Data Protection and Privacy Statement

Willow Leaf collects information about you when you first contact us to use our services (whether by telephone, email or through our website enquiry form at www.willowleaf.uk) and upon your first initial visit for massage treatment when you complete the client consultation form.
Upon signing the client consultation form on your first treatment with Willow Leaf you are agreeing that Willow Leaf will keep your details confidential and abide by current GDPR guidelines.

You also agree that Willow Leaf can contact you via telephone, text message and email regarding your appointments and massages with us.
This also includes the occasional marketing/promotional update of our products, services and availability. An option to unsubscribe/opt out is always included if you would no longer like us to contact you.
Personal data is collected such as:

Name
Date of birth
Address
Email address
Telephone number
Occupation
Emergency contact or next of kin details
Health conditions including allergies, medication and doses, history of; injuries, operations, illnesses provided on the client intake form and discussed during the first and subsequent treatments
GP surgery details and other body treatments currently and previously received
Lifestyle covering an overview of: exercise, diet, sleep and stress levels
Information on current physical state (i.e. aches/pains/tension)
Treatment detail and assessment notes which will be recorded after each massage session
Diarised records of appointment times.

We are committed to protecting your privacy and will only collect and process your personal data in accordance with the General Data Protection Regulation (GDPR)
If you object to the collection and use of your personal data, we may be unable to provide you with our services.

How will Willow Leaf use the Information gathered during my client consultation and massages?

Willow Leaf requires this information to assess your massage treatment requirements and provide you with a safe and effective massage therapy. Additionally, the information is used to refer to at subsequent treatments in order to assess levels of improvement.

Your information will not be shared with anyone else (other than required for legal process) without explaining the reason why this is necessary and obtaining your explicit consent.

The contact information you provide may be used by Willow Leaf to contact you in relation to appointment times or dialogue regarding your treatment plan.

Security Policy

Willow Leaf is committed to ensuring that your information is secure.

In order to prevent unauthorised access or disclosure, suitable physical, electronic and managerial procedures have been put in place to safeguard and secure the information that is collected both online and on paper.

I have implemented appropriate security measures to protect your personal data against unauthorized access, loss, or damage.

The health and personal information gathered is held on paper Client Consultation forms and paper treatment notes and is stored securely in a locked filing cabinet.

Due to the nature of my business Willow Leaf retains paper based personal information and as such, has a duty to ensure that it is disposed of in a secure, confidential and compliant manner.

Contact details including telephone numbers and email addresses are held on a password protected telephone and personal computer.

I will retain your personal data for a period of 7 years after your last treatment, as required by law and in accordance with the Federation of Holistic Therapists guidelines.

Your individual RIGHTS

Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.

These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
• The right to be informed about the personal data being processed;
• The right of access to your personal data;
• The right to rectification if there is something incorrect or incomplete;
• The right to erasure of your personal data;
• The right to limit how the information is used or shared;
• The right to portability. Under certain circumstances a copy of electronically held information can be requested so it can be reused in other systems;
• The right to object if there are certain parts of an individual’s information that they do not want used or to be used only for certain purposes
• Rights in relation to automated decision-making and profiling;
• The right to lodge a complaint with the Information Commissioner’s Office. An individual can complain to the ICO if the individual feels the information held is incorrect or not being used in the permission was granted or if information is being held unnecessarily. Full details of individual’s rights can be held at:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/