top of page

Privacy Policy

Last updated: September 2025

 

At Side by Side, your privacy is very important to me. I am committed to protecting your personal data and respecting your confidentiality in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the British Acupuncture Council (BAcC) Code of Professional Conduct.

1. Who I Am

I, Rebecca Side, trading as Side by Side Acupuncture, am the Data Controller for the personal data you provide to me. You can contact me about any data protection queries at: info@sbsacupucture.com
 

 

2. What Data I Collect

When you use my services or website, I may collect:

  • Contact details (name, address, phone, email).

  • Medical and health information relevant to your treatment.

  • Appointment and payment details.

  • Website usage data (via cookies or analytics).

 

3. How Your Data Is Used

I only collect and use your personal information for legitimate purposes, including:

  • Booking and managing appointments.

  • Providing safe and effective acupuncture treatment.

  • Keeping accurate medical and financial records.

  • Communicating with you about your treatment.

  • Meeting insurance, legal, or regulatory requirements.

I will never sell or share your data for marketing purposes.

 

4. Legal Basis for Processing

I process your personal data on one or more of the following grounds:

  • Consent (for marketing communications, if you opt in).

  • Contract (to provide you with treatment and services).

  • Legal obligation (to maintain records as required by law).

  • Legitimate interests (to ensure safe practice and professional standards).

 

5. Sharing Your Data

Your data may be shared only when necessary:

  • With other healthcare professionals (e.g., GP) if required for your care and only with your consent, unless in an emergency.

  • With professional bodies or insurers if legally required.

  • With regulatory authorities if required by law.

  • With trusted service providers (e.g., IT, website hosting, email services) who are GDPR compliant.

 

6. Data Retention

  • Patient records are kept for 7 years after your last treatment.

  • If you are under 18, records are kept until your 25th birthday.

  • Administrative and enquiry records are kept for a shorter period unless required by law.

 

7. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data I hold about you.

  • Request corrections to inaccurate or incomplete data.

  • Request deletion of your data (where legally possible).

  • Restrict or object to certain data processing.

  • Request a copy of your data in a portable format.

  • Withdraw consent (for example, to marketing).

To exercise your rights, contact me using the details above. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk.

 

8. Data Security

I take appropriate technical and organisational measures to safeguard your information, including secure storage, password protection, and restricted access.

 

9. Website Cookies & Analytics

This website may use cookies or analytics tools (such as Google Analytics) to help improve performance and user experience. These tools may collect anonymous information about how visitors use the site. You can disable cookies in your browser settings.

 

10. Updates to This Policy

This privacy notice may be updated from time to time. Any changes will be posted on this page with an updated revision date.

bottom of page