AIR + EARTH REFLEXOLOGY CUSTOMER PRIVACY NOTE:

This privacy notice tells you what I do with your personal information (Updated 16th June 2026)

CONTACT DETAILS:

Name:  Jennifer Board

E-mail: jenni@airandearthreflexology.com

WHAT INFORMATION I COLLECT AND WHY:

To give professional reflexology treatments, I will need to ask for and keep information about your health.

I will only use this for informing reflexology treatments and any advice I give because of your treatment. The information to be held is:

  • Name, address, DoB, contact details & emergency contact details (next of kin / any emergency support networks).

  • Information about care needs (including disabilities, home conditions, medication, dietary requirements and general care provisions).

  • Payment details (including card or bank information for transfers and direct debits).

  • Treatment details, related notes and decisions.

  • We also collect the following special category information to provide patient care & services. (This information is subject to additional protection due to its sensitive nature):

  • Health information (including medical conditions, allergies, medical requirements and medical history)

HOW I GET THE PERSONAL INFORMATION AND WHY I HOLD IT:

  • Directly from you

  • Family members or carers

Most of the personal information I process is provided to me directly by you for one of the following reasons: 

  • For informing reflexology treatments and any advice I give because of your treatment.  

I use the information that you have given me to: 

  • Provide you with the best possible treatment options, support and advice. 

  • I do not share this information with anyone, with the possible exceptions of: a: care providers (if appropriate) b: organisations I need to share information with for safeguarding reasons.

    LAWFUL BASES AND DATA PROTECTION RIGHTS:

Under UK General Data Protection Regulation (UK GDPR), I must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

MY LAWFUL BASES FOR THE COLLECTION AND USE OF YOUR DATA

MY lawful bases for collecting or using personal information to provide patient care and services are:

  • Your consent. I have permission from you after I gave you all the relevant information. You can remove your consent at any time. You can do this by contacting Jennifer Board at jenni@airandearthreflexology.com

  • I have a legal obligation: 1. ‘Claims occurring’ insurance: (records to be kept for 7 years after last treatment) 2.Law regarding children’s records (records to be kept until the child is 25 or if 17 when treated, then 26)

  • I have a legitimate interest - my requirement to retain the information to provide you with the best possible treatment options and advice.

    As I hold special category data (i.e. health related information), the additional condition under which I hold and use this information is: for me to fulfil my role as a health care practitioner bound under the AoR Confidentiality as defined in the AoR Code of Practice and Ethics.

PROTECTING YOUR PERSONAL DATA - HOW I STORE YOUR PERSONAL INFORMATION:

I am committed to ensuring that your personal data is secure. To prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect from you. I keep all booking data (name, email, mobile number and debit or credit card) in a secure online booking system, Acuity Scheduling. I then keep all client records (including name, address, GP details, health & lifestyle information, and next of kin) in a secure Google Drive that is password-protected and has 2-factor authentication applied (meaning a constantly changing security number needs to be entered in order to access.  My computer and laptop are always kept in a secure, locked location with an alarm.

I will contact you using the contact preferences you have given me. 

  •  I keep Client records (including personal details and medical information) and treatment notes for 7 years. I then dispose of this information (unless you are an ongoing client whom I am still treating) by permanently deleting all digital files (I only keep digital files).

YOUR DATA PROTECTION RIGHTS:

Which lawful basis we rely on may affect your data protection rights, which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

You are not required to pay any charge for exercising your rights. If you make a request, I must respond to you without undue delay and in any event within one month.

Please contact me at jenni@airandearthreflexology.com if you wish to make a request.

WHO I SHARE INFORMATION WITH

  • Care providers (if appropriate)

  • Organisations we need to share information with for safeguarding reasons

DUTY OF CONFIDENTIALITY:

I am subject to a common law duty of confidentiality. However, there are circumstances where we will share relevant health and care information. These are where:

  • You’ve provided me with your consent (I have taken it as implied to provide you with care, or you have given it explicitly for other uses);

  • I have a legal requirement (including court orders) to collect, share or use the data;

  • On a case-by-case basis, the public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example, sharing information with the police to support the detection or prevention of serious crime);

  • If in England or Wales, the requirements of The Health Service (Control of Patient Information) Regulations 2002 are satisfied.

THERAPISTS’ RIGHTS - PLEASE NOTE:*

  • If you don’t agree to your therapist keeping records of information about you and your treatments, or if you don’t allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you   

  • Your therapist has to keep your records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed 

  • Your therapist can move their records between their computers and IT systems, as long as your details are protected from being seen by others without your permission.

HOW TO COMPLAIN:

If you have any concerns about our use of your personal information, please refer to our GDPR Complaints Procedure HERE