Data Protection

How we protect your personal data under UK GDPR

Data Protection & GDPR Compliance

Heartwood Wellbeing is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our data protection practices and your rights.

Legal Basis for Processing

We process your personal data on the following legal bases:

  • Consent: When you explicitly consent to specific processing activities
  • Contract: To fulfill our contractual obligations for therapy services
  • Legitimate Interest: To improve our services and communicate with you
  • Legal Obligation: To comply with health and safety regulations

Special Category Data

As a holistic therapist, we may process special category data (health information) with your explicit consent. This information is treated with the highest level of confidentiality and is only used for the purpose of providing safe and effective therapy services.

Data Security Measures

  • Encrypted storage of personal information
  • Secure transmission of data
  • Regular security assessments
  • Staff training on data protection
  • Access controls and authentication
  • Regular backups and recovery procedures

Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in our Privacy Policy. Health records are typically retained for 7 years from the last treatment, in accordance with professional guidelines and legal requirements.

Your Data Protection Rights

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data in certain circumstances
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Rights Related to Automated Decision Making: Not applicable to our services

Data Breach Procedures

In the unlikely event of a data breach, we have procedures in place to:

  • Immediately assess and contain the breach
  • Notify the Information Commissioner's Office (ICO) within 72 hours if required
  • Inform affected individuals without undue delay if there's a high risk
  • Document and investigate the incident
  • Implement measures to prevent recurrence

Contact Our Data Protection Officer

For data protection inquiries or to exercise your rights:

Email: info@heartwoodwellbeing.co.uk

Phone: +44 7931 220197

WhatsApp: Contact Kelly on WhatsApp

ICO Registration: We are registered with the Information Commissioner's Office (ICO) and comply with all UK GDPR requirements.

Last Updated: January 2025
This Data Protection Policy may be updated to reflect changes in legislation or our practices.

🍪 We use cookies

We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Learn more