Your privacy is very important to us. This privacy policy explains how we collect, use, and protect your personal information. It covers your data when you use our website and when you receive reflexology treatments. We fully comply with the General Data Protection Regulation (GDPR) and the Data Protection Act.
To continue to comply with the relevant and current regulations, it is likely that Tola Health will change this policy by updating this page when appropriate. You should check this page occasionally to ensure that you are happy with any changes.
1. Who We Are
Data Controller: Morag Kitt
Therapist: Morag Kitt
Business Name: Tola Health
Address: 5 Ross Close Exeter EX1 3UE
Email:
Telephone: 07974 930769
2. Information We Collect and Why We Need It
We collect information at two different stages: when you enquire through our website, and when you agree to become a client.
3. The Purpose of processing Client Data
I hold and use client data in order to provide you with the best possible treatment options, support and advice.
4. Lawful Basis for holding and using Client Information
Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for processing this information are:
(a) Your consent. You can remove your consent at any time. You can do this by contacting
(b) I have a contractual obligation
(c) I have a legal obligation:
‘Claims occurring’ insurance: (records to be kept for 7 years after last treatment) - Law regarding children’s records (records to be kept until the child is 25 or if 17 when treated, then 26) - CNHC requirements to retain information for 8 years
(d) I have a vital interest
(e) I need it to perform a public task
(f) I have a legitimate interest [i.e.my requirement to retain the information to provide you with the best possible treatment options and advice]
As I hold special category data (i.e. health related information), the Additional Condition under which I hold and use this information is for me to fulfil my role as a health care practitioner bound under the Association of Reflexologists (AoR) Confidentiality as defined in the Code of Practice and Ethics.
5. Website Tracking Data
Our website uses Google Analytics to track user interaction. This data is used to; determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us.
Google Analytics also records your computer’s IP address which could be used to personally identify you, but Google do not grant us access to this. Google Analytics makes use of cookies. We consider Google to be a third party data processor.
6. Cookies
A Cookie is the term used for a small text file created by a website that is stored in the user's computer either temporarily for that session only or permanently on the hard disk (persistent cookie).
Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can control the use of cookies through your web browser. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
7. When We Collect Your Data
A. When You Use Our Website Contact Form
If you fill out our online contact form, we collect: Your Name, Email Address, Telephone Number and personal message
Why we collect it: We use this basic information under the lawful basis of Legitimate Interests. We only use it to reply to your enquiry and talk about a potential booking.
B. When You Agree to Treatment (Clinic Clients)
If you decide to book a treatment, we must collect deeper, medical information. This is done in person or via paper/digital intake forms. this includes: Your Contact Details, medical history, health conditions and relevant lifestyle details. Handwritten or digital treatment session notes.
Why we collect it: We are required by law to hold this information to provide safe, effective reflexology treatments. Our lawful basis for general data is Contract (to provide you with the service you paid for). Our lawful basis for health data (Special Category Data) is Health or Social Care. We also need this data to protect ourselves against legal claims and to meet our professional insurance requirements.
8. How We Store and Protect Your Data
We take data security very seriously. I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect from you.
I will contact you using the contact preferences you have given me. I keep the information listed above, for 7 years after your last treatment. We will then dispose your information by secure deletion of electronic data and shredding and burning paper records.
9. Sharing Your Information
We will never sell, rent, or share your personal details with third parties for marketing purposes. Your information is strictly confidential.
The only exceptions are: If you ask us to share information with your doctor or another healthcare practitioner. If we are legally required to do so by a court of law.
10. Your Rights Under GDPR
Under data protection law, You have strong rights over your personal data.
- Your right of access - You have the right to ask me for copies of your personal information.
- Your right to rectification - You have the right to ask me to rectify personal information you think is inaccurate. You also have the right to ask me to complete information you think is incomplete.
- Your right to erasure - You have the right to ask me to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask me to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability - You have the right to ask that I transfer the personal information you gave me to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you. To make a request, please see Section 12 below.
11. Therapist’s Rights
If you don’t agree to your therapist keeping records of information about you and your treatments, or if you don’t allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you
Your therapist must keep your records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed
Your therapist can move their records between their computers and IT systems without your permission if your details are protected from being seen by others.
12. How to Make a Complaint
If you are unhappy with how we have handled your personal data, we want to hear about it so we can fix it. Please look at our Complaints Policy Complaints Policy
