top of page

Privacy Policy

Last Updated: 22 May 2025

 

1. Introduction

 

Welcome to healing touch.me.uk ("I," "my," or "me"). I, Dochka Hristova, am committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This Privacy Policy outlines how I, as the data controller, collect, use, disclose, and secure your data when you visit my website, use my services, or interact with me.

By using my website and services, you acknowledge that you have read and understood this Privacy Policy, and you consent to the practices described herein. If you do not agree with these practices, please refrain from using my website and services.

 

2. Information I Collect

 

I collect various types of information:

  • Personal Information: When you book appointments or interact with my services, I may collect personal information such as your name, contact details, date of birth, and health-related information. Health-related information is considered special category data under GDPR and is collected with your explicit consent. This health-related data is processed under Article 9(2)(a) of the UK GDPR — with your explicit consent.

  • Booking Information: I use Cliniko for appointment scheduling, record-keeping, and invoicing. Cliniko collects information to manage your appointments and store relevant medical records, including your date of birth. This data is processed in compliance with GDPR, and a Data Processing Agreement (DPA) is in place to ensure your data is protected. You can review Cliniko's privacy policy to understand how they handle and protect user data.

  • Payment Information: To process payments, I use Stripe. Stripe collects payment information such as credit card details, billing addresses, and transaction data. This data is processed in compliance with GDPR, and a DPA is in place to protect your data. You can review Stripe's privacy policy to understand how they handle and protect user data.

  • User Data: My website is hosted on the Wix platform. Wix may collect user data through standard website analytics, cookies, and similar tools as described in their privacy policy. This data is processed in compliance with GDPR, and a DPA is in place to ensure the protection of your data. You can review Wix's privacy policy to understand how they handle and protect user data. This website uses cookies and similar technologies to provide functionality and to analyse site traffic. A cookie consent banner is presented when you visit the site, allowing you to accept or manage your preferences in compliance with UK privacy laws, including the Privacy and Electronic Communications Regulations (PECR).


3. How I Use Your Information

 

I use your data for the following purposes:

  • Providing therapeutic/healing services and appointment management, as required for the performance of our contract.

  • Record-keeping and maintaining your medical records, in compliance with medical and legal obligations, including your date of birth.

  • Processing payments and invoicing, ensuring secure and lawful financial transactions.

  • Sending relevant appointment information and reminders.​


4. Sharing of Your Information

 

I do not sell, trade, or rent your personal information to third parties. However, there may be instances where I share your data, specifically:

  • Referrals to Other Practitioners: If you request a referral to another practitioner or healthcare provider, I may share relevant information with them to ensure continuity of care. This sharing will be done with your explicit consent and is essential for your healthcare needs.

  • Legal and Regulatory Authorities: I may disclose your information when required by law or for compliance with legal obligations, in accordance with the GDPR and UK data protection laws.

  • International Transfers: Some of the third-party services I use — such as Wix, Stripe, and Cliniko — may store or process your personal data outside the UK or the European Economic Area (EEA). These providers state that they comply with applicable data protection laws and use safeguards like Standard Contractual Clauses (SCCs) to protect your information.

 
5. Retention of Client Records

 

I retain client records for up to five years from the date of the last service or interaction. This retention period is in line with regulatory requirements and ensures that your records are available for future reference if needed.


6. Security

 

I take reasonable security measures to protect your data, including encryption and access controls. However, no online transmission or storage method is entirely secure, and I cannot guarantee the absolute security of your data.

 

7. Your Rights

 

Under the GDPR and Data Protection Act 2018, you have the following rights regarding your data:

  • The right to access your personal data.

  • The right to rectify any inaccurate or incomplete data.

  • The right to erasure (right to be forgotten).

  • The right to restrict processing.

  • The right to data portability.

  • The right to object to processing.

  • The right not to be subject to automated decision-making.

 

If you wish to exercise any of these rights or have any questions regarding your data, please contact me at dochkahristova[at]icloud.com.

 

If you have concerns about how I handle your personal data, you also have the right to lodge a complaint with the UK’s Information Commissioner’s Office (ICO):

Website: https://ico.org.uk  

Helpline: 0303 123 1113

 

8. Changes to this Privacy Policy

 

This Privacy Policy may be updated from time to time, and any changes will be posted on this page with the "Last Updated" date. Please review this policy periodically for updates.

 

9. Contact Me

 

If you have questions or concerns regarding this Privacy Policy or your data rights under GDPR and UK data protection laws, please reach out to me at dochkahristova[at]icloud.com.

bottom of page