Body Logic is committed to safeguarding the privacy of our clients while providing the highest possible quality of service. Under the terms of the Data Protection legislation, we are required to explain to you how we will treat any personal and/or private data which we collect from you. Everyone who works for Body Logic has responsibility for ensuring data is collected, stored and handled appropriately and processed in line with this policy and data protection principles.
Why we need to collect your data:
We collect and handle two types of data. Basic Personal Data – which includes name, address, contact details. We need this information to make appointments and to communicate with our clients regarding any treatments and for any workshops we may run. We also collect Special Categories Data – which is health related data. This is to ensure it is safe for our clients to receive treatment and to give them the appropriate treatment. For us to process health-related data, we are required by EU Law, to have signed, informed consent which we obtain at the time of consultation. Industry guidelines set by the General Council for Massage Therapists (GCMT) state Client/patients/users records need to be kept for seven years, in the case of children for 5 years after their 21st birthday, for terminally or seriously ill clients/patients/users records should be retained indefinitely. Our consultation and treatment forms are kept secured where unauthorised personnel cannot view it.
We also process Basic Personal Data of our suppliers which are related to services or products provided to us.
The information we collect via our Website, FaceBook and Booking System may include:
Any personal details you knowingly provide us with through forms and our email, such as name, address, telephone number etc.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
When visitors leave comments on the site/blog page we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
PayPal, Credit, Debit card payments:
In order to effectively process credit or debit card transactions it may be necessary for the bank or card processing agency to verify your personal details for authorisation outside the European Economic Area (EEA). Such information will not be transferred out of the EEA for any other purpose.
Use of data for confirmations, reminders and services
When our clients book appointments we send out a confirmation email regarding their appointment. A reminder email/SMS message is sent 24 hours before their appointment.
We may also send information regarding any new services and or workshops we provide. Permission is given to us at time of consultation.
Under the GDPR (General Data Protection Regulation), individuals will have the right to obtain confirmation that their data is being processed, access to their personal data, and other supplementary information.
Your Individual Rights under the Data Protection Act 2018. You have:
• the right of access to your personal data;
• the right to object to the processing of your personal data;
• the right to restrict the processing of your personal data;
• the right to rectification of your personal data;
• the right to erasure of your personal data;
• the right to data portability (to receive an electronic copy of your personal data);
This is called a Subject Access Request. If a client contacts the company requesting this information it should be made in writing with written and signed consent. We will always verify the identity of anyone making a request before handing over any information.
Requests should be sent to the Data Protection Officer, Body Logic, Burnside Business Centre, Peterhead, AB42 3AW
Our clients will not be charged to view their data, however charges such as photocopying, postage etc may be levied. We will aim to provide the relevant data within 14 working days subject to staff holidays.
If you are dissatisfied with the way in which Body Logic process your personal data, you have the right to complain to the UK’s Data Protection Supervisory Authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns , by live chat or by calling their helpline on 0303 123 1113.
Further information on GDPR can be found at https://ico.org.uk/