Under the General Data Protection Regulations (GDPR), you have specific rights. This privacy notice tells you what to expect when Restoring Balance Yoga & Massage collects personal information. We are committed to processing your data securely and transparently. This notice applies to current and former patients.
In relation to your personal data, we will comply with data protection law. This says that the personal information we hold about you must be:
Personal data or information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed.
We hold many types of data about you, including:
There are “special categories” of more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation.
We will use your special category data:
We must process special categories of data in accordance with more stringent guidelines. We will process special categories of data when the following applies:
As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.
When you supply your personal details to this clinic they are stored and processed for 4 reasons:
Provided we have your consent, we may occasionally send you general health information in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let us know by any convenient method.
We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We retain your treatment records for as long as is needed from the date of your last visit to us.
We will retain your contact records indefinitely should you need to see us at some future date. However, we will be happy to delete this at your request once the legal obligation has passed.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
We have put in place measures to protect the security of your information against accidental loss or disclosure, alteration, unauthorised access, destruction or abuse. We have implemented processes to guard against such. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Our Data Security Policy is available on request. Please ask our receptionist who will ensure a copy is provided to you.
Where we share your data with third parties, we provide written instructions to them to ensure that your data are held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
Your records are stored:
We will never share your data with anyone who does not need access without your written consent.
Only the following people/agencies will have routine access to your data:
From time to time, we may have to employ consultants to perform tasks which might give them access to your personal data (but not your treatment notes). We will ensure that they are fully aware that they must treat that information as confidential, and we will ensure that they sign a non-disclosure agreement.
We may also share your data with third parties as part of a clinic sale or restructure, or for other reasons to comply with a legal obligation upon us. We would always keep you informed of these situations.
We do not share your data with bodies outside of the European Economic Area.
As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right to be informed, a right of erasure, a right to restrict processing.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee for a second or subsequent copy of information or if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
If you have any questions about this GDPR & Privacy Notice or how we handle your information please contact the Data Controller, whose details are shown below.
If you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to the Data Controller. Here are the details you need for that:
Data Controller: Restoring Balance Yoga & Massage
Address: Restoring Balance Yoga & Massage, Hillhead Sports Club, 32 Hughenden Road, Glasgow, G12 9XP
Telephone: 07973 628578
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office (ICO) www.ico.org.uk.
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the person who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.
We do not use any system which uses automated decision making or profiling in respect of your personal data.
If you send us a private or direct message via social media the message will be stored in that media for three months. It will not be shared with any other organisations.
When you visit www.restore-balance.co.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Cookies’ are small pieces of information that are stored by your browser on your computer’s hard drive.
We use Google Analytics, a very popular tool used to analyse site usage and traffic, which utilises cookies. This helps us to refine the site content and give you the best experience on this website.
If you are concerned about cookies, you can turn them off in your browser. However, if you do this please note that some areas of the site may not work properly.
To find out more about cookies, how to turn them off, on our Cookies Policy page.