BACKGROUND:

Sam Massage Therapy understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website, www.SamMassageTherapy.co.uk or is treated by me. I do not collect personal data about you unless you contact me directly. Any personal data I collect will only be used as permitted by law.

  1. Information About Sam Massage Therapy

    Our Site is owned and operated by Sam Massage Therapy

    Clinic Address: 100 Elder Crescent, Glasgow, G72 7GL
    Email address: SamMassageTherapy@hotmail.com
    Telephone number: 07818 477858
    Data Protection Officer: Samantha Williams

    I am a member of the following associations:

    • Scottish Massage Therapist Organisation

  2. What is Personal Data?

    Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

    Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

    From 25th May 2018, the new Data Protection Act 2018 came into place, and I need to inform you what data I hold about you, why I need it, what I will be doing with your data, who I might share it with and when I will destroy it.

What information do I hold, why do I have it and who might I share it with?

Currently I hold a completed consultation form and treatment records with your details. These include your name, address, date of birth and various means of contacting you.

Personal data

Address, phone / mobile nos, email address – these are all required so I can contact you.

Marketing material is available on a newsletter, which you can opt into on the initial consultation form, or you may choose to subscribe directly. I will never send out unsolicited marketing material.

Health Related Data

Consultation Form – all clients/patients must complete a consultation form, so I have a full understanding of your medical and health history. This I need for insurance reasons, but it is to check that it is safe to treat you. It also helps me understand what medical issues you have and how best I can treat you. Treatment will not go ahead unless I collect and store these details.

Treatment Records – these are my notes detailing what I have found in my assessments, what treatment I have given you and how you felt immediately after that treatment. Treatment will not go ahead unless I collect and store these details.

  • It is a condition of my Insurance Policy to take and retain client records for at least 7 years following the last occasion on which treatment was given. In the case of treatment to minors, records shall be kept for 7 years after they reach the age of majority (18).
  • I may need to share your data with authorised legal, regulatory and insurance authorities, if required to defend myself. This will be the professional membership body I am registered with and the insurance company I hold my professional indemnity insurance with.
  • After 7 years following the last occasion on which treatment was given, I will destroy all of your records by shredding any physical paperwork / permanently deleting records from the Cliniko software .

How and where do I hold your data?

  • Since July 2020 patient information is stored on Cliniko (patient software package). Cliniko treat security of information as a priority. Data is backed up automatically and kept in ultra-secure facilities.

    For more information visit: Practice Management Software | Cliniko

  • If your treatments pre-date July 2020, or if there is a necessity to keep a paper record of your patient information, then consultation forms and Treatment records are kept in a locked filing cabinet within my house, and treatment records are maintained on a password controlled laptop / password protected online storage cloud. Only I have access to these records and I will take all appropriate steps to protect the confidentiality, integrity, availability and authenticity of your data.

Your Individual Rights under the Data Protection Act 2018.

You have:

  • the right of access to your personal data;
  • the right to object to the processing of your personal data;
  • the right to restrict the processing of your personal data;
  • the right to rectification of your personal data;
  • the right to erasure of your personal data;
  • the right to data portability (to receive an electronic copy of your personal data);

My Rights

In exercising your Individual Rights, you should understand that in some situations I may be unable to fully meet your request, for example if you make a request for me to delete all your personal data, I may be required to retain some data for taxation, legal, regulatory and insurance purposes.

You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.


DATA PROTECTION COMPLAINTS PROCEDURE

Business, clinic or practice name: Sam Massage Therapy

1. Purpose of this procedure

This document explains how the business, clinic or practice named above handles complaints about the way they collect, use, store, share, retain, correct or delete personal data.

This procedure applies only to data protection complaints.

Other complaints, such as concerns about treatment, professional conduct, fees, appointments, customer service or clinical care, are handled under general complaints procedures.

Personal data is taken seriously. This includes your contact details, consultation information, health history, treatment notes, consent records, appointment records, payment information, emails, messages, student records, course records and any other personal information held.

Health information is special category data under UK GDPR. This means it requires additional care and protection.

2. Who can use this procedure?

You can use this procedure if personal information is held about you. This may include if you are a current or former client, student or course attendee, professional contact, supplier or another person whose personal data is held.

3. What is a data protection complaint?

A data protection complaint is a concern about how your personal information is handled. You do not need to use legal wording. You do not need to mention UK GDPR. If your concern is about how your personal data has been handled, it will be treated as a data protection complaint. Examples include concerns about how your personal information was collected, how it was used, how it was stored, whether it was shared, how long it was kept, whether it was or is accurate, how a response was made on a request to see your records, or how a response was made to a request to correct, delete or restrict use of your information.

4. How to make a data protection complaint

You can make a data protection complaint by completing the form below and sending it to us. You may also raise a concern by email, post, telephone, or another reasonable method. If you raise a concern verbally, we may make a written note and ask you to confirm that we have understood your concern correctly.

Please send complaints to:

Email: SamMassageTherapy@hotmail.com

Postal address: Samantha Williams, 100 Elder Crescent, Glasgow, G72 7GL

5. What happens after you complain?

We will acknowledge your complaint within 30 days of receiving it. We may ask you for more information if we need it to investigate your concern properly. We will review your complaint and make appropriate enquiries. This may include checking records, reviewing emails or messages, checking our privacy notice, considering whether information was shared, reviewing consent or lawful basis, and deciding whether any action is needed. We will respond without undue delay. If the matter is complex or we need more time, we will keep you informed. We will tell you the outcome of the complaint. Where possible, this will be provided in writing. We aim to resolve and provide a final written outcome to most data protection complaints within three months and will keep you regularly informed if an extension is required due to the complexity of the investigation.

6. Possible outcomes Depending on the complaint, we may decide to:

• correct inaccurate information,

• update incomplete information,

• explain how or why information was processed,

• restrict further use of information where appropriate,

• delete information where appropriate,

• confirm why information must be retained,

• update our procedures,

• take another reasonable action,

• or explain why we do not agree with the complaint.

7. If you remain dissatisfied If you remain dissatisfied after we have responded, you have the right to contact the Information Commissioner’s Office, known as the ICO.

ICO complaints page: https://ico.org.uk/make-a-complaint/

ICO helpline: 0303 123 1113

ICO postal address: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

How to contact me

If you have any questions regarding the use of your data and your Individual Rights, please contact me on SamMassageTherapy@hotmail.com

Thank you.