Privacy Policy

Blackmoor Health Clinic: Privacy Policy

Awareness of this policy constitutes consent.

This notice is to explain why I collect your personal data, what I do with it, and to ensure I am working in accordance with the new EU General Data Protection Regulation (GDPR).

When you supply your personal details to me, when we communicate by email or text, and when I take notes in the clinic, this information is stored and processed for three reasons in line with the GDPR requirements:

  1. I need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes in law an (unwritten) contract.
  2. I have a legitimate interest in collecting that information, because without it I couldn’t practice acupuncture effectively and safely.
  3. I keep records of your contact information because I think that it is important that I can contact you to confirm your appointments with me. In the case of Tai Chi class participants this is only to inform you of term dates. This again constitutes a legitimate interest, (yours).

I have a professional obligation to retain your records for 8 years after your most recent appointment (or after you have reached age 25, if this is longer), but after this period I will delete your records.

Your clinical records are stored only on paper, in individual paper files, and in a secure cabinet in my home.

Your emails are deleted within 3 months, and until then stored on a password protected computer at home. I am the only person who has access to your records, and emails. Texts are stored on a password protected phone and deleted within 3 months. I will never share your information with anyone who does not have a legal right of access without your written consent.

You have the right to see what personal data of yours I hold, and you can also ask me to correct any factual errors. I am legally required to respond to any request from a client to see their personal data within a timescale of 30 days.

You can raise any concerns directly with the Information Commissioner’s Office on https://ico.org.uk/concerns/