GENERAL DATA PROTECTION REGULATION
This legislation will replace current data privacy law, giving more rights to you as an individual and more obligations to organisations such as LJM Massage who hold your personal data.
One of the rights is a right to be informed, which means we have to give you even more information than we do now about the way in which we use, share and store your personal information.
The new legislation starts on the 25th May 2018.
What we do with your information
We hold personal details including medical information and we use this information to obtain details relevant to your treatment and for medical and internal record keeping; this information will only be kept as long as necessary to comply with UK law and professional bodies.
We do not sell your information to third parties. We only share your personal information with third parties, e.g., insurance companies, GP’s and Consultants when required and with your consent/knowledge.
The confidentiality of your personal information is of the utmost importance to us and we comply with the Data Protection laws and all the confidentiality guidelines issued by professional bodies.
Information we get from other sources
From time to time, we may need to obtain information from third parties. This will only apply where it is essential for the provision of our services and as permitted by law. Where applicable we will seek the consent of the client or organisation providing the data.
Card payments are taken using the Sum Up card reader and you should refer to their privacy policies at https://sumup.co.uk/privacy/. Paper records are stored in a locked cabinet.
Visitors to our website
Links to other websites
This privacy notice does not cover the links within LJM Massage Website linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Under the Data Protection Act 1998, you have rights as an individual, which you can exercise in relation to the information we hold about you.
You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
Access to personal information
The General Data Protection Regulation (GDPR) gives individuals the right to access personal data that is held by organisation’s, via a subject access request (SAR). We have a legal duty to supply an individual with the information within a month of receiving the SAR.
If you have a complaint about the use of data by us, you can email us at firstname.lastname@example.org. Alternatively, you can formally report an issue of concern to the Information Commissioner’s Office, the UK body that governs Data Protection. See https://ico.org.uk.