top of page

Data Protection Policy

Last Updated: October 2019

 

Our Data Protection Policy will help to explain what personal data is and how we use any personal data that we have obtained about you in compliance with the Data Protection Act 2018 (also known as General Data Protection Regulation or GDPR).

 

1.Why We Collect Personal Data

Moonlight Healing collects a range of Personal Data and Special Category Data (see explanation of each type below) to aid in the running of our business and the delivery of our services to you. 

 

We use your personal data to enable us to uniquely identify you to ensure we record your consultation in the correct file and also retrieve the correct file when preparing for your next treatment.  We additionally use your personal data to contact you about your appointment and also about other services, if you have agreed to us contacting for marketing purposes.  If you are 18 or younger, we also record your date of birth to aid in determining the date your file can be destroyed (see Data Retention below).  Finally we keep Health and Wellbeing Data (Special Category Data) so that we can record why you are receiving a treatment and track the effect of treatment on the presenting issue and also adjust the treatment to your requirements such as lowering the massage table or avoiding certain massage oils.  Further, we use your data internally to determine how to develop services, add services to our portfolio and how to target advertisement – this is done with anonymised data.

 

2.Personal Data and Special Category Data

Personal Data and Special Category Data are types of data that can be used individually or in combination to identify you.  We collect your personal data when you make initial contact with us and when you complete a consultation form; we use explicit consent on the consent form as the lawful means to hold and process your data.  We use this data for the purpose of running our business and delivery the service to you as described above.

 

What are Personal Data and Special Category Data

There is no explicit list of data types but below are some examples of what each may contain:

How we handle your data

At Moonlight Healing will ensure that your data is:

  • Used only for the purpose of delivering the service to you.

  • Used for marketing of our services only if you have explicitly given us permission to do so.

  • Stored securely.

  • Not be shared with others without prior consent, except if you pose a risk to yourself or others or present with a notifiable medical condition.

  • Kept up to date and checked for accuracy at each consultation.

  • Securely destroyed when it is no longer required.

 

What personal data do we hold?

  • Name

  • Address

  • Telephone number

  • Email address

  • Date of birth (if 18 or younger)

  • General Practitioner Details

  • Health and wellbeing data

 

3.What are your rights?

You have a right to:

  • Be kept informed about the data we hold on you.

  • See the data we hold on you.

  • Have data corrected.

  • Have data deleted.

  • Restrict how your data is processed.

  • Data portability.

  • Object to data processing.

 

4.Data retention

  • We will retain your file for seven years after your last treatment or until you are 25 years old, whichever is longer.

  • If you were 18 or younger when you first visited us we will have recorded your Date of Birth; if you are still a client at age 25 we will redact your Date of Birth from your records as it is no longer required to determine the date to destroy your record.

 

5.Policy Maintenance

  • This policy will be reviewed on an annual basis to ensure that reflects current legal requirements and business operating needs.

  • If any urgent change is identified before the annual review a special update to the policy will be performed.

 

6.Subject access request

All request for access to personal data must be done by written letter and include proof of ID such as a photocopy of a Driving Licence or Passport and proof of address such as a utility bill.  Requests will be dealt with within one calendar month and are free unless they are considered to be excessive.  All requests should be addressed to:

 

Jane Hale

Moonlight Healing

1 Winton Cottages

Falmer Road

BRIGHTON

BN2 7FJ

 

 

7.Complaints

If you have any concerns or wish to complain about how your data is being stored or processed, you can write to:

 

Jane Hale

Moonlight Healing

1 Winton Cottages

Falmer Road

BRIGHTON

BN2 7FJ

 

If you are not satisfied with the response you can contact the ICO:

 

https://ico.org.uk/make-a-complaint/

 

Or write to:

 

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

bottom of page