top of page

Privacy Policy

Purpose of this Privacy Policy

The processing of personal information is regulated by the General Data Protection Regulation (GDPR) 2016/679. This law grants individuals certain rights and imposes obligations on organizations that handle their personal data. One of these rights is the right to be informed, which means we are required to inform you about how we use, share, and store your personal information. This policy provides that information, along with details of your rights in relation to the data we hold about you and the legal basis for its processing.

Who Are We?

Creation Acuopuncture is the data controller. This means we are responsible for deciding how your personal data is processed and for what purposes.

Who Does This Privacy Policy Apply To?

This privacy policy covers data collected from:

  • Patients

  • Prospective patients

  • Former patients of Creation Acupuncture 

  • Subscribers to our newsletters and mailing list 

  • Visitors to our website

  • Volunteers, assistants, and students on observation days or placements

What is Personal Data?

Personal data refers to information that can identify a living individual. Identification can occur through data alone or when combined with other information in the data controller’s possession. Examples of personal data we may hold about you include your contact details and appointment information.

Special category data is a subset of personal data that reveals details such as racial or ethnic origin, political views, religious beliefs, trade union membership, health information, genetic or biometric data, and information about a person’s sex life or sexual orientation. We may hold special category data such as patient notes.

How Do We Process Your Personal Data?

We ensure compliance with GDPR by keeping personal data current, storing and destroying it securely, minimizing the amount of data we collect, and protecting it against loss, misuse, unauthorized access, and disclosure. We also implement technical measures to secure your personal data. We use your data for the purposes outlined below.

Sections 1–15 apply to patients, prospective patients, former patients, and visitors to our clinic.

  1. Your contact details (name, address, phone number, email) are used to schedule and reschedule appointments. We are unable to send encrypted emails, so any emails we send or receive may not be protected in transit. We monitor emails for viruses or malicious software; you are responsible for ensuring your emails comply with the law.

  2. If you provide consent, we use your contact details to send you marketing materials. Please note that any marketing communications sent via email may not be encrypted and thus may not be fully secure in transit.

  3. Some patients and potential patients may return pre-appointment forms or provide details about their health and medications via email. Please be aware that these emails are not encrypted and may not be protected in transit.

  4. We maintain a permanent attendance register of all patient appointments for tax purposes and to secure evidence for potential legal proceedings, civil claims, insurance claims, or regulatory body complaints.

  5. We may use your date of birth to avoid misidentification, particularly if you share a name with another patient. This may also be used when referring you to another healthcare professional.

  6. Your presenting symptoms and complaints are used to form a traditional diagnosis, create a treatment plan, and develop a treatment strategy.

  7. Any relevant medical and family history you provide will be used for diagnosis, treatment planning, and strategy development.

  8. Your GP’s name and contact details may be used to contact them in case of emergency or to comply with the British Acupuncture Council's professional conduct requirements.

  9. Our clinical observations and findings about your health are recorded for diagnosis, treatment planning, and strategy development.

  10. We keep detailed records of your treatment and progress, including treatment reviews, to help us manage your case and secure evidence for any potential legal proceedings.

  11. We record any recommendations or referrals we provide to ensure you receive the appropriate care, and to protect us legally if necessary.

  12. We record joint decisions about your treatment to secure evidence in case of legal action or complaints.

  13. We maintain accident records for patients, visitors, and staff involved in incidents at our clinic, as required by health and safety laws such as RIDDOR (Reporting of Injuries, Diseases, and Dangerous Occurrences Regulations).

  14. If an adverse event occurs, we report the matter to the British Acupuncture Council and our insurance provider, to manage any claims and help develop safety guidelines.

  15. We maintain records of your consent to treatment, or your next-of-kin’s consent, to provide evidence of informed consent in case of legal proceedings.

Section 16 applies to complaints about our services.

  1. If you file a complaint, we will create a file containing the details, including your identity and the identities of anyone else involved. Your information will only be used to process the complaint and monitor our service levels. We may need to share the complainant’s identity with the subject of the complaint, and it may be necessary to disclose information to the British Acupuncture Council or our insurance company.

Sections 17–19 apply to website users.

  1. If we intend to collect personally identifiable information via our website, we will make this clear at the point of collection, along with the intended use of the data.

  2. Our website is hosted by Wix and therefore does use cookies.

  3. Our website is hosted by Wix and uses standard analytics to track user activity for site improvement. For further information on data processing, please refer to Wix privacy policy.

Sharing Your Personal Data

Your personal data will only be shared under certain circumstances:

  • With your explicit consent.

  • With authorities, such as the police, if required by law.

  • With your GP or emergency services if necessary to protect life.

  • With authorities responsible for safeguarding children or vulnerable adults.

  • With our regulatory bodies, or legal and insurance providers, in the event of a complaint or legal issue.

For more information on sharing your personal data, please visit the Information Commissioner’s website: https://ico.org.uk/for-the-public/personal-information/sharing-my-info/

How Long Do We Keep Your Data?

We retain personal data only as long as necessary. Patient records are held for 7 years, or until minors reach 25 years of age. Paper records are shredded, and electronic records are securely deleted.

Your Rights Regarding Personal Data

Under the GDPR, you have rights including:

  • Access to a copy of your personal data.

  • Correction of any inaccurate or outdated data.

  • Erasure of data no longer necessary for our purposes.

  • The right to withdraw consent at any time (for data processed based on consent).

  • Data portability, in applicable cases.

  • The right to restrict processing in case of a dispute over data accuracy.

  • The right to object to certain forms of data processing.

  • The right to be informed in case of data loss.

For more details, visit the Information Commissioner’s website: https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/

Further Processing

If we plan to use your data for a purpose not covered by this policy, we will notify you beforehand and seek your consent where required.

Contact Details

For any questions, complaints, or to exercise your rights, please contact us. 

bottom of page