Date Created/Updated: 09/09/2020
The GDPR (General Data Protection Regulation) May 2018 is the legal regulation that has been put in
lawful basis for Sports Solutions to hold information, the type of information that Sports Solutions
holds about their clients, why that information is required, who it is shared with, how that
information is used and protected and details the rights an individual has in terms of access to that
information or, requests for information held to be amended or deleted.
WHY THE INFORMATION IS REQUIRED
The lawful basis by which I hold this information is held under Special Category Data: Health
In order to provide an effective and safe massage therapy treatment, I require information about
your current health and your medical history. This information is used only to provide you with the
best possible course of treatment and advises.
I also require your contact details to arrange appointment times with you.
WHERE THE INFORMATION IS GATHERED FROM
Sports-Solutions may collect personal information from:
Email or Text messages sent from individuals to Sports Solutions
Discussions with clients during the consultation process and during subsequent treatments or
WHAT INFORMATION IS HELD
Sports Solutions may collect the following personal information:
Name, title and date of birth.
Contact information including email address, telephone numbers and home address.
Emergency contact or next of kin details.
Medical history and other health related information provided on the consultation form and
discussed during the consultation and first and subsequent treatments.
Treatment or session details and assessment notes which will be recorded after each appointment.
Follow up information which may be discussed with you by phone email or text after your
Diarised records of appointment times
WHAT IS DONE WITH THE INFORMATION GATHERED
Sports Solutions requires this information to assess your requirements and provide you with safe
and effective massage treatment or exercise sessions. Additionally the information is used to refer to
at subsequent appointments in order to assess levels of improvement.
The information may be shared with another Massage Therapist, trainer or health practitioner
should you be referred to one of these by Sports Solutions. This will only be done with your consent.
Your information will not be shared with anyone else (other than required for legal process) without
explaining the reason why this is necessary and obtaining your explicit consent.
The contact information you provide may be used by Sports Solutions to contact you in relation to
appointment times or dialogue regarding your treatment or exercise plan.
HOW LONG IS THE INFORMATION HELD FOR
Sports Solutions is required to keep your information for a period of 7 years after your last
apointment. Your data will not be transferred without your consent.
Disposal of Data: Once per year, Sports Solutions will review all client records and destroy any
records that are no longer bound by the regulated legal timescale for such records to be held.
Sports Solutions is committed to ensuring that your information is secure. In order to prevent
unauthorised access or disclosure, suitable physical, electronic and managerial procedures have
been put in place to safeguard and secure the information that is collected both online and on
Health information gathered is held on electronic consultation forms and treatment notes are stored
securely on a password protected personal computer. Personal training session data is held in a
Contact details including telephone numbers and email addresses are held on a password protected
telephone and personal computer.
A back up document is held of client names and contact details (name, email and telephone
In the event of a data breach which consists of a breach of security leading to destruction, loss,
alteration, unauthorised disclosure of or access to personal data, Sports Solutions understands ICO
have to be notified where it is likely to result in a risk to the rights and freedoms of individuals. In the
event of such a breach, Sports Massage Dumfries will notify those concerned directly and without
delay. Records of personal data breaches will be maintained in any case.
The GDPR May 18 gives an individual:-
The right to be informed as to how personal information will be both used and held. This is
contained within this document.
The right to access your personal information so individuals know what is held about them and they
can confirm it.
The right to rectification if there is something incorrect or incomplete.
The right to have information deleted
The right to limit how the information is used or shared
The right to portability. Under certain circumstances a copy of electronically held information can be
requested so it can be reused in other systems
The right to object if there are certain parts of an individual’s information that they do not want
used or to be used only for certain purposes
Rights in relation to automated decision-making and profiling
The right to lodge a complaint with the Information Commissioner’s Office. An individual can
complain to the ICO if the individual feels the information held is incorrect or not being used in the
permission was granted or if information is being held unnecessarily. Full details of individual’s rights
can be held at:
Should an individual wish to exercise these rights, the contact details at the start of the document
should be used. In the event that an individual is dissatisfied with the response, then a complaint can
be made to the Information Commissioner’s Office at www.ico.org.uk
If an individual does not agree to Sports Solutions keeping records or information then it may not be
possible to provide services
Additionally, massage therapists have to keep records of treatment for a specific period of time as
described above which may mean that even if you ask for information to be erased, they might be
bound to keep these details until the period has elapsed.