Who we are

Our website address is: https://www.harmonychiropractic.co.uk.

What personal data we collect and why we collect it

This is the policy document for meeting the General Data Protection Regulation (GDPR)

Bellow is the information Harmony Chiropractic Clinic collects  from clients and how we store, process and respond to clients requests in relation to their Data.


Personal Data

Phone numbers
Where they heard us from
As above plus

Date of Birth
Doctors Surgery
Medical History
From client


Phone numbers sent through BOOM for SMS reminders

Where information is held

ATLAS Chiropractic Software (purpose-built software for chiropractic)

What information is used for

to advise of any alterations to bookings

to record treatments

to record medical history to enable correct treatments to be given

to send text reminders through a third-party BOOM who do not use the data as per their T&C

Retention Periods

Data retention is governed by the GCC currently at 8 years from last appointment

GCC Code of practice: Storage should be for at least a period relevant to the age of the patient as prescribed by law.


Access requests

Personal records can be printed off.


Lawful basis for personal Data

Information is received from clients by consent of client. Information is required for treatment under GCC rules of Consent: Acceptance by a patient of a proposed clinical intervention after having been informed, as far as reasonably can be expected, or all relevant factors relating to that intervention.



Consent is freely given but is a prerequisite for treatment, as per the Code of Practice of the GCC.



The parents or guardian of minors give their consent under the same conditions as above


Individual Rights

Files including persona; information will be retained for a minimum of 8 years. If a client wishes personal details deleted including clinical health records, this will be done after 8 years from the date of the clients last visit.


Data Breaches

All data is kept in house, not accessible through the internet and passworded to get onto the computer.  No one has access to it except the properly vetted staff.


Data Protection Officer

Though the records held do not demand a DPO. Lucietta Elder is acting DPO on behalf of Paul Parolin owner of Data


May 2018