The Therapy Shed Privacy Policy

The Therapy Shed is committed to protecting and respecting your privacy. For any personal data you provide as a client of The Therapy Shed, The Therapy Shed is the Data Controller and is responsible for storing and otherwise processing that data in a fair, lawful, secure and transparent way.


GDPR gives you (the CLIENT) the following rights:


The right to be informed: To know how your information will be held and used (this notice).

The right of access: To see your therapist’s records of your personal information, so you know what is held about you and can verify it.

The right to rectification: To tell your therapist to make changes to your personal information if it is incorrect or incomplete.

The right to erasure (also called “the right to be forgotten”): For you to request your therapist to erase any information they hold about you

The right to restrict processing of personal data: You have the right to request limits on how your therapist uses your personal information

The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.

The right to object: To be able to tell your therapist you don’t want them to use certain parts of your information, or only to use it for certain purposes.

Rights in relation to automated decision-making and profiling.

The right to lodge a complaint with the Information Commissioner’s Office:

To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.

Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.


If you wish to exercise any of these rights, please use the contact details given above.


If you are dissatisfied with the response you can complain to the Information Commissioner’s Office; their contact details are at: www.ico.org.uk

Therapists’s rights

Please note:


If you don’t agree to your therapist keeping records of information about you and your treatments, or if you don’t allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you

Your therapist has to keep your records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed

 Your therapist can move their records between their computers and IT systems, as long as your details are protected from being seen by others without your permission

FOR CLIENTS: THE FOLLOWING INFORMATION IS PROVIDED TO YOU AT YOUR FIRST APPOINTMENT, AND YOU WILL BE REQUESTED TO READ AND SIGN IF YOU AGREE.

Why do I need to collect personal information?

As a healthcare professional, I have a requirement to retain information in order to provide you with the best possible treatment outcomes and advice. I also have a legal requirement via my insurance (Alan Boswell Insurance Group) and the professional bodies of which I am a member to keep a record of treatments given.

What information is being collected?

Information may include: your name, date of birth, address, contact phone number, contact email address and relevant information relating to your health and treatment.

How is it collected?

Collection of data will include contact information in order to confirm your appointment via my online booking system (Acuity), and via information you have provided via online consultation, or by email or text messages.  During your appointment, notes may be taken via pen and paper to be written up electronically.   Paper notes that are not required once they have been converted to electronic format will be destroyed.  At times I will use photographs or videos taken during the session – these are strictly with your consent only, and are stored as part of your electronic records in the same way.  The premises are monitored by CCTV for security purposes.

Where is it stored?

Written information is stored in a locked filing box, in a locked room.

Electronic records are imputed via my iPad which is protected by fingerprint access and a 6 digit passcode, or via my laptop which is protected by a secure password. Records are stored in password protected files. I am the only person with access to these files.

Client contact numbers may be stored on my iPhone if you have given me permission to contact you via phone or text, and only saved onto my phone if I need to contact you in this way. The phone is protected by fingerprint access and a 6 digit passcode.

No client files are left on surfaces for other clients / staff to read.

Any data taken whilst on a mobile treatment will be transported in a locked bag, out of sight in the boot. No notes are left unattended in a vehicle at anytime.

How long is it kept for?

In accordance with GDPR regulations, records are kept for 7 years after the last appointment. For children under 17, records will be kept until the child is 25; or if 17 when treated, then 26.

Who is collecting it?

As your practitioner, I will collect data at the start of your first session. Some information maybe requested by email or text message to ensure the smooth running of your treatment. On occasion data from relevant medical notes / letters and scans may also form part of the data collected.

Contact information collected by Acuity (online booking) or Paypal (when paying through Acuity) or Izettle (which is part of the PayPal group) when paying by card reader on my premises,  is in accordance with the Privacy Statement of Acuity and Paypal as data controllers.

Why is it being collected?

Data is collected to record, guide and supervise your progress, and to be able to communicate effectively with you regarding the best outcomes. It is used to arrange appointments, compare any changes as you progress through treatments, to highlight any red flags or cautions, action to be taken and a detailed dialogue of treatment provided.

How will it be used?

Data will be used to inform your treatment plan, communicate appointments, session information, and document progress.

Contact information will be used to send email correspondence, including newsletters, if you have opted to receive this. You can change your preferences regarding newsletter / correspondence at any time.

Who will it be shared with?

I will NOT share your information with anyone else, other than within my own practice, for purpose of referral to another practitioner, or as required to comply with COVID-19 Track and Trace, or for legal process, without explaining why it is necessary, and getting your consent.

Client experiences can be shared with the public via The Therapy Shed social media pages only with full consent from the client themselves, and they will remain anonymous. This will be confirmed in writing by the client prior to sharing.  

For newsletter subscribers:

Name and email address will be collected and stored via Mailchimp if you have signed up via the website to receive my newsletter. This information will not be shared with any third party, and you can opt out of receiving my newsletter at any time.

Neal’s Yard remedies:

As an independent consultant for Neal’s Yard Remedies, a third-party link to my shop is displayed on my website.

Any Neal’s Yard orders taken via this shop are dispatched directly to the customer.

As an independent consultant I receive an email showing me the items that have been purchased, the cost and customer contact details.

All information is stored securely and will not be used for marketing.

Do check Neal’s Yard Remedies consultant shop privacy policy before placing an order.

Gravity life:

As an independent stockist of Gravity Life Orthopaedic Systems, a third-party link to my shop is displayed on my website.

Any orders taken via this link using my discount code are dispatched directly to the customer.

 I receive an email showing me that an item has been purchased but receive no other information regarding customer contact details.

Do check Gravity Life's own privacy policy before placing an order.


Website:

My website is hosted by IONOS and contains links to third party websites operating their own terms and conditions and privacy policies. The Therapy Shed is not responsible for any content on third party websites.

IONOS use analytics data to provide information about visits to my website.  This does not include personal identifiable information.

Please see IONOS privacy policy for full details.

Protecting your personal data

I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information I collect from you.