top of page
Data Protection Policy


What data is requested, stored & processed & why is this data held?

  1. Name: client identification

  2. Address: identification; safety of therapist; address to send the client home if necessary.

  3. Date of birth: identification, i.e. for occasions when we have duplicate names. 

  4. Phone: to send reminder texts the day before, to keep cancellations & no shows to a minimum; in case the therapist must cancel an appointment for some unavoidable reason.

  5. Email: to send receipts & appointment confirmations. 

  6. Medical history: to help understand what the student or client is presenting with on a given day, so a decision whether class, posture or treatment is appropriate, & to carry out any treatments in a safe way. 

  7. Session or Treatment notes: clinic record of what happened during any contact with clients.


Who is the data controller?  Dawn Billett is the data controller.


How is the data obtained?

  1. Clients make contact to book a session/treatment or register for/join a class.

  2. Names & emails are obtained when individuals email Just Breathe Healing Arts.

  3. During the initial session / treatment / class with a new client/student, a full initial form is gone through & filled out, which will vary based upon the session / treatment or class.  At this point our Privacy Policy is available.  Clients can refrain from giving us address, email, date of birth if they prefer however we will not proceed with treatment without name, phone no & medical history for a treatment that requires this level of detail.

  4. The client must sign to consent to treatment & to data retention at this point.


Why is the data originally gathered?  Contact information is gathered at time of booking to secure booking, letting me know who is coming in & how to contact them with reminder text or should we need to cancel due to unforeseen circumstances.  Other data is needed to carry out the treatments requested by the client.  Contact details are added to a mailing list upon seeking & receiving separate consent.


Where is the data stored?

  1. On computer: holds client contact information, emails and new client/student forms (if submitted electronically).

  2. On phones: phones are used for accessing emails & contact information & for making or receiving student/client calls.

  3. On the paper records: name, address, phone number/letters, email, medical history & treatment notes, & reports received from client in relation to their condition & any letters we have sent to them or on their behalf at their request are held. 

  4. Email accounts: Hotmail or Gmail holds all emails (including any attachments) sent & received to/from the clinic.


How secure is the data? Encryption & accessibility

  • The computer is in my home & the screen is locked after a short period of time & needs a password to access.  

  • Phones needs a password, fingerprint or face Id to access.  

  • Client names, addresses, phone no, email & date of birth are stored, as well as your scheduled appointments.

  • Data i.e. medical history, treatment notes, etc. are kept manually in a locked cupboard.  

  • Client record charts in use each day are kept in a folder.

  • Newly filled out record charts are put in a separate folder & locked in the cupboard at the end of each working day, awaiting processing, at which point they can be filed away with the rest.

  • Passwords are only known to the data controller and are changed periodically.


Is the data shared with 3rd parties & on what basis?  Just Breathe Healing Arts uses a cloud-based email & calendar system to provide the services.  This company stores & processes all emails & calendar entries. They have their own privacy policy in accordance to GDPR, to which clients give consent also.


How long shall the data be retained?

  1. Retain all session/treatment records for a period of 7 years after the last appointment, or in the case of minors, for 7 years after their 18th birthday. 

  2. The clinic email account is cleared regularly of any communication from individuals who are not clients with a treatment record, made enquires, or interacted in some other way. 


Amending incorrect data.  A change of name, address, phone no, email, etc. is done by the data controller.  Once the change needed has been brought to their attention directly by a client, the data will be updated straight away. 


Transferring data.  Upon receiving a request from a client to transfer data to another therapist, solicitor, medical professional, a photocopy of the paper records including all medical history & treatment history will be sent by registered post, with no amendments, to the address provided by the client.  The client must sign consent to this transfer, which states the date, the name & address of the recipient & acknowledgement of permission to send. This will be kept with their original records, as a record of the transfer & request to do so.  Data will not be transferred by photograph copies via smart technology or by scan & email as this may be further shared.


Destroying data.

  • Data will only be destroyed after the allotted time frame as quoted above. 

  • The record of client name will continue to be listed with a highlighted note indicating the date of its destruction.

  • The paper record will be removed & shredded on site. 

  • Clients can request to have their data destroyed in specific circumstances where there has been a misuse of their data. They do not have an absolute right to the destruction of all records involving them.

bottom of page