You may have spotted that GDPR came into effect on 25th May 2018.

I’m not one for sending out unsolicited mail with irrelevant information for my clients, my coaching or therapy business but I may have a need on occasion to send out updates, news or event information that may interest you or someone you know.  Below sets out my guidelines and if you feel there’s anything missing or have a query, please contact me.

It is a requirement of the new General Data Protection Regulations coming into effect on 25th May 2018, that we tell you how and why we use your data.

Malmesbury Therapy works in accordance with the General Data Protection Regulations (GDPR), enforced from 25th May 2018, when processing personal data.

Personal data is only held for as long as is necessary to complete the therapeutic contract agreed with client and for any subsequent follow ups.  The prime purpose of maintaining personal data is for direct communication.   For administrative, confidential reasons data may only be accessed securely only by the service provider, Malmesbury Therapy unless there are reasons which will be discussed at contracting that will lead to the data being accessed for specifically notified reasons in advance of therapy taking place.  No personal data will ever be sold or otherwise exchanged.

In accordance with medical / mental health guidelines legally medical records must be retained for 7 years.  If at this point a client has not returned for further treatment, notes are destroyed and the client details removed from our database.  We have a very strict confidentiality and data storage procedure in line with our professional standards of good practice and European Law (GDPR, May 2018)

Personal data is collected through an online enquiry form or direct contact via telephone or email, or face to face sessions.

Information held includes:

Name and Date of Birth
Living arrangements
Address (for invoicing purposes)
Email Address
Telephone Numbers (landline and/or mobiles)
Confidential session notes
Personal data is used to follow up enquiries as agreed with the client.

Data is stored securely in a locked filing cabinet or password protected on a local computer; basic financial information may be partially stored on IZettle database (amount only, other information is encrypted and inaccessible by Malmesbury Therapy). Name and email addresses are also stored on MailChimp’s secure email campaign platform unless you have opted to unsubscribe from emailed updates.

Data will be held until no longer required or deletion is requested (whichever is sooner) except where it may be necessary for the legal operation of the business e.g. keeping a record of notes/invoices provided.  You may request a copy of (or object to the processing of your data) at any time by emailing us

In general, all personal data can be requested and erased / shredded with the exception of when data is deemed necessary to be maintained for the legal operation of Malmesbury Therapy.

Malmesbury Therapy will not send unsolicited emails unless expressly requested as a means of information giving.  All emails sent by Malmesbury Therapy will be clearly marked as originating from us.  You may unsubscribe at any time.  If the operating name of Malmesbury Therapy is replaced at some point in the future, clients will be made aware either directly or indirectly by means of web redirections.

Please contact us if you have any questions.