What are Cookies?
A cookie is a small file of letters and numbers that we put on your computer or device when you use this website.
We use ‘session’ cookies to: help the website work. These expire as soon as you close the browser you are using (e.g. Google, Chrome, Internet Explorer, etc)
We use ‘analytical’ cookies to: record anonymous information about your visit to and the use of the website. This helps us to improve the way our website works, for example by making sure users are finding what they need easily.
Some of these cookies may stay on your computer for up to two years. They are only used again if you come back to this website when the analytics cookie will know you have visited the website before.
Please note we do not:
Find out more about cookies on www.allaboutcookies.org.
Our web sites may contain links to other websites. We are not responsible for the privacy practises of third party web sites should you should to visit them from a link.
If you complete our on-line request forms or contact us by email, we will collect various pieces of personal information including items such as your name and email address and telephone number.
Personal data submitted on this web site will be used for the following purposes only
(a) to assist with the processing of any request you make to us via the web site
(b) to review, develop and improve our web site and the products and services we offer
(c) for marketing purposes such as providing you with details of products, services, events and promotions which may be of interest to you
Your data will only be used by NH Acupuncture.
We will take all reasonable precautions to prevent the loss, misuse or theft of your personal information. Sending personal information over the internet can be insecure and you should be aware of the security risks of providing information on-line.
Natalie Harrison Acupuncture
Purpose of privacy notice
The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the GDPR). This legislation will replace current data privacy law, coming into effect on 25th May 2018.
This privacy notice provides you with details of how we collect and process your personal data including through your use of our site www.nhacupuncture.co.uk
Personal data relates to a living individual who can be identified from that data. (It does not include anonymised data). Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. Examples of personal data we may hold about you include your contact and appointment details.
Special category data
Special category data is a sub-category of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Examples of special category data we may hold about you include your patient notes.
Natalie Harrison is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
Our full details are:
Full name of legal entity: Natalie Harrison Acupuncture
Email address: firstname.lastname@example.org
Postal address: 5 Cavendish Avenue, Churchdown, Gloucestershire GL3 2HN
Telephone number: 07976 375371
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at email@example.com
We collect data from you from you for the purposes of providing our services to you and additionally due to our need to comply with a legal obligation.
Our legal ground of processing this data is your explicit consent and is a contractual requirement (you cannot be a patient and receive services if you do not provide it). Data is processed for the purposes of assessing your needs, giving appropriate advice and treatment, recording treatments and communicating with you.
Our justification for this processing of your personal data is that it is in our legitimate interests to do so (in order to provide you with a safe, appropriate and effective service).
We do not share your details for marketing purposes and your personal data will never be sold by us.
We comply with our obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the purposes set out below.
We use your name, address, telephone number and email address to make and rearrange appointments. We are unable to send or receive encrypted emails so you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send us is within the bounds of the law.
Although we have security measures in place, we do not advise sending any “sensitive” data such as health information via electronic means. Please note that we ask you to communicate any sensitive information during the consultation as part of the initial treatment. Records are kept in paper copy format and retained in a locked filing cabinet for security.
We keep a permanent attendance register which records all appointments for patients attending our clinic to keep a record of when you were treated for legal reasons.
We may use your date of birth to help identify patients with the same name to avoid mistakes being made as to safe and appropriate treatment, for identification purposes if referring a patient to another health practitioner, and for identification purposes if writing to a registered medical practitioner so that they correctly identify the patient.
We use your presenting complaint and symptoms reported by you for the purposes of making a full traditional diagnosis, formulating treatment strategy and treatment planning.
We use any relevant medical and family history you have told us for making a full traditional diagnosis, formulating treatment strategy and treatment planning.
We use your GP’s name and address in the event that we need to contact your GP including in an emergency and because it is a mandatory requirement in the British Acupuncture Code of Professional Conduct.
We use our clinical findings about your health and wellbeing for making a full traditional diagnosis, and formulating treatment strategy and treatment planning.
We keep a record of and refer to that record of any treatment given and details of progress of your case, including reviews of treatment planning to enable us to: review the full traditional diagnosis, treatment strategy and planning.
We record and use any information and advice that we have given, especially when referring patients to any other health professional, to help you to receive the most appropriate treatment
We record any decisions made in conjunction with you to help you to receive the most appropriate treatment. Records are also kept as evidence in the event of a complaint or a claim being made against us.
We keep accident records for any patients, visitors or staff who are involved in accidents at our clinic in accordance with UK Health and Safety legislation including the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) to comply with the law.
I have CCTV on the premises for personal security reasons. If you have any queries about this please email me at firstname.lastname@example.org
We may receive data from third parties such as analytics providers such as Google based outside the EU, advertising networks such as Facebook based outside the EU, such as search information providers such as Google based outside the EU, providers of technical, payment and delivery services, such as data brokers or aggregators.
We do not use or share your details for marketing purposes and your personal data will never be sold by us.
We may have to share your personal data with the parties set out below:
We require all third parties to whom we transfer your data to respect the security and confidentiality of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
We keep patient records for a period of 7 years in accordance with the British Acupuncture Code of Professional Conduct https://www.acupuncture.org.uk/public-content/effective-practice/bacc-professional-codes.html
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
You can see more about these rights at:
If you wish to exercise any of the rights set out above, please email us at email@example.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
We use a third party service (1&1) to host our website, which is built with WordPress. Anonymous information is collected about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. For more information about how 1&1 processes data, please see https://www.1and1.co.uk/PrivacyPolicy
We use website cookies to improve user experience of our website by enabling our website to ‘remember’ users, either for the duration of their visit – using a ‘session cookie’ – or for repeat visits – using a ‘persistent cookie’.