Privacy policy 2026 – The Sanguine Smith

(Last updated March 2026)

Therapist’s Name/Identity: Kath Smith

Therapist’s Contact Details:

Telephone No: 07747112901

Email address: hello@thesanguinesmith.com

Data Controller Contact Details:

Kath Smith trading as The Sanguine Smith is the data controller.

Kath Smith/ 07747112901

‍ ‍

Registered with the Information Commissioner’s Office (ICO) as required under UK data protection law.

The type of personal information we collect:

In order to give professional reflexology treatments and run baby & toddler classes, I will need to ask for and keep information about your child’s / your health. I will only use this for informing treatments / classes and any advice I give as a result of your treatment.

‍ ‍

The information to be held is:

•        Your contact details

•        Medical history and other health-related information

•        Lifestyle information (adult clients only)

•        Details of products used in skincare if having a facial treatment

•        Treatment details and related notes

‍ ‍

I will only share your information where necessary and lawful, including where required by law, for insurance purposes, or safeguarding concerns.

How we get the personal information and why we hold it

Most of the personal information we process is provided to us directly by you for

The following reasons:

-       For informing treatments and any advice I give as a result of your treatment.

-       To be aware of any contraindication to treatment / classes.

-       Provide you with the best possible treatment options, support and advice.

‍ ‍

For personal information relating to children

-       Data is provided by a parent/ legal guardian

-       Consent is given by parent / legal guardian

Lawful Basis for holding and using Client Information:

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis werely on for processing this information are:

Article 6(1)(f) – legitimate interests (main basis)

(f) We have a legitimate interest i.e. my requirement to retain theinformation in order to provide you with the best possible treatment optionsand advice.

Article 6(1)(c) – legal obligation (for retention rules)

(c) We have a legal obligation:

1.1. ‘Claims occurring’ insurance: (records to be kept for 7 years after last treatment)

1.2. Law regarding children’s records (records to be kept until the child is 25 or if 17 when treated, then 26)

Article 9 basis: Provision of health care / treatment

As I hold special category data (i.e. health related information), the additional condition under which I hold and use this information is: for me to fulfil my role as a health care practitioner bound under the AoR Confidentiality as defined in the AoR Code of Practice and Ethics.

DPA 2018 states the condition as “for health and social care purposes” at Article 9(2)(h).

‍ ‍

Protecting Your Personal Data:

I am committed to ensuring that your personal data is secure.

‍ ‍

In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect from you.

These include:

• Password-protected devices

• Locked filing storage

• Limited access

• GDPR compliant payment and online form tools.

I will contact you using the contact preferences you give me in relation to:

• Appointment / class times                                                                 

• Reflexology information or information related to your health           

• Client feedback following treatments (individual clients only – not group classes)

Marketing will only be sent out with explicit consent given in ‘New client information form’, or ‘baby/ toddler class consent form’

• Special offers, newsletters and promotions

We keep your personal treatment information and contact details for 7 years as required by law (or until 25 if a child). We will then dispose of your information by shredding physical documents and deleting any digital files from all devices.

Marketing information is retained until consent is withdrawn.

Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact me at hello@thesanguinesmith.com if you wish to make a request.

THERAPIST’S RIGHTS

Please note:

·       If you don’t agree to your therapist keeping records of information about you and your treatments, or if you don’t allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you

·       Your therapist has to keep your records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed

·       Your therapist can move their records between their computers and IT systems, as long as your details are protected from being seen by others without your permission.

How to complain:

If you have any concerns about our use of your personal information, you have the right to complain and are encouraged to contact me first at:

hello@thesanguinesmith.com

You can also complain to the ICO if you are unhappy with how we have used your data. The ICO’s address: Information Commissioner’s Office Wycliffe House Water Lane, Wilmslow Cheshire SK9 5AF Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk

Data Breach:

In the event of a data breach, I will comply with UK GDPR reporting requirements.

‍ ‍