This privacy & cookie policy sets out how Magnolia Wellbeing uses and protects any information that Magnolia Wellbeing may get if you undertake a treatment with Magnolia Wellbeing.
This policy complies with the GDPR Data Protection laws that came into effect on 25th May 2018 and the current UK GDPR Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019.
The Purpose of Processing Client Data
In order to give a professional reflexology, massage and facial treatment, I will need to collect and retain potentially sensitive information about your health. I will only use this information to inform and carry out reflexology, massage and facial treatments and the associated recommendations concerning aspects of health and wellbeing which I will offer to you.
Lawful Basis for holding and using Client Information
As a full member of the Association of Reflexologists (AoR) and the Federation of Holistic Therapists (FHT), I abide by the AoR and the FHT Code of Practice and Ethics. The lawful basis under which I hold and use your information is:
1. My legitimate interests i.e. my requirement to retain the information in order to provide you with the best possible treatment opitons and advice.
2. My requirement to hold your information for the following legal reasons:
a. ‘claims occurring’ insurance
b. Law regarding children’s records
c. FHT insurance requirements to retain information for 10 years.
As I hold special category data (i.e. health related information), the Additional Condition under which I hold and use this information is for me to fulfil my role as a health care practitioner bound under the AoR Confidentiality as defined in the AoR Code of Practice and Ethics.
What information I hold and what I do with it
In order to give professional reflexology, massage and facial treatments, I will need to ask for and keep information about your health. I will only use this for informing reflexology, massage and facial treatments and any advice I give as a result of your treatment. The information to be held is:
• Your name, address, contact details, and, where appropriate, age
• Medical history and other health-related information (which I will take from you at first consultation)
• Treatment details and related notes (which I will take after each consultation)
I will NOT share your information with anyone else (other than within my own practice, or as required for legal process) without explaining why it is necessary, and getting your explicit consent.
Access to information
If you would like to know what information I collect and hold about you, please send a request in writing to Anne Self, Data Protection Officer, using these details:
Magnolia Wellbeing, 10 Paddock Close, Platt, Sevenoaks, Kent, TN15 8NN or by email at anne@magnoliawellbeing.co.uk.
Marketing
We would also like to send you information about the products and services we offer using the information you have shared with us, but you do not have to agree to this for treatment to go ahead. Option to opt in and opt out of marketing will have been given upon initial contact with Magnolia Wellbeing, however, you may withdraw this consent and change your choice to opt in or opt out at any time by emailing anne@magnoliawellbeing.co.uk or call 07900522022
How Long I Retain Your Information for
I will keep your information for the following periods:
1. ‘claims occurring’ insurance: (records to be kept for 7 years after last treatment)
2. law regarding children’s records (records to be kept until the child is 25 or if 17 when treated, then 26)
3. CNHC requirements to retain information for 8 years
Your data will not be transferred outside the EU without your consent.
Protecting Your Personal Data
I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect from you.
I will contact you using the contact preferences you give me in relation to:
1. Appointment times
2. Reflexology, massage or facial treatment information or information related to your health
3. Special offers, promotions and newsletters (you may unsubscribe from this at any time)
Your Rights
GDPR gives you the following rights:
• The right to be informed: To know how your information will be held and used (this notice).
• The right of access: To see your therapist’s records of your personal information, so you know what is held about you and can verify it.
• The right to rectification: To tell your therapist to make changes to your personal information if it is incorrect or incomplete.
• The right to erasure (also called “the right to be forgotten”): For you to request your therapist to erase any information they hold about you
• The right to restrict processing of personal data: You have the right to request limits on how your therapist uses your personal information
• The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
• The right to object: To be able to tell your therapist you don’t want them to use certain parts of your information, or only to use it for certain purposes.
• Rights in relation to automated decision-making and profiling.
• The right to lodge a complaint with the Information Commissioner’s Office:
To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.
Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
If you wish to exercise any of these rights, please use the contact details given above.
If you are dissatisfied with the response you can complain to the Information Commissioner’s Office; their contact details are at: www.ico.org.uk
Therapist’s Rights
Please note:
• If you don’t agree to your therapist keeping records of information about you and your treatments, or if you don’t allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you.
• Your therapist has to keep your records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed.
• Your therapist can move their records between their computers and IT systems, as long as your details are protected from being seen by others without your permission.
What are cookies?
Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices, and/or browsing sessions. Cookies serve many useful purposes. For example: Cookies can remember your sign-in credentials so you don’t have to enter those credentials each time you log on to a service. Cookies help third parties understand which services are the most popular because they help to see which pages and features visitors are accessing and how much time they are spending on the pages. Cookies help third parties provide you with relevant content and advertising by collecting information about your use of services and other websites and apps.
When you use a web browser to access the Services, you can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences. The operating system of your device may contain additional controls for cookies. Please note, however, that some services may be designed to work using cookies and that disabling cookies may affect your ability to use those services, or certain parts of them.
How we use cookies
We use the following types of cookies on our website: Statistical Cookies; managed directly by Magnolia Wellbeing (not third-parties). Technical Cookies; used to perform computer authentication, monitoring sessions and storing specific information about users accessing a web page. For example, this type of cookie allows us to recognise that you have visited our website before and shows which sections of our website are most popular by allowing us to see which pages visitors’ access most frequently and how much time visitors spend on each page. This is done through the Google Search Console* who do not collect or process “sensitive” data that is subject to GDPR as using the console does not cause any cookies to be created on users machines. Magnolia Wellbeing uses this data to determine the number of people using the site, to better understand how they find and use the web pages and to see your journey through the website. Although the Google Console* records data such as your geographical location, device type, internet browser and operating system, none of this information personally identifies you to Magnolia Wellbeing. *The use of the Google Search Console does not have to be stated in the data protection declaration, as the website operator does not have to inform according to Art. 13 and 14 GDPR.
Disabling cookies on your internet browser will stop the Google Search Console from tracking any part of your visit to pages within this website. Magnolia Wellbeing does not use third party or persistent cookies.
