Rowan Holistic Health Complementary Therapies Supporting Health & Wellbeing

Privacy Policy

Rowan Holistic Health is committed to ensuring that your privacy is protected. Should you provide certain information by which you can be identified, it will only be used in accordance with this privacy statement.

This privacy notice sets our how Rowan Holistic Health collects, processes and protects any personal data that you provided via this website, by telephone, SMS text, email/electronic mail or clinic form. This is in accordance with the General Data Protection Regulation (GDPR) that came into force on May 25th 2018.

This policy is effective from May 1st 2018. It may change from time to time by updating this page, and you can check our website for the latest version or ask for a copy of the policy at any time by emailing [email protected] to ensure that you are happy with any changes.
Data controller: Judith Crook
Contact details: [email protected]
Telephone number: 07763 185413

What We Do

We provide holistic and complementary therapies including but not limited to clinical reflexology, aromatherapy and therapeutic massage to clients who wish to improve their physical, mental and emotional health We focus on preventative healthcare, and supportive and palliative care management of chronic conditions. We provide these services within the scope of our practice and qualifications. We do not treat, diagnose or cure medical conditions and do not give advice on prescribed medication. Our approach is holistic and complementary to health and wellbeing and can be applied alongside conventional treatment methods/care.

What Data We Collect - personal data provided by you

Personal data means any information that can directly or indirectly identify and individual. It does not include and anonymised data.
We may collect the following personal data from you:

  • Identity data such as your full name, maiden name, marital status, title, date of birth and gender
  • Contact details such as your postal address, email address, telephone numbers, and contact details of your next of kin
  • Details of contact we have had with you such as referrals and appointments
  • GP's name, address and contact information
  • Treatment details and related notes
  • Feedback regarding our services

    We collect and process this data in accordance with the 'legitimate interest' condition. This means that the lawful basis of our holding your personal data is for legitimate interest.

    Special Category Data/Sensitive Data

    Special category data is personal data which according to the GDPR is considered more sensitive and therefore needs more protection.

    Such data includes details about your race or ethnic origin, religious views and beliefs, sex life or sexual orientation, political opinions, trade union membership, information about your health and genetics and biometric data.

    We collect the following sensitive data about you:
  • Health information provided by you including your previous and present medical history
  • Dietary and lifestyle habits and supplementation details
  • Details on your past and present medication
  • Clinic notes and health improvement programmes

    We use this information to provide you with healthcare support. Even though, we may seek your explicit consent for processing, our primary condition for processing is 'preventative healthcare and health management', and the lawful basis of our holding your personal data is for legitimate interest.

    On occasions, we may also obtain sensitive data form other healthcare providers or individuals authorised by you to give out such information. The provision of this information is subject to you giving us your express consent. If we do not receive this consent form you, we will not be able to co-ordinate your healthcare with these providers.

    We also understand that collecting, processing and holding your special category data requires us to comply with the "common law of confidentiality", independently of the GDPR regulations.

    How We Collect Your Personal Data

    We may collect your personal data in the following ways:
  • By completing a health, medical and lifestyle questionnaire
  • During a personal one-to-one consultation
  • By completing surveys

    Our purpose of collecting your data through the above ways is to provide you with supportive healthcare, and the legal basis of our holding your personal data is for legitimate reasons.

    Email: We use Gmail by Google, which is based outside of the UK. They have committed to complying with all applicable privacy laws, and details of their commitment can be found here:

    Website: Our website is provided through PhD Interactive and their WebHealer solution. They do not hold any personal data on our behalf, and while any emails received via our website are done so via the WebHealer mail system, for privacy reasons they are not accessible to staff at WebHealer and are not stored on any of their systems. The full privacy statement form PhD Interactive can be found here>

    How Long We Hold Your Personal Data

    Following completion of your therapy treatment, we will hold records of your personal data for at least 7 years following the last occasion on which treatment was given. In the case of treatment to minors, we will keep the records at least 7 years after they reach the age of maturity(18)

    This is in accordance with our profession association's and insurance company's policy, and it enables us to process any complaint you may make. In this case the lawful basis of our holding your personal data is for legitimate interests.

    You have the right to object and the right to request your data to be erased. However, such requests will be declined under provisions of the General Data Protection Regulation (GDPR) which gives us the overriding right to hold your data in order to comply with legal obligations.

    How We Use Your Personal Data

    We act as a data controller for the use of your personal data to provide supportive healthcare. We also act as a controller and processor in regard to the processing of your data from third parties such as other healthcare providers.

    We undertake at all times to protect your personal data, including any health, medical, identity and contact details, in a manner which is consistent with our duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data storage.

    We may use your personal data where there is an overriding public interest in using information e.g. in order to safeguard an individual, or to prevent a serious crime. We will do this in accordance of the "vital interest" condition. We will also be obliged to share your data when there is a legal requirement such as a formal court order. This will be on the basis of "legal obligation"> We may use your data for marketing purposes such as newsletters, but this would be subject to you giving us your express consent.

    Disclosure of Your Personal Data

    We will keep information about you strictly confidential and will not disclose your data with other third parties without your express consent.

    Exceptions to this apply for the following categories of third parties:
  • Our professional association we are a member of and our insurance company for the processing of a complaint made by you
  • Your GP, healthcare providers, police, social service in a case when we believe your life is in danger on the lawful basis of vital interest
  • Anyone to whom we may transfer our rights and duties under any agreement we have with you
  • Any legal or crime prevention agencies and/or to satisfy any regulatory request if we have a duty to do so or if the law allows us to do so

    On occasions, we may share a brief summary of your health problems in an anonymised form for the purpose to seek a professional health opinion in order to provide you with better healthcare, or for the purpose of professional development. This may be at clinical supervision meetings, conferences, private and professional health forums. In such cases your personal data and identity will not be disclosed and will remain fully confidential. We will seek your explicit consent before processing your data in this way.

    Your Legal Rights

    Every individual has the right to see, amend, delete or have a copy of data held that can identify you, with some exceptions. You do not need to give a reason to see your data.

    The General Data Protection Regulation (GDPR) defines the following rights in relation to your personal data:

  • The right to be informed:
    To know how your information will be held and used (this notice).
    The right of access:
    To see your therapist's records of your personal information, so you know what is held about you and can verify it.
  • The right to rectification:
    To tell your therapist to make changes to your personal information if it is incorrect or incomplete.
  • The right to erasure (also called "the right to be forgotten"):
    For you to request your therapist to erase any information they hold about you
  • The right to restrict processing of personal data:
    Your have the right to request limits on how your therapist uses your personal information
  • The right to data portability:
    Under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
  • The right to object:
    To be able to tell your therapist you don't want them to use certain parts of your information, or only to use it for certain purposes.
  • Rights in relation to automated decision-making and profiling.
  • The right to lodge a complaint with the Information Commissioner's Office:
    To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don't have to be.

    Full details of your rights can be found at

    If you wish to exercise any of these rights, please use the contact details given above.

    If you are dissatisfied with the response you can complain to the Information Commissioner's Office; their contact details are at:

    Our Rights

    Please note:
  • If you don't agree to your therapist keeping records of information about you and your treatments, or if you don't allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you.

  • Your therapist must keep your records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed.

  • Your therapist can move their records between their computers and IT systems, as long as your details are protected from being seen by others without your permission.

  • Data Protection and Security

    We only use information that may identify you in accordance with the GDPR. This requires us to process personal data only if there is a lawful basis for doing so and that any processing must be fair and lawful.

    As a health or health-related professional' within the health sector, we are also obliged to follow the "common law of confidentiality", which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing supportive healthcare. We will ensure that your information is protected and is only used in a way which complies with the law and our privacy policy.

    We have put in place appropriate security measures to prevent your personal data from being accessed, changed or used in an unauthorised way. We keep a paper copy of your personal data, including sensitive data in a secure filing system accessible only by us. We may also keep a copy of such data electronically on a laptop with encryption (which masks data so that unauthorised users cannot see or make sense of it). We use email providers who use encryption to secure cyber transit of your personal data and we take responsibility for the protection of your data upon receipt.

    However, we do not take responsibility for the security measures you are taking when you provide your data to us electronically.

    We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.


    Cookies are small pieces of data stored in encrypted text files and located in browser directories. Their purpose is to make the website easier to use, help analyse web traffic or remember your preferences for a single visit (through session cookies) or for repeated visits (through persistent cookies).

    If you are not happy with this, you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.


    Our website contains links to third party websites operating their own terms and conditions and privacy policies. Rowan Holistic Health is not responsible for any content on third party websites.

    ©2021 Rowan Holistic Health is powered by WebHealer
    Website Cookies   Privacy Policy   Admin Login