Privacy Policy

1. Introduction

We are committed to protecting your privacy and ensuring your personal data is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This privacy policy explains how we collect, use, store, and protect your personal information when you use our holistic therapy services.

Data Controller: Rebekah Bilbrough
Contact: rdbilbrough@gmail.com

2. Information We Collect

Personal Information

Contact Details: Name, address, phone number, email address
Health Information: Medical history, current health conditions, medications, allergies, previous treatments
Appointment Data: Treatment dates, times, therapy types, practitioner notes
Emergency Contact: Name and contact details of emergency contact person
Payment Information: Billing address, payment method (we do not store credit card details)

How We Collect Information

Direct Collection: Information you provide during consultations, appointments, and registration
Observation: Notes made during therapy sessions about your condition and treatment response
Communication: Information from emails, phone calls, or messages

3. Legal Basis for Processing

We process your personal data under the following legal bases:

Consent: You have given clear consent for us to process your personal data for therapy purposes
Legitimate Interests: To provide effective holistic therapy treatments and maintain our business operations
Vital Interests: In medical emergencies where your health may be at risk
Legal Obligation: To comply with professional standards and regulations

4. How We Use Your Information

Your personal data is used to:

Provide holistic therapy treatments tailored to your needs
Maintain accurate health records and treatment history
Schedule and manage appointments
Communicate with you about treatments and appointments
Process payments for services
Comply with professional therapy standards and regulations
Contact emergency services or your emergency contact if necessary
Send appointment reminders and follow-up care information

5. Sharing Your Information

We maintain strict confidentiality and will only share your information in the following circumstances:

Healthcare Professionals: With your explicit consent, we may share relevant information with your GP or other healthcare providers
Emergency Situations: If there is immediate risk to your health or safety
Legal Requirements: When required by law or court order
Professional Bodies: If required for professional regulation compliance

We will never sell your personal data to third parties.

6. Data Storage and Security Security Measures

All physical records are stored in locked filing cabinets
Digital records are password-protected and encrypted
Access is restricted to authorised personnel only
Regular security reviews and updates are conducted

Data Retention

Active Clients: Records retained for the duration of treatment plus 7 years
Inactive Clients: Records retained for 7 years from last treatment
Children's Records: Retained until age 25 or 8 years after treatment, whichever is longer
Payment Records: Retained for 6 years for tax purposes

7. Your Rights

Under UK GDPR, you have the right to:

Access

Request copies of your personal data we hold

Rectification

Request correction of inaccurate or incomplete information

Erasure

Request deletion of your personal data (subject to professional retention requirements)

Restrict Processing

Request limitation of how we use your data

Data Portability

Request transfer of your data to another healthcare provider

Object

Object to processing based on legitimate interests

Withdraw Consent

Withdraw consent at any time (though this may affect our ability to provide treatment)

To exercise these rights, contact us using the details provided above.

8. Cookies and Website Data

If we maintain a website, we may use cookies to:

Remember your preferences
Improve website functionality
Analyse website usage

You can control cookie settings through your browser preferences.

9. Third-Party Services

We may use third-party services for:

Appointment Scheduling: Online booking systems
Payment Processing: Secure payment gateways
Communication: Email services or messaging platforms

These providers are carefully selected and required to maintain appropriate data protection standards.

10. International Transfers

We do not routinely transfer personal data outside the UK. If international transfer becomes necessary, we will ensure appropriate safeguards are in place.

11. Data Breaches

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

Report to the Information Commissioner's Office (ICO) within 72 hours
Notify affected individuals without undue delay
Take immediate steps to contain and remedy the breach

12. Children's Data

If treating clients under 16, we obtain consent from parents or guardians. We take extra care to protect children's personal data and explain data processing in age-appropriate language.

13. Complaints

If you have concerns about how we handle your personal data, you can:

Contact us directly using the details above
Contact the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

14. Changes to This Policy

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes and obtain fresh consent where necessary.

15. Professional Standards

We adhere to the privacy and confidentiality standards set by relevant professional bodies including:

ANP, FHT GNP

16. Contact Information

For any questions about this privacy policy or our data practices, please contact:

Naturally You Holistic Therapies
Email: rdbilbrough@gmail.com
Phone: 07703 508745
Address: Unit 2, Boswell’s Coach House