top of page

GDPR Privacy Policy

General Data Protection Regulation (GDPR) Policy


I am committed to protecting and respecting the privacy of all my clients.

This policy has been prepared in accordance with GDPR and may be changed from time to time as updates are required. It is effective from 25th May 2018.


This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.


Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).


The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data. We do this now, by requesting that you read the information provided at



Why is my data being collected?

As a therapist, I collect and process your data to ensure I provide you with a good standard of service, care and treatment and to comply with my insurance requirements.  It is also used to compare progress week to week and to highlight changes, red flags, yellow flags, action to be taken and a detailed dialogue of treatment provided.


Who is collecting it?

I am a self-employed qualified Bowen Therapy Practitioner trading as Joana’s Bowen Therapy. I will be the only one collecting the data. On occasion data from relevant medical notes / letters and scans provided by you or with your express permission may also form part of the data collected and held by me.


What information is being collected?

A record of your personal details, date of birth, address, telephone numbers, email, your next of kin (if provided), relevant medical information including medication, health problems, symptoms and concerns along with treatment information is kept on file.

Pictures taken for assessment or comparison purposes are also kept on record. These pictures will not be used in any marketing material and will not be shown to anyone else without your consent.


How is it collected?

Any information I hold on file has come directly from you, the person who booked the appointment or a parent/guardian of a client under the age of 16.


Where do I keep your information?

All data will be held in Cliniko. This is a “cloud based” client management and record keeping system where I hold all information about our sessions and a dedicated file for you.

 All notes previous to February 2022 were also imported to Cliniko are now held electronically and the original has been destroyed. This information is not held locally on my computer or backed up to any physical device in my possession.

Cliniko management system have policies and procedures in place to keep your data safe, to allow me to process it in the most efficient way and to comply with GDPR.


How will I use your information?

Data will be used to communicate appointments, session information, progress, relevant referrals, a record of treatment and to contact you with marketing information such as an email newsletter. You are welcome to opt out of email or text reminders regarding your appointment and promotions at any time. The information you provide along with details of your treatments are treated as confidential.


Who will it be shared with?

Data is rarely used to communicate and be shared outside of the clinical environment. On occasion you maybe asked for permission for the information to be shared with another practitioner or medical service for referred treatment:

Full permission will be requested first. 


How long will I keep your data?

I will keep your details and supplementary information for as long as necessary. As a minimum this will be 7 years following the last occasion on which treatment was given. In the case of a minor, 7 years after they reach the age of 18 years old.



All computers, laptops, tablets and phones are locked with passcodes. Online software is password protected.

In the unfortunate event of a data breach, I will notify you as soon as reasonably possible.


Persons under the age of 16 years old

The data I collect for persons under that age of 16 years old is within the same categories for adults. In addition, a parent or guardian is required to read and sign a consent form for Bowen therapy treatment. A parent or guardian is required to be present at the time of treatment for any person under that age of 16 years old.


Consent for Treatment

You will be required to read and consent to this privacy policy before treatment can commence. If you choose not to give consent, treatment will not be carried out and the initial details provided will be deleted.

bottom of page