Private Policy

Private Policy 

This notice is to explain why I collect your personal data, what I do with it, and to ensure I am working in accordance with the new EU General Data Protection Regulation (GDPR).

All information provided will be treated as confidential and will not be given to any other person/organisation without the patient's written consent. 

As part of the Patient Record, I am required to retain information for the purpose of consultation for treatment and recording subsequent treatments. 

Why I collect your data:

When you supply your personal details to me, when we communicate by email or text, and when I take notes in the clinic, this information is stored and processed for three reasons in line with the GDPR requirements:

  • I need to collect personal information about your health in order to provide you with the best possible treatment—your request for treatment and our agreement to provide that care constitutes law an (unwritten) contract.

  • I have a legitimate interest in collecting that information. Because without it, I could not practice acupuncture effectively and safely.

  • I keep records of your contact information because I think it is essential to contact you to confirm your appointments with me.  


How the data is stored:

  • After you complete and submit the Patient Details Form, Data Protection and Consent Forms online, all the information will be electronically stored in a secure practice management software called Cliniko ( The software can be accessed via online either on a password-protected computer, iphone or iPad.

  • Your clinical records are scanned or stored on a web-based cloud (Cliniko) on a computer or retained as paper records in a secure cabinet in my home, for as long as you remain a patient of the clinic, and after that for a period of 7 years. After this period I will delete your records.

  • Information held both manually and electronically in files will be accessible only by myself directly involved in the data entry and processing of patient records. 

  • Texts are stored on a password-protected phone.

Sharing your data:

  • I will never share your information with anyone who does not have a legal right to access without your written consent.

  • In line with the Data Protection (1998) Act, details of consultations and treatment can only be released to third-party medical and health practitioners with the patient's specific written permission. 

  • You have the right to see what personal data of yours I hold, and you can also ask me to correct any factual errors. I am legally required to respond to a patient's request to see their personal data within a timescale of 30 days.


You can raise any concerns directly with the Information Commissioner’s Office on

Eri Ito - Shiatsu Acupuncture 

BSc(Hons), LicAc

  • Facebook
  • Instagram

T  +44(0)7985 342268



© 2021 All Right Reserved / Website Created by Eri