GDPR, Privacy and Cookies Policy 1.    We    at    Reform    Health    take    your    privacy    seriously.    This policy    covers    the    collection,    processing    and    other    use    of personal   data   under   the   Data   Protection   Act   1998   (“DPA”)   and the General Data Protection Regulations (“GDPR”). 2.   For   the   purpose   of   the   DPA   and   GDPR   we   are   the   data controller     and     any     enquiry     regarding     the     collection     or processing   of   your   data   should   be   addressed   to   Nicky   Healy at     Reform     Health,     Unit     7,     Business     Innovation     Centre, Staffordshire       Technology       Park,       Stafford,       ST18       0AR. Alternatively,        you        can        email        your        enquiry        to info@reformhealth.co.uk.   Information we collect 3.   We   will   collect   personal   data   directly   provided   to   us   by   you, e.g.   your   name,   e-mail   address,   home   or   work   address   and telephone   number,   and   past   medical   history.   This   has   been provided to us by you, therefore, with your consent. 4.   Some   treatments   should   not   be   performed   under   certain medical   conditions,   therefore,   the   information   you   provide   to us    should    include    all    known    medical    conditions    and    all questions      should      be      answered      honestly.      It      is      your responsibility    to    keep    the    therapist    updated    as    to    any changes   in   your   medical   profile   and   there   shall   be   no   liability on the therapist’s part should you fail to do so. 5.    Your    payment    information    provided    when    you    make    a purchase   through   credit/debit   card   is   not   received   or   stored by   us.   That   information   is   processed   securely   and   privately   by the    third-party    payment    processors    that    we    use.    Reform Health   will   not   have   access   to   that   information   at   any   time. We     may     share     your     personal     data     with     our     payment processors,    but    only    for    the    purpose    of    completing    the relevant   payment   transaction.   Such   payment   processors   are banned    from    using    your    personal    data,    except    to    provide these    necessary    payment    services    to    us,    and    they    are required   to   maintain   the   confidentiality   of   your   personal   data and payment information. Use of your information 6.   We   may   hold   and   process   personal   data   that   you   provide to   us   in   accordance   with   the   DPA   and   GDPR.   The   information that   we   collect   and   store   relating   to   you   is   primarily   used   to enable us to provide our services/advise to you. 7.   In   addition,   we   may   use   the   information   for   the   following purposes: To    notify    you    about    any    changes    to    our    services,    such    as improvements   or   service/product   changes,   that   may   affect our   service.   We   may   contact   you,   where   you   have   consented, to receive our e-newsletter from time to time. Disclosure of your information 8.   We   may   disclose   your   information   to   regulatory   bodies   to enable    us    to    comply    with    the    law    and    to    assist    fraud protection. 9.   Please   be   assured   that   we   do   not   reveal   any   information about identifiable individuals to our advertisers. Controlling the use of your data 10.    If    you    have    given    us    consent    to    use    your    data    for    a particular   purpose   you   can   revoke   or   vary   that   consent   at   any time.   If   you   do   not   want   us   to   use   your   data   or   you   wish   to vary   the   consent   that   you   have   provided   you   can   write   to   us or email us using the information detailed in clause 2. Where we store and transfer your data 11.   As   part   of   the   services   offered   to   you   by   Reform   Health, the   information   you   provide   to   us   may   be   transferred   to   and stored   in   countries   outside   of   the   European   Economic   Area (EEA)   as   we   use   remote   website   server   hosts   to   provide   our booking   software,   website   and   some   other   aspects   of   our service,    which    may    be    based    outside    of    the    EEA,    or    use servers   based   outside   of   the   EEA   -   this   is   generally   the   nature of   data   stored   in   “the   Cloud”.   It   may   also   be   processed   by staff    operating    outside    the    EEA    who    work    for    one    of    our suppliers,   e.g.   our   website   server   host,   or   work   for   us   when temporarily outside of the EEA. 12.   We   have   a   legal   obligation   to   retain   your   records   for   8 years   after   your   most   recent   appointment,   after   this   period you   may   ask   us   to   delete   your   records   if   you   wish.   Otherwise we   will   retain   your   records   so   that   we   may   provide   you   with the   best   possible   care   should   you   need   to   see   us   at   some future date. Our records are stored: • On     paper     in     locked     filing     cabinets     in     an     alarmed building. • Electronically    using    a    cloud    based    booking    software system    10    to    8.    This    provider    has    given    us    their assurances that they are fully compliant with GDPR. • We   will   never   share   your   data   with   other   companies   for marketing purposes. • We     will     only     share     your     data     to     other     medical professionals with your written consent. Only    the    following    people    will    have    routine    access    to your data: • Your    practitioner,    Nicky    Healy,    in    order    that    we    may provide you with appropriate treatment. • Our   booking   software   provider,   10   to   8   in   storing   your contact details. Security 13.   The   transmission   of   information   via   the   internet   or   email is   not   completely   secure.   Although   we   will   do   our   best   to protect   your   personal   data,   we   cannot   guarantee   the   security of   data,   any   such   transmission   is   at   your   own   risk.   Once   we have     received     any     personal     data,     we     will     use     strict procedures      and      security      features      to      try      to      prevent unauthorised access. Use of cookies on our website 14.    Our    Website    uses    cookies.    We    use    cookies    to    gather information    about    your    computer    for    our    services    and    to provide    statistical    information    regarding    the    use    of    our Website.   Such   information   will   not   identify   you   personally   -   it is    statistical    data    about    our    visitors    and    their    use    of    our Website.   This   statistical   data   does   not   identify   any   personal details   whatsoever.   We   may   also   gather   information   about your   general   Internet   use   by   using   a   cookie   file.   Where   used, these      cookies      are      downloaded      to      your      computer automatically.   This   cookie   file   is   stored   on   the   hard   drive   of your     computer,     as     cookies     contain     information     that     is transferred   to   your   computer's   hard   drive.   They   help   us   to improve   our   Website   and   the   service   that   we   provide   to   you. All   computers   have   the   ability   to   decline   cookies.   This   can   be done   by   activating   the   setting   on   your   browser   which   enables you    to    decline    the    cookies.    Please    note    that    should    you choose    to    decline    cookies,    you    may    be    unable    to    access particular parts of our Website. Third party links 15.    You    might    find    links    to    third    party    websites    on    our website.    These    websites    should    have    their    own    privacy policies,    which    you    should    check.    We    do    not    accept    any responsibility   or   liability   for   their   policies   whatsoever   as   we have no control over them. Your rights 16.     The     DPA     and     GDPR     give     you     the     right     to     access information   held   about   you   by   us   at   any   point.   Please   write   to us   or   contact   us   by   email   if   you   wish   to   request   confirmation of   what   personal   information   we   hold   relating   to   you.   You can   write   to   us   at   the   address   detailed   in   clause   2,   above,   or by   email   to   info@reformhealth.co.uk.   There   is   no   charge   for requesting   that   we   provide   you   with   details   of   the   personal data   that   we   hold.   We   will   provide   this   information   within   one month of your requesting the data. 17.   You   have   the   right   to   change   the   permissions   that   you have   given   us   in   relation   to   how   we   may   use   your   data.   You also   have   the   right   to   request   that   we   cease   using   your   data or    that    we    delete    all    personal    data    records    that    we    hold relating   to   you.   You   can   exercise   these   rights   at   any   time   by contacting us using the information detailed in clause 2. Changes to this policy 18.   We   may   update   these   policies   to   reflect   changes   to   our services.   Please   regularly   review   these   policies   to   be   informed of how we are protecting your personal data. 19.   We   welcome   any   queries,   comments   or   requests   you   may have   regarding   this   Privacy   Policy.   Please   do   not   hesitate   to contact    us    at:    Reform    Health,    Unit    7,    Business    Innovation Centre, Staffordshire Technology Park, Stafford, ST18 0AR Version: August 2020