General Data Protection Reform

Stevenson Holistic Therapies
14 Liberton Place,
Edinburgh, EH16 6NA

The purpose of this notice.
This notice is designed to help you understand what kind of information we collect in connection with our business and how we process and use that information.
In the course of providing you with our services we will collect and process information that is commonly known as personal data. This notice describes how we collect, use, share, retain, safeguard personal data and what your rights are.
Lawful basis for processing personal data.
The data subject has given consent to the processing of his or her personal data for the specific purpose of receiving healthcare treatment within 14 Liberton Place.
As a provider of healthcare, we process the following data;
Personal data such as an individual’s name, address, date of birth, gender, contact details, details of medical history, emergency contact number, medical history and details of present medical conditions.
If you object to the collection, sharing and use of your personal data we may be unable to provide you with our full services.
If you require more information about our processes please contact our data controller; Angela Davidson on 07939328776 or email

If you are dissatisfied with any aspect of the way we process your personal data please contact the above named person.
You may also have the right to complain to the UK,s data protection supervisory authority, The information Commissioner’s office (ICO).
The ICO may be contacted via it’s website at www:// or by phone on 0303 123 1113.

Why we keep your personal data?

We use your personal data for the performance of our contract with you, so that we can provide the appropriate healthcare.

Where we will keep your personal data?
We will keep the hard copy of client record cards securely locked in the office at 14 Liberton place at all times along with other relevant paperwork.
These records will not be taken out of the property or shared with anyone or any organisation without prior consent from the client.
If permission is given by the client we may keep their phone number and email address on an electronic device for communication between us and the client ONLY, NO OTHER INFORMATION WILL BE STORED ELECTRONICALLY.

Data retention.
The records will be kept for 7 years following the last occasion on which a treatment was given, or 3 years after the death of a client. In the case of minors the records will be kept until at least 7 years after the age of consent. We will keep records for members of the armed forces and police force indefinitely.
The retaining data is necessary where required for contractual, legal regulatory purposes or for our legitimate business interests.
Sometimes we may retain your data for longer, for example if we are representing you or defending ourselves in a legal dispute or as required by law or where evidence exists that a future claim may occur.

Your rights.
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to it’s processing, to have the data corrected if inaccurate, to take copies of the data and to replace restrictions on its processing. Individuals can also request for deletion of their personal data.
These rights are known as Individual rights under the Data Protection Act 2018. The following list details these rights;
The right to be informed about personal data being processed;
The right of access to your personal data;
The right to object to the processing of your personal data;
The right to restrict the processing of your personal data;
The right to rectification of your personal data;
The right to erasure of your personal data;
The right to data portability (to receive an electronic copy of your personal data)
Individuals can exercise their individual rights at any time. As mandated by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable fee.
In exercising your individual rights, you should understand that in some situations we may be unable to fully meet your requests, for example if you make a request for us to fully delete all your personal data, we may be required to retain some data for legal or statutory purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.

The right to erasure.
Individuals have the right to have their personal data erased under article 17 of the GDPR if;
The personal data is no longer necessary for the purpose for which it was originally collected or processed.
We are relying on personal consent as the legal basis for holding that data and the person withdraws their consent.