Effective from May 2018 (GDPR)
This Privacy Policy explains what personal information I collect, why I collect it, how I use it, how it is stored, and your rights under the General Data Protection Regulation (GDPR).
By engaging with my services, you acknowledge that you understand and accept the terms of this policy.

1. Therapist Details

Name: Rebecca J Parker
Practice: R J Parker Sports & Remedial Therapy
Email: rjparkerremedialtherapist@gmail.com
Telephone: 07581 781652

I am a qualified practitioner and a registered member of the following professional bodies:

• Sports Therapy Organisation (STO)
   
• Association of Reflexologists (AoR)
   
• Complementary and Natural Healthcare Council (CNHC) – a register accredited by the Professional Standards Authority (PSA)
   

I adhere to all professional codes of conduct, ethics, confidentiality requirements, and regulatory standards associated with these bodies.

2. Information I Collect and Why

To deliver safe and effective Sports Therapy, Remedial Therapy, Reflexology, and related treatments, I need to collect and hold certain information about you.

2.1. Contact Information

• Full name
   
• Email address
   
• Telephone number
   
• Address (if required for home visits or invoicing)
   
• Emergency contact details
   

Purpose: appointment management, communication, administration, and client safety.

2.2. Health & Medical Information (Special Category Data)

Collected at initial consultation and updated as required:

• Medical history and health conditions
   
• Injury details and history
   
• Medications and healthcare treatments
   
• Lifestyle information relevant to treatment
   
• GP details (optional but recommended)
   

Purpose: safe clinical assessment, treatment planning, risk reduction, rehabilitation, and professional compliance.

2.3. Treatment Records

• Dates of treatments
   
• Techniques used
   
• Clinical observations
   
• Treatment outcomes and progress
   
• Aftercare or exercise recommendations
   
• Relevant communication notes
   

Purpose: continuity of care, treatment progression, audit requirements, insurance compliance, and professional standards.

3. Legal Basis for Processing

Your data is processed under the following lawful bases:

3.1. Legitimate Interests

I must hold and use your information to provide safe and personalised treatments, in line with STO, AoR, and CNHC/PSA professional standards.

3.2. Legal Obligations

I am required to retain records to comply with:

• Insurance requirements (claims-occurring basis)
   
• CNHC/PSA Code of Conduct
   
• AoR and STO record-keeping requirements
   
• Legal guidelines for treating minors
   

3.3. Special Category Data – Health Information

Processed under GDPR Article 9(2)(h) for the provision of healthcare by a professionally regulated practitioner under a duty of confidentiality.

I will always request your explicit consent before sharing any health information with third parties.

4. How Your Information Is Used

Your data is used solely for:

• Delivering therapy treatments
   
• Assessing health and injury concerns
   
• Providing clinical advice and aftercare
   
• Monitoring progress and rehabilitation
   
• Managing bookings and communication
   
• Meeting professional, insurance and legal obligations
   

No automated decision-making or profiling is used.

5. Sharing Your Information

Your data is confidential. It will only be shared in the following situations:

With your explicit consent, such as:

• Sharing relevant details with your GP
   
• Liaising with other healthcare or sports professionals involved in your care
   

When required by law, such as:

• Court orders
   
• Insurance investigations
   
• Safeguarding concerns (risk of harm to yourself or others)
   

Referral circumstances, such as:

• If another practitioner referred you
   
• If you request treatment updates to be shared
   

Your data will never be transferred outside the UK/EU without your explicit consent.

6. Data Retention Periods

In compliance with insurance, legal and professional-body requirements:

• Adults: retained for 7 years from the date of your last treatment
   
• Minors: retained until age 25, or age 26 if treated at age 17
   
• CNHC/PSA, STO, and AoR: minimum 8-year retention for all clinical records
   

Where regulations differ, the longest retention period is applied.

After this time, records are securely destroyed.

7. How Your Data Is Stored and Protected

I use secure systems and physical safeguards to protect your information:

• Password-protected and encrypted digital storage
   
• Locked filing cabinets for any paper notes
   
• Restricted access (only I access client data)
   
• Secure backups
   
• GDPR-compliant data disposal procedures
   

I follow the data protection guidelines required by the STO, AoR, CNHC/PSA and GDPR.

8. Communication Preferences

I may contact you for:

• Appointment reminders or updates
   
• Treatment-related follow-up
   
• Health or injury-related communication
   
• Optional newsletters or clinic updates (unsubscribe anytime)
   

Your contact details will never be sold or used for unsolicited marketing.

9. Your Rights Under GDPR

You have the legal right to:

• Be informed – about how your data is used
   
• Access – request a copy of the data I hold
   
• Rectification – request corrections to inaccurate information
   
• Erasure – request deletion (subject to retention requirements)
   
• Restrict processing – limit how your data is used
   
• Data portability – receive your data electronically (where applicable)
   
• Object – to certain uses of your data
   
• Complain – to the Information Commissioner’s Office (ICO)
   

ICO website: www.ico.org.uk

If you wish to exercise any of these rights, please contact me using the details above.

10. Therapist’s Rights

To provide safe, ethical, and legally compliant therapy, I retain the following rights regarding your information:

10.1. Right to Decline or Postpone Treatment if Essential Information Is Not Provided

For your safety, if essential health, injury, or medical information is withheld or incomplete, I may be unable to provide treatment. This ensures compliance with:

• Professional body requirements (STO, AoR, CNHC/PSA)
   
• Insurance conditions
   
• Safe clinical practice
   
• Legal obligations
   

Treatment may be adapted, postponed, or declined until sufficient information is supplied.

10.2. Right to Retain Records for Legally Required Periods

Even if you request erasure, some information must be retained to satisfy:

• Insurance requirements
   
• Professional-body obligations
   
• Legal documentation rules
   
• Safeguarding and audit requirements
   

Only the minimum required information will be kept. Once the mandated retention period ends, all records will be securely destroyed.

10.3. Right to Transfer Records Securely Between Approved Systems

To maintain secure, efficient and compliant record-keeping, I may transfer data between secure digital or physical systems, for example:

• Updating clinical software
   
• Moving from paper to digital notes
   
• Implementing encrypted backup solutions
   

All transfers follow GDPR data protection standards and maintain strict confidentiality.
Data will never be transferred to unauthorised third-party systems or insecure platforms.

10.4. Summary of Therapist Rights

I retain the right to:

• Decline treatment if essential information is withheld
   
• Retain required records for the full legal timescale
   
• Securely transfer data between compliant systems
   
• Maintain confidentiality and integrity of client records at all times
   

These measures protect both client and therapist and ensure compliance with STO, AoR, CNHC/PSA and GDPR expectations.