle at anytime.
All notes will be kept secure for a period of 8 years for adults
and will then be destroyed if you are no longer attending
clinic. All children’s notes will be kept until adult age ( 21
), and then destroyed if no longer attending clinic.
Who is collecting it?
I as a practitioner am collecting data at the start of your
first session (during the initial consultation). Some
information maybe requested by email or text message to ensure
the smooth running of your treatment. On occasion data from
relevant medical notes/letters and scans may also form part of
the data collected and held by me.
How is it collected?
Collection of data will happen via pen and paper note taking,
secure email, text messages, and occasionally letters by mail.
No personal data will be collected via social media.
Why is it being collected?
Data is collected to record, guide and supervise your progress
so that I may be able to communicate effectively with you for
the best outcome. It is also used to compare progress week to
week and to highlight changes, red flags, yellow flags, action
to be taken and a detailed dialogue of treatment provided.
How will it be used?
Data will be used to communicate appointments, session
information, progress, relevant referrals, and relevant
consented media i.e. reviews/testimonials online.
Who will it be shared with?
Data is rarely used to communicate and be shared outside of the
clinical environment. If it is, I will always ask for your
permission if the information was to be shared with another
practitioner or medical service for referred treatment.
Client experiences can be shared with the public with full
consent from the client themselves. This will be taken in on a
consent form signed by the client prior to sharing.
What will be the effect of this on the individuals concerned?
There should be no data leakage with regards to clients.
No data is shared with 3rd parties without consented
No data is sold to third parties for business reasons.
No data is held on phones unless encrypted with a pin number /
No phones are left unattended.
No sensitive / identifiable data is sent by email together in
the same posting. Unique reference codes are used.
All computers / laptops and tablets are locked with passcodes
and not left unattended. Only individuals with permission to
read notes can access this data.
Is the intended use likely to cause individuals to object or
I take data protection and privacy seriously. The data mapping
in place should never cause a client to object or complain. Any
queries and requirements are taken seriously and honoured.
Reviewed Date July 2022
LLSA, IFPA, MBSR, LCSP (Phys), IScB (France),
ECBS, BTPA, Cert. Rossiter Coach. Reiki Master
Sharon Emery Holistic Therapies
37, King George Crescent, Padgate,
Warrington, Cheshire, WA1 3SH