top of page

Privacy Policy

Privacy Notice: Your Personal Information & GDPR Compliance

Effective Date: July 2025
Therapist: Gaia Simbolotti
Data Controller: Gaia Simbolotti (as above)
Data Protection Officer (DPO): Not applicable

Why I Collect Your Personal Information

As a qualified healthcare practitioner and member of the Shiatsu Society, I collect and hold personal and sensitive information to provide safe, effective treatments tailored to your individual needs.

This includes information gathered through consultations, my website, or social media (Facebook, Instagram) to:

  • Understand your health and tailor treatments

  • Provide follow-up care or advice

  • Manage appointments and communication

  • Comply with professional, insurance and legal obligations

Lawful Basis for Processing Your Data

Under the UK GDPR, the legal bases I rely on are:

  • Legitimate Interest – to provide and manage treatments effectively

  • Special Category Data Condition – for the provision of health care as a registered therapist under the Shiatsu Society Code of Conduct and Ethics

What Personal Data I Collect

To support your care, I may collect:

  • Your name, contact details (phone/email)

  • Medical history and relevant health information (shared at consultation)

  • Treatment records and session notes

How Your Data is Used

Your data is used solely to:

  • Inform and personalise your treatments

  • Maintain clinical records in line with legal and insurance requirements

  • Communicate with you about appointments and relevant updates

I will never share your information without your explicit consent, except when required by law or regulatory authorities.

How Long I Keep Your Data

Your records will be retained securely for:

  • Adults: 7 years after your last treatment (insurance requirement)

  • Children: Until the child turns 25 (or 26 if treated at age 17)

After this period, data will be securely deleted or destroyed.

Data Storage and Security

I take appropriate technical and organisational measures to safeguard your personal data, whether stored on paper or electronically. This includes:

  • Secure physical storage of paper records

  • Password-protected devices and secure digital storage

  • Access limited only to the therapist

Your data will not be transferred outside the UK without your consent.

Your Rights Under GDPR

You have the right to:

  • Be informed – about how your data is used (this policy)

  • Access – a copy of the data I hold about you

  • Rectify – incorrect or incomplete data

  • Erase – your data (where applicable)

  • Restrict – how your data is used

  • Object – to specific types of processing

  • Data portability – request your data in electronic format (in limited cases)

  • Complain – to the Information Commissioner’s Office (ICO)

For more information: www.ico.org.uk

To exercise any of these rights, please contact me directly using the contact details above.

Therapist’s Rights

  • If you withdraw consent for record-keeping or necessary data use, I may be unable to provide treatment.

  • Even if you request deletion, I may be required to retain your records for a set period to meet insurance or legal obligations.

  • I may move your data between secure devices or systems, but only in ways that fully protect your privacy.

Contact & Complaints

For questions, data access requests, or concerns, please contact:
Gaia Simbolotti – gaia.simb@gmail.com – 07756 342590

If unsatisfied with my response, you have the right to contact the Information Commissioner’s Office:
Website: www.ico.org.uk

bottom of page