As a client of Michael O'Neill Massage Therapy & Reflexology, we are writing to advise on how we will be handling your data to comply with the new General Data Protection Regulation (GDPR).
New Data Protection Legislation is coming in to force in the UK on 25th May 2018. The General Data Protection Regulation (GDPR) is EU wide legislation, and is currently being enacted into UK law and will become the 2018 Data Protection Act.
Personal data has been defined by the act as ‘any information relating to an identifiable person who can be directly or indirectly identified’.
The data we collect on you
The personal data we collect will include information relating to your name, address, date of birth, and wider contact details. We will also collect data relating to your treatments with us which may include information about any relevant health issue and disabilities.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. We use third party website providers for our website, email contact form and online booking so you can book online or email us for information who only have access to the information you provide on the form, they help us provide an online booking service so that we can confirm your appointment and reply to any questions. We may also release your information when we believe release is appropriate to comply with the law or protect ours or others' rights, property, or safety.
We only use your data for the purpose for which it was collected to enable us to provide treatment and services and to respond to enquires, booking requests and to send reminders of bookings.
We will retain your data for 7 years or 7 years (after the age of 18 for minors) following the end of your last treatment. Any treatment notes we take will be in paper form only and will be shredded after 7 years.
You have the Individual Rights under the Data Protection Act 2018
To be informed about the personal data we hold on you
To access your personal data
To object to the processing of your personal data
Restrict the processing of your personal data
To rectify your personal data
To erase your personal data
You can exercise your Individual Rights at any time without charge. However, if your request is considered repetitive, unfounded or excessive, a reasonable administration fee can be charged.
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data.