Privacy Policy and Notice

Deanna Thomas – Acupuncture & Wellbeing

help@deannathomastherapies.com

At Deanna Thomas – Acupuncture & Wellbeing, we are committed to protecting your personal data and respecting your privacy. The processing of personal data is governed by the UK General Data Protection Regulation (UK GDPR), which gives you certain rights regarding your personal information. This privacy notice provides details on how we use, share, and store your personal information, along with your rights and our legal obligations.

Who We Are

Deanna Thomas – Acupuncture & Wellbeing (deannathomastherapies.com) is the Data Controller, responsible for deciding how your personal data is processed and for what purposes. This privacy notice applies to information we collect from our patients, prospective patients, former patients, and visitors to our website.

What Is Personal Data?

Personal data refers to any information relating to a living individual who can be identified from that information. Examples include your contact details and appointment history. Special category data, a sub-category of personal data, includes sensitive information such as your health records, which we may collect to provide you with the best possible care.

How Do We Process Your Personal Data?

We take your privacy seriously and comply with the UK GDPR by:

  • Keeping your data up to date

  • Storing and destroying it securely

  • Collecting only the data that is necessary

  • Protecting personal data from unauthorised access, loss, misuse, and disclosure

  • Ensuring appropriate technical measures are in place

Patients, Prospective Patients, Former Patients, and Visitors to Our Clinic

We collect and process your personal data to manage appointments, provide treatment, and fulfil our legal obligations. This includes information such as your name, contact details, medical history, and treatment records. In certain circumstances, we may need to contact your GP, either in an emergency or as part of your treatment plan, to ensure the best care is provided.

Your health and wellbeing records are securely stored on our clinic management system, Fresha. This platform is designed to safeguard your information, ensuring it is accessible only to authorised personnel. All consultation and consent forms are sent and completed through Fresha prior to your appointment.


Clinical Photography

As part of your treatment plan, we may take photographs of your tongue. In Traditional Chinese Medicine, tongue diagnosis is a valuable clinical tool that helps inform your treatment. We will always ask for your explicit verbal consent before taking any photograph, and you are free to decline at any time without it affecting your care.


How clinical photographs are stored: Any photographs taken are used solely for clinical purposes, stored securely within your patient record, and accessible only to your treating practitioner. They are never shared with third parties without your explicit consent.

Lawful basis: Clinical photographs are processed under Article 9(2)(h) of the UK GDPR — processing necessary for the provision of health treatment by a regulated health professional.


AI-Assisted Consultation Note-Taking

As part of our commitment to accurate and high-quality clinical record-keeping, we use an AI voice recording device (Soundcore Work by Anker Technology) during consultations. This device records the audio of your appointment and automatically generates a written transcript using AI technology powered by GPT. This transcript is reviewed by your practitioner and used solely to support the creation of accurate clinical notes.

How your audio data is handled: Your voice recording is transmitted securely to Soundcore’s cloud processing system, where it is transcribed and then permanently and automatically deleted immediately upon delivery of the transcript. The audio is never stored beyond this process. Soundcore operates under a SOC 2 Type I certified security framework.

Your clinical notes: The notes derived from the transcript are stored securely within Fresha, our clinic management system, in line with our standard data retention policy (seven years after you cease to be a patient, as required by the British Acupuncture Council).

Lawful basis: We process your voice data under Article 9(2)(h) of the UK GDPR — processing necessary for the provision of health treatment by a regulated health professional — supported by our obligation to maintain accurate clinical records.

Transparency: You will always be informed at the start of your appointment if the device is in use. If you have any questions or concerns about this process, please speak to your practitioner or contact us using the details below.

Your privacy and the security of your personal information are of utmost importance to us, and we are committed to complying with all applicable data protection regulations.

Website Users

Our website, hosted by Wavoto, collects minimal personal data,  such as your name and email address, when you contact us through our contact form or sign up to our mailing list. Please note that while we strive to protect your information, emails sent to us may not be encrypted.

Sharing Your Personal Data

Your personal data will be treated as confidential. We will only share it under the following circumstances:

  • With your explicit consent

  • When required by law, such as with the police or a court order

  • In emergencies, to protect your life or the life of another person

  • With relevant authorities, like the British Acupuncture Council or our insurance company, in the event of a complaint or legal proceedings

How Long Do We Keep Your Personal Data?

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected. Patient records are kept for seven years after you cease to be a patient, in accordance with the British Acupuncture Code of Professional Conduct. This retention period ensures we can comply with legal, tax, and regulatory requirements.

Your Rights and Your Personal Data

Under the UK GDPR, you have the following rights regarding your personal data:

The right to access – You can request a copy of the personal data we hold about you.

The right to rectification – You can request that we correct any inaccurate or outdated data.

The right to erasure – You can request that your personal data be erased when it is no longer necessary for us to retain it.

The right to restrict processing – You can request that we restrict the processing of your data under certain conditions.

The right to data portability – You can request that your data be transferred to another data controller.

The right to object – You can object to the processing of your data in certain circumstances.

The right to be informed – You will be notified if your data is lost or accessed by an unauthorised party.

Further Processing

If we intend to use your personal data for a new purpose not covered by this notice, we will provide you with a new notice explaining this use and seek your consent where necessary.

Contact Details

If you have any questions, concerns, or wish to exercise your rights regarding your personal data, please contact us:

Data Controller

Deanna Thomas – Acupuncture & Wellbeing

help@deannathomastherapies.com

For more information on your rights or to lodge a complaint, you can visit the Information Commissioner’s Office website at:

https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly

Last updated: March 2026

Business logo for Deanna Thomas - Acupuncture & Wellbeing

Contact Us
Copyright © 2026 Deanna Thomas - Acupuncture & Wellbeing
Hosted at Wavoto