Privacy Notice

This notice sets out my policies and procedures in relation to information about you which I hold.

Why I collect your personal data and what I do with it

When you supply your personal details to me the information is stored and processed for four reasons (relevant terms used in the General Data Protection Regulations are in bold)

1. I collect personal information about your health in order to provide you with the best possible care. Your requesting treatment and my agreement to provide that care constitutes in the law an (unwritten) contract.
2. I have a legitimate interest in collecting personal information about your health, because without it I couldn’t practice acupuncture or shiatsu effectively and safely.
3. I keep records of your contact information, so I can contact you in order to confirm your appointments or so you can up date me on matters related to your medical care. Again this constitutes a legitimate interest.
4. Provided I have your consent (and this only needs to be verbal consent), I may send you individualised health information by email in the form of articles or advice. You may withdraw this consent at any time, just let me know by any convenient method.

I also keep files containing records of payment for treatments both on my password protected computer and in my locked cabinet in my home clinic. I keep copies of receipts which I send out to people who request them which include dates of treatments and names of clients.

If you subscribe to my news letter or give your written consent to receive it, it will be delivered via a third party provider, MailChimp so your name and email address may be saved on their server. You may withdraw this consent at any time by unsubscribing when you receive the news letter or by letting me know by any convenient method.

Some patients and prospective patients return pre- 1st appointment questionnaires or tell me about their medical conditions and medication by email. I am unable to send or receive encrypted emails so any emails I send or receive may not be protected in transit. Please be aware that you have a responsibility to ensure that any emails you send me are within the bounds of the law.

How long I keep your data

I have a legal obligation to retain your records for 8 years after your most recent appointment or after you have reached the age of 25, if this is longer. After this period I will ensure your records are deleted securely.

Your clinical records are stored in a password protect tablet and backed up in the cloud which is password protected. Your contact details are stored on paper in a locked cabinet in my clinic. Your emails are stored in an on line file within my email program which is password protected.

What are your rights

I, Sally Lancaster, am the Controller of the personal data you provide. If at any point you believe the information I hold on you is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how I have handled your personal data, you can contact me at This email address is being protected from spambots. You need JavaScript enabled to view it.
If you are not satisfied with my response or believe I am processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office