Privacy Statement

This notice was last reviewed June 2026. Compliant with UK GDPR, DPA 2018, and Data (Use and Access) Act 2025. 
 
The UK GDPR (as retained and amended by the Data Protection Act 2018 and the Data (Use and Access) Act 2025) gives legal protection to your personal information. This notice tells you what personal information we hold about you, why we hold it, and what your rights are.

Jan Rose Reflexology, Aldwick, Bognor Regis, PO21 4AJ
Contact Email: jrosereflex@talktalk.net
Contact Number 07789 357766

Type of Information Collected
Contact Details, Medical history and other health-related information (which I will take from you at first consultation), Treatment Details and related notes (which I will take after each consultation). I am committed to ensuring your personal data is secure and safeguarded.  Your personal data will not be shared with any other person or organisation.  The DUAA introduces a new lawful basis for processing personal data and sharing this data with other organisations in the interests of crime prevention, safeguarding and in emergency situations.

Why I take this information and how long I retain it
I take this information in order to give professional therapy treatments.  I will only use this information for informing your sessions and associated recommendations made as part of your treatments concerning aspects of health and wellbeing. This information will be retained for the recommended period of 7 years although the law regarding children’s records states that those records are to be kept until the child is 25 (or if 17 when treated, then 26).  This information will then be disposed of using appropriate and secure confidential waste disposal procedures.

Lawful Basis for holding and using client information :  Under the UK GDPR, the  lawful basis we rely on for processing this information is:

a) my legitimate interest i.e. in order to provide you with the best possible treatment options, support and advice.  As I hold special category data (i.e. health related information) the additional condition under which I hold and use this information is for me to fulfil my role as a health care practitioner bound under the AoR Confidentiality as defined in the AoR Code of Practice and Ethics.

b) we have a legal obligation: ‘claims occurring’ insurance (records to be kept for 7 years after last treatment): Law regarding children’s records (records to be kept until the child is 25 or if 17 when treated, then 26)

Your Rights under GDPR:

The right to be informed:  to know how your information will be held and used (this notice).

  • The right of access: you have the right to ask for copies of your personal information 
  • The right to rectification: you have the right to ask to rectify personal information you think is inaccurate or incomplete
  • The right to erasure (also called “the right to be forgotten”): you have the right to ask to erase your personal information in certain circumstances
  • The right to restrict processing of personal data: You have the right to request us to restrict the processing of your personal information in certain circumstances
  • The right to data portability: under certain circumstances you can request a copy of personal information is transferred to another organisation or to you
  • The right to object: you have the right to object to the processing of your personal information in certain circumstances

You are not required to pay any charge for exercising your rights.  If you wish to make a request, we have one month to respond to you.  Please contact us at jrosereflex@talktalk.net if you wish to make a request.

Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

Therapist’s Rights:  If you do not agree to your therapist keeping records of information about you and your treatments, or if you do not allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you. Your therapist must keep records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed.  Your therapist can move their records between their computers and IT systems without your permission if your details are protected from being seen by others.

How to Complain: If you have any concerns about our use of your personal information, please refer to our GDPR Complaints Procedure – available on request or at janrosereflexology.co.uk.

Published June 2026