Privacy Policy for Zab Zhi

Last updated: 3rd May 2021

Name: Annette Smyth (Data Controller)

Address: 31 St James Meadow Road, Milverton, Leamington Spa, Warwickshire, CV32 6BZ

Phone Number: 07894 946826

E-mail: annette@zabzhi.co.uk

We currently collect and process the following information:

  • Personal identifiers, contacts and characteristics (for example, name and contact details)
  • Medical History and other health related information (which i will collect at your first appointment)
  • Treatment details and related notes (which I will take after each consultation)

In order to give professional reflexology treatments, I will need to gather and retain potentially sensitive information about your health.  I will only use this information for informing reflexology treatments and associated recommendations concerning aspects of health and wellbeing which I will offer to you.  

I take basic contact details and information via website, email, text messages or phone calls to allow me to contact you and handle bookings.

 

All of the personal information I process is provided to me directly by you during our initial and subsequent consultations.

I do not share this information with anyone else unless required for legal process without explaining why it is necessary and getting your explicit consent.

 

Lawful basis for holding and using client information

As a full member of the Association of Reflexologists, I abide by the AOR Code ofEthics.  The lawful basis under which I hold and use your information is my legitimate interests i.e. my requirement to retain the information in order to provide you with the best possible treatment options and advice, ‘claims occurring’ insurance and CNHC requirements to retain information.

As i hold special category data (i.e. health related information), the additional condition under which I hold and use this information is for me to fulfil my role as a health care practitioner bound under the AOR Confidentiality as defined in the AoR ode of Practice and Ethics.

 

 

I keep your information for the following periods.

– claims occurring insurance (records to be kept 7 years after last treatment0

– law regarding children’s records (records to be kept until the child is 25 or if 17 when treated, then 26)

Your data will not be transferred outside of the EU without your consent.

I am committed to ensuring that your personal data is secure.  In order to prevent unauthorised access or disclosure, I have put on place appropriate technical, physical and managerial procedures to safeguard and secure the information I collect from you.

I will contact you using the contact preferences you give me in relation to

  • Appointment times
  • Reflexology information or information related to your health
  • Special offers and promotions (you may unsubscribe from this at any time)

Under data protection law, you have rights including:

Your right to be informed – You have the the right to know how your information will be held and used (this notice)

Your right of access – You have the right to see your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – (also called the right to be forgotten). You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

Rights in relation to automated decision making and profiling.

Your right to complain – You have the right to lodge a complaint with the Information Commissioners Office.  To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.

Full details of your rights can be found at here

(https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/)

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact me on the above email if you wish to make a request. 

If you are dissatisfied with the response you can complain to the ICO. (https://www.ico.org.uk)

 

You have the right to lodge a complaint with the Information Commissioners Office.  To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.

Full details of your rights can be found at here

(https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/)

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact me on the above email if you wish to make a request. 

If you are dissatisfied with the response you can complain to the ICO. (https://www.ico.org.uk)

Please note:

  • if you don’t agree to your therapist keeping records of information about you and your treatments, or if you don’t allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you 
  • Your therapist has to keep your records of treatment for a certain period  as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed
  • Your therapist can move their records between their computers and IT systems, as long as your details are protected from being seen by others without your permission.