Glasgow Bowen Clinic Ltd


GDPR: General Data Protection Regulation Policy. May 2018.


What information is being collected?


As part of visiting The Glasgow Bowen Clinic Ltd, we will need to have a record of your personal details, date of birth, telephone numbers, email and relevant medical information relating to your session. Only occasionally will it be appropriate to have social media account information as well as part of your profile.


Personal data about your presenting symptoms and treatment provided will also be documented in detail. You have access to this information at all times.


All data will be held in a locked filing cabinet.


No client files are left on surfaces for other clients/staff to read.

All data taken whilst on a mobile treatment will be transported in a locked bag, out of sight in a boot. No notes are left unattended in a vehicle at any time.


All notes being transported will use a unique reference code to identify you as a client. In the rare event, they are stolen or lost, you cannot be identified or traced.


All notes will be kept secure for a period of 8 years for adults and will then be destroyed if you are no longer attending clinic. All children’s notes will be kept until adult age ( 21 ), and then destroyed if no longer attending the clinic.


Who is collecting it?


Your practitioner/receptionist is collecting data at the start of your first session. Some information may be requested by email or text message to ensure the smooth running of your treatment. On occasion data from relevant medical notes/letters and scans may also form part of the data collected and held by your practitioner.


How is it collected?


Collection of data will happen via pen and paper note-taking, secure email, text messages, occasionally photographs, videos, and letters by mail. No personal data will be collected via social media.


Why is it being collected?

Data is collected to record, guide and supervise your progress and be able to communicate effectively with you for the best outcomes. It is also used to compare progress week to week and to highlight changes, red flags, yellow flags, action to be taken and a detailed dialogue of treatment provided.


Data also helps us to carry out relevant research from time to time. All clients can opt-in or opt-out of this. Again unique reference codes will be used to transfer data.


How will it be used?


Data will be used to communicate appointments, session information, progress, relevant referrals, and relevant consented media.


Whom will it be shared with?


Data is rarely used to communicate and be shared outside of the clinical environment. On occasion you may be asked for permission for the information to be shared with another practitioner or medical service for referred treatment:

Full permission will be requested first.


Personal data will be sent by post or email separately to your treatment information and a personal allocated reference code will be used to ensure the individual cannot be identified without the 2 pieces of data recording being put together.


Client experiences can be shared with the public with full consent from the client themselves. This will be taken in on a consent form signed by the client prior to sharing.


What will be the effect of this on the individuals concerned?


There should be no data leakage with regards to clients.


No data is shared with 3rd parties without consented permission.


No data is sold to third parties for business reasons.


No data is held on phones unless encrypted with a pin number/fingerprint recognition. No phones are left unattended. Lost/stolen phones need to be locked remotely to prevent 3rd parties from reading any sensitive information.

No sensitive/identifiable data is sent by email together in the same posting. Unique reference codes are used.

All computers/laptops and tablets are locked with passcodes and not left unattended. Only individuals with permission to read notes can access this data.

Is the intended use likely to cause individuals to object or complain? 

All therapists take data protection and privacy seriously and promote this philosophy to all the industry in relation to protecting client data.

The data mapping in place should never cause a client to object or complain. Any queries and requirements are taken seriously and honoured.

Any data requests should be made in writing or via email and will be responded to within 30 days.

Colin Murray

Clinic Director

Glasgow Bowen Clinic Ltd