Privacy Notice
Samshin Acupuncture
Effective from 1. September 2025
Who we are
Samshin Acupuncture (Elvira Grob, hello@samshin-acupuncture.com) is the data controller. This means we are responsible for managing, controlling and processing your personal data.
Who this applies to
This privacy notice applies to:
-
Current, former and prospective patients
-
Newsletter subscribers
-
Website visitors
What information we collect
-
Personal Data: Your name, address, phone number, email, date of birth, and appointment details.
- Special Category Data: Health information including medical history, symptoms, treatment notes, GP details, and clinical findings.
Legal Basis for Processing
We process your data based on:
-
Legitimate interests: For treatment, patient safety, business operations, and professional requirements
-
Consent: For marketing communications and newsletters
-
Legal obligation: For professional conduct requirements, health & safety law, and regulatory reporting
-
Vital interests: In emergency situations to protect life
How we use your information
Treatment & Care
-
Making and managing appointments
-
Diagnosis and treatment planning
-
Recording treatment progress and outcomes
-
Contacting your GP when necessary
-
Emergency situations
-
Clinical documentation with AI-assisted note-taking (Heidi) to improve efficiency
Legal & Professional Requirements
- Maintaining attendance records (tax purposes)
-
Accident reporting (Health & Safety law)
-
Reporting to British Acupuncture Council and insurers when required
- Evidence for potential complaints, claims or legal proceedings
Communication & Marketing
-
Sending newsletters (with your consent only)
-
Responding to enquiries
- Processing complaints
Website & Technology
-
Google Analytics for website statistics (anonymised)
-
Website cookies to improve user experience
-
Email hosting via Zoho (zoho.com) for secure email management
-
Third-party hosting via Cargo (cargo.site)
-
Clinic management software via Noterro (noterro.com) for appointments, patient records, and practice administration
- Medical scribe assistance via Heidi (heidihealth.com) for clinical note-taking and documentation
Email Security
-
We cannot send encrypted emails, so any emails may not be protected in transit. We monitor all emails for viruses.
International Data Transfers
Some of our service providers may transfer your data outside the UK/EU (such as Hostinger email hosting, Noterro clinic management, Heidi medical scribe services, Cargo website hosting, or other services). When this happens, we ensure appropriate safeguards are in place to protect your data in accordance with UK data protection law.
Sharing your information
Your information is confidential and only shared:
-
With your explicit consent
-
With courts/police when legally required
-
With your doctor/police to protect life
-
For child/vulnerable adult safeguarding
-
With British Acupuncture Council or insurers for complaints/claims
-
With solicitors for legal proceedings
How long we keep information
-
Patient records: 7 years (British Acupuncture Council requirement)
-
Complaint files: 2 years from closure
- Other data: No longer than reasonably necessary
Your rights
You have the right to:
-
Request a copy of your personal data
-
Correct inaccurate information
-
Request deletion where appropriate
-
Withdraw consent
-
Data portability
-
Restrict processing
-
Object to processing
-
Be informed of data breaches
-
Lodge complaints with the Information Commissioner's Office
Newsletter service
We use Mailchimp to deliver newsletters. We track email opens and clicks using standard technologies. See mailchimp.com/about/security for their privacy practices.
Contact us
For questions about your data or to exercise your rights please email: hello@samshin-acupuncture.com
For complaints about data handling please get in touch with Information Commissioner' s Office: Tel 0303 123 1113 / Email: ico.org.uk/global/contact-us / Address: Wycliffe House, Water Lane, Cheshire SK9 5AF
This notice may be updated. Any significant changes will be communicated to you directly.