Data Privacy (inc NHS Test and Trace)

To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have been mandated by law to collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contact tracing.

By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace where requested, we can help to identify people who may have been exposed to the coronavirus.

As a customer of Bowen in Motion you will be asked to provide some basic information and contact details. The following information will be collected:

– the names of all customers or visitors, or if it is a group of people, the name of one member of the group,
– a contact phone number for each customer, or for the lead member of a group of people,
– date of visit and arrival time and departure time

The establishment as the data controllers for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time it holds the information. When that information is requested by the NHS Test and Trace service, the service would at this point be responsible for compliance with data protection legislation for that period of time.

The NHS Test and Trace service as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from the venue/establishment, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.

In addition, if you only interact with one member of staff during your visit, the name of the assigned staff member will be recorded alongside your information.

NHS Test and Trace have asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period. We will only share information with NHS Test and Trace if it is specifically requested by them.

For example, if another customer at the venue reported symptoms and subsequently tested positive, NHS Test and Trace can request the log of customer details for a particular time period (for example, this may be all customers who visited on a particular day or time-band, or over a 2-day period).

We will require you to pre-book appointments for visits.

Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes, and NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order). In addition, where the information is only collected for the purpose of contact tracing, it will be destroyed by us 21 days after the date of your visit.

However, the government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name, date of birth and phone number). Where this is the case, this information only will continue to be held after 21 days and we will use it as we usually would, unless and until you tell us not to.

Your information will always be stored and used in compliance with the relevant data protection legislation.

The use of your information is covered by the General Data Protection Regulations Article 6 (1) (c) a legal obligation to which we as a venue/establishment are subject to. The legal obligation to which we’re subject, means that we’re mandated by law, by a set of new regulations from the government, to co-operate with the NHS Test and Trace service, in order to help maintain a safe operating environment and to help fight any local outbreak of corona virus.

Bowen in Motion does NOT transfer personal data outside of the UK.

By law, you have a number of rights as a data subject, such as the right to be informed, the right to access information held about you and the right to rectification of any inaccurate data that we hold about you.

You have the right to request that we erase personal data about you that we hold (although this is not an absolute right).

You have the right to request that we restrict processing of personal data about you that we hold in certain circumstances.

You have the right to object to processing of personal data about you on grounds relating to your particular situation (also again this right is not absolute).

If you are unhappy or wish to complain about how your information is used, you should contact a member of staff in the first instance to resolve your issue.

If you are still not satisfied, you can complain to the Information Commissioner’s Office. Their website address is www.ico.org.uk.

We keep our privacy notice under regular review. This privacy notice was last updated on 24 September 2020.

The following Data Privacy statement is designed to explain what information is being collected and processed to comply with the requirements of the GDPR that came into effect on May 25th 2018.

Data Privacy: What information is being collected?

As part of visiting us at Bowen in Motion we will need to have a record of your personal details, date of birth, address, telephone numbers, email and relevant medical information relating to your session. Only occasionally will it be appropriate to have social media account information as well as part of your profile. A unique reference number will also be allocated to you. 

Personal data about your presenting symptoms and treatment provided will also be documented in detail. You have access to this information at all times.

All data will be held in a locked filing cabinet.

No client files are left on surfaces for other clients/staff to read.

All data taken whilst on a mobile treatment will be transported in a locked bag, out of sight. No notes are left unattended in a vehicle at anytime. 

All notes being transported will use the unique reference codes to identify you as a client. In the rare event they are stolen or lost, you cannot be identified or traced.

Email addresses are held on a secure database is held on Mailchimp for individuals who sign up to the Bowen in Motion newsletter. The newsletter has an unsubscribe policy.

Who is collecting it?

Bowen in Motion practitioners are collecting data at the start of your first session. Some information maybe requested by email or text message to ensure the smooth running of your treatment. On occasion data from relevant medical notes, letters or scans may also form part of the data collected and held by us.

How is it collected?

Collection of data will happen via pen and paper note taking, electronic note taking, email, text messages, scanned paper records, occasionally photographs, videos, and letters by mail.  No personal data will be collected via social media.

Why is it being collected?

Data is collected to record, guide and supervise your progress and be able to communicate effectively with you for the best outcomes. It is also used to compare progress week to week and to highlight changes, red flags, yellow flags, action to be taken and a detailed dialogue of treatment provided. 

On occasions we are invited to take part in research studies. No data is shared for research purposes without your express written permission prior to transferring any data. Again unique reference codes will be used to transfer data. 

How will it be used?

Data will be used to communicate appointments, session information, progress, relevant referrals, and relevant consented media.

Who will it be shared with?

Data is rarely used to communicate and be shared outside of the clinical environment. On occasion you maybe asked for permission for the information to be shared with another practitioner outside of Bowen in Motion:

Full permission will be requested first. 

Personal data will be sent by post or email separately to your treatment information and a personal allocated reference code will be used to ensure the individual cannot be identified without the two pieces of data recording being put together.

Client experiences can be shared with the public with full consent from the client themselves. This will be taken in on a consent form signed by the client prior to sharing.

What will be the effect of this on the individuals concerned?

There should be no data leakage with regards to clients. 

No data is shared with third parties without consented permission.

No data is sold to third parties for business reasons.

No data is held on phones unless encrypted with a pin number, finger print or facial recognition. No phones are left unattended. Lost or stolen phones need to be locked remotely to prevent third parties reading any sensitive information.

No sensitive / identifiable data is sent by email together in the same posting. Unique reference codes are used.

All computers / laptops and tablets are locked with passcodes and not left unattended. Only individuals with permission to read notes can access this data.

Is the intended use likely to cause individuals to object or complain? 

We at Bowen in Motion take data protection and privacy seriously and promote this philosophy to all the industry in relation to protecting client data. 

The data mapping in place should never cause a client to object or complain. Any queries and requirements are taken seriously and honoured.