Information Governance Policies and Procedures

1. Introduction

Holistic Health Hive is committed to handling personal data lawfully, respectfully, and securely. This policy reflects our obligations under:

The Data Protection Act 2018

The UK General Data Protection Regulation (UK GDPR)

Best practice guidance from the Federation of Holistic Therapists (FHT)

This is a living document and may be updated periodically to reflect changes in legislation or business practices. Clients are encouraged to check this policy regularly.

2. Our Data Principles

We strive to ensure that all personal data is:

Accurate and relevant

Securely stored

Accessed only by authorised individuals

Used only for legitimate and clearly communicated purposes

Retained only as long as necessary

Data is collected solely for the purpose of delivering personalised therapeutic services and maintaining professional standards.

3. Data Controller

The Data Controller for Holistic Health Hive is Louise Fletcher. She is responsible for ensuring all data handling practices comply with applicable data protection laws.

4. Data Security Measures

We implement the following measures to protect client information:

Paper records are stored in a locked filing cabinet within secure premises.

Electronic records are held on password-protected devices.

Records are reviewed and updated regularly to maintain accuracy.

Data is never sold or shared without explicit consent.

Where possible, digital backups are encrypted and stored securely.

5. Website Usage

Our website uses Google Analytics to collect anonymised, non-identifiable visitor data (e.g., page views, traffic sources). This helps us improve the website experience. No personal data is collected via this tool.

We do not use cookies to collect identifiable information, nor do we engage in tracking across other websites.

6. Your Rights Under UK GDPR

You have the right to:

Be informed about how your data is collected and used

Access the personal data we hold about you

Request that inaccurate data be corrected

Request deletion of your data (the “right to be forgotten”)

Restrict or object to the processing of your data

Request data portability

Not be subject to automated decision-making (Holistic Health Hive does not use automated systems)

If you would like to exercise any of these rights, please contact us in writing.

7. Data Retention

Client records are retained for two years following the date of the last appointment, unless:

You have requested erasure, or

Legal, insurance, or safeguarding obligations require a longer retention period

8. COVID-19 Protocols

To ensure safety during the pandemic, we may:

Ask clients to confirm they are symptom-free prior to appointments

Conduct non-contact temperature checks

Share relevant contact details with NHS Track & Trace in the event of a confirmed infection

These protocols are regularly updated in line with government guidance.

9. Data Breach Procedure

In the event of a data breach, we will:

Immediately assess the nature and scope of the breach

Notify the Information Commissioner’s Office (ICO) within 72 hours if required

Inform affected individuals if their rights or freedoms are at risk

Take appropriate steps to mitigate the breach and prevent recurrence

10. Subject Access Requests (SARs)

You may request a copy of the personal data we hold about you. To do so, please send a written request. We will respond within one month, or two months in complex cases. No fee will be charged unless the request is excessive.

We will provide:

A copy of the data

The purposes for which it is held

Any third parties with whom it has been shared

The data in a clear, accessible format

11. Right to Erasure

To request the removal of your personal data, please contact us in writing.

Paper records will be securely shredded

Electronic data will be permanently deleted

Written confirmation of erasure will be provided

A secure, minimal record of the erasure request will be retained for five years for legal compliance

This record will not be used for any other purpose.

12. Complaints and Concerns

If you have any concerns regarding how your data is handled, please contact Louise Fletcher directly. We aim to resolve all issues promptly and professionally.

Should you wish to raise your concerns with a professional body, you may contact:

Federation of Holistic Therapists (FHT)
Tel: 023 8062 4350
Website: www.fht.org.uk

13. Emergency Data Management

In the event that Louise Fletcher is unable to continue practicing due to serious illness or death, her next of kin will contact existing clients and ensure all client records are archived and stored securely in accordance with UK GDPR.