GDPR – General Data Protection Regulations

sian Blog, News

GDPR – Your Personal Data & My Privacy Policy

GDPR? Like me, you’ve probably been hearing a lot about it & been inundated with emails asking you to resubscribe & update your preferences – but what is it & how does it affect you as a regular or potential new client of Nature To Nurture?

What Is GDPR Anyway?

It stands for the new General Data Protection Regulations, which come into effect on 25th May & take over from the existing DPA or Data Protection Act of 1998. Times & technology are constantly changing and the Government has likewise had to update from previous Data Protection legislation in 1995, 1987 and the initial DPA of 1984.

So why do we need it? Put simply, life has changed a LOT since 1998. We live in an increasingly online world, with internet shopping, instant GDPRpayments, multiple social media sites & online profiles – and with the resultant dangers of identity theft & fraud, the security of your privacy & personal data is extremely important.

GDPR is also ensuring that you have a lot more say in how your data is kept, stored & used. How many times have you looked at an email & wondered how it popped up in your Inbox, with no memory of signing up for it? That’s because under the DPA 1998 you can be automatically subscribed unless you say otherwise. Under GDPR the opposite is true, as you cannot be subscribed unless you specifically give your permission.

My Accountability

So what is required of me as a (enter the new GDPR titles) Data Controller (the person who determines the nature of & is responsible for the data) & Data Processor (the person who processes the personal data)?  Well, there is a lot of information (literally a book!) so I’m going to summarise it here.

My responsibilities are to state:

  • what personal data I hold
  • how long I keep it
  • where I keep it
  • where it came from
  • who I share it with
  • my reason for keeping it/why I need it – also known as the ‘Lawful basis for processing’
  • managing client requests for data & amendment
  • about data breaches – my security measures & my agreement to report any to the governing body – the ICO (Information Commissioner’s Office)

A brief overview of GDPR

Your rights:

The GDPR provides the following rights for individuals (although these are subject to legal restrictions):

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • rights in relation to automated decision making & profiling
  • you also have a right to complain to the ICO (Information Commissioners Office) if you think that there is a problem with the way your data is being handled
  • unsubscribing – at any time you wish to be removed from any of my emails, you may click “unsubscribe” at the bottom of the page

I am required to collect personal information as a therapist & under the terms of my Public Liability Insurance

Personal Data

So what does this mean for you as a Nature To Nurture client? Well, in addition to valuing your health, well-being, safety & privacy, as a therapist I am legally obliged (my ‘Lawful Basis for Processing’) to take a medical history as well as your personal data, namely:
  • Name
  • Address
  • Contact phone number
  • Email address
  • Occupation
  • Date of birth
This is to comply with the Code of Practice & Ethics of my professional body, the IFPA (International Federation of Professional Aromatherapists). This, together with the retention of records for at least 7 years after the last treatment date, is also a legal requirement of my public & professional liability insurance with Balens Ltd. This information is stored as hard copies in a locked & secured filing cabinet, & as soft copies on a double password & encrypted file on my laptop. It is not shared with anyone else at any time.
I use this information:
  • to contact you directly for treatment (via phone, text/message, email as you prefer)
  • to email you (usually 3 or 4 per year) to inform you about special offers, my availability etc.
  • to post a birthday or thank you card with reward (via post)

GDPR is heavily concerned with the security of personal data, especially online

Privacy Notice

I have also had to update my Privacy Policy & make it available for viewing on this website. Please let me know if you would like a copy of my full Privacy Policy or GDPR Compliance documentation. Alternatively you can check my full Privacy Policy yourself here on this website or by following this link:

If you would like further information on how I handle your data, wish to update your preferences or to see your personal data, then please


Contact me by telephone on 07902 826544, by email to or or by using my Contact page