Privacy Policy — Sunshine Health Bowen Therapy

PRIVACY POLICY - GENERAL DATA PROTECTION REGULATION (GDPR)

1. Who I am and how to contact me:

Mrs Zoë Cook

Sunshine Health Bowen Therapy

07876 760672

zoe@sunshinehealthbowentherapy.co.uk

2 New Close, Street, Somerset, BA16 0RP

2. The type of personal information I collect

To give professional treatments, I need to ask for and keep information about your health. I will only use this information for informing your treatments and any advice I give because of your treatment. The information to be held is:

Your contact details
Medical history and other health-related information (which I will take from you at first consultation)
Treatment details and related notes (which I will take each time I see you)

3. How I get the personal information, why I hold it and how I use it

To give professional treatments, I need to gather and retain potentially sensitive information about your health. I will only use this information for informing the treatments I offer, and associated recommendations concerning aspects of health and wellbeing which I will offer to you. I take basic contact details and information via my online booking system to allow me to contact you and handle bookings. Most of the personal information I process is provided to me directly by you for the following reason:

For informing treatments and any advice I give because of your treatment.

I also receive personal information from you via third party services I use, and you may interact with, as part of my business operations. These are:

Electronic Payments: I use SumUp and Stripe. Full details of their privacy policies can be found here: https://help.sumup.com/hc/en-gb/articles/360004703114-GDPR-SumUp-and-Your-Data, and https://stripe.com/gb/legal/dpa

Website and Booking system: any emails received via my website are done so via the Squarespace mail system and are not stored on any of their systems. I use Acuity Scheduling which is part of Squarespace for my booking system, and full details of their privacy policy can be found here: https://www.squarespace.com/privacy

I do not your share information with anyone else other than as identified in section 4g below.

4. Lawful Basis for holding and using Client Information

As a member of the Bowen Therapists Professional Association (BTPA), Federation of Holistic Therapists (FHT) and the Complementary and Natural Healthcare Council (CNHC), I abide by Code of Practice and Ethics for these organisations. The lawful basis under which I hold and use your information is my legitimate interests i.e.my requirement to retain the information to provide you with the best possible treatment options and advice.

I will not share your information with anyone else, (other than as required for legal process). If I do need to share your information for any other reason, then I will explain why it is necessary and will get your explicit consent before sharing that information.

I will not transfer your data outside the EU without your consent, although you need to be aware that I do use third party services as part of my business operations, which are:

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis I rely on for processing this information are:

a) Your consent. You can remove your consent at any time. You can do this by contacting me using the contact details at the top of this policy.

b) I have a contractual obligation

c) I have a legal obligation:

i) ‘Claims occurring’ insurance: (records to be kept for 7 years after last treatment)

ii) Law regarding children’s records (records to be kept until the child is 25 or if 17 when treated, then 26)

d) I have a vital interest

e) I need it to perform a public task

f) I have a legitimate interest, i.e. my requirement to retain the information to provide you with the best possible treatment options and advice

g) I have a Recognised Legitimate Interest, i.e. if I have a genuine concern – for example, a safeguarding concern or an emergency that poses a risk to life or health – this is a legal basis for sharing your information with an appropriate authority or other professional.

As I hold special category data (i.e., health related information), the Additional Condition under which I hold and use this information is for me to fulfil my role as a health care practitioner bound under BTPA, FHT, and CNHC Confidentiality as defined in their Code of Practice and Ethics.

5. Protecting Your Personal Data

I am committed to ensuring that your personal data is secure. To prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information I collect from you. I will contact you using the contact preferences you give me in your first contact with me, and during our consultations, in relation to:

Appointment times (including automated appointment booking confirmations and reminders by text message and email from Acuity Scheduling)
Complementary Therapy and information related to your health
Requesting reviews

I keep your personal data, specifically your contact details and details of your treatments, for a minimum of 7 years, and will only retain them for longer if you are still actively receiving regular treatments from me. I will dispose of your information securely either through incineration or using a shredder with a minimum P4 security rating.

6. Your data protection rights

Under data protection law, you have rights including:

a) Your right of access - You have the right to ask me for copies of your personal information.

b) Your right to rectification - You have the right to ask me to rectify personal information you think is inaccurate. You also have the right to ask me to complete information you think is incomplete.

c) Your right to erasure - You have the right to ask me to erase your personal information in certain circumstances.

d) Your right to restriction of processing - You have the right to ask me to restrict the processing of your personal information in certain circumstances.

e) Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

f) Your right to data portability - You have the right to ask that I transfer the personal information you gave me to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you.

Please contact me at using the contact details at the top of this policy if you wish to make a request or if you have any questions about my Privacy Policy.

Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection- regulation-gdpr/individual-rights/. If you wish to exercise any of these rights, please use the contact details for Zoë Cook given above. If you are dissatisfied with the response, you can complain to the Information Commissioner's Office and their contact details can be found at: www.ico.org.uk.

7. My Rights as your Therapist

If you don’t agree to me keeping records of information about you and your treatments, or if you don’t allow me to use the information in the way I need to for treatments, I may not be able to work with you.

I must keep your records of treatment for a certain period as described above, which may mean even if you ask me to erase any details about you, I might have to keep these details until after that period has passed.

I can move your records between computers and IT systems without your permission, as long as your details are protected from being seen by others.

8. How to complain

If you have any concerns about our use of your personal information, please refer to my GDPR Complaints Procedure:

Available online at: https://www.sunshinehealthbowentherapy.co.uk/privacy

Request a copy via email or post using the contact details above.

Updated 14th June 2026