Privacy Policy

Data Controller:
Kate Daguerre trading as Kate Daguerre Acupuncture
77a Queens Road, Clifton Triangle, Bristol, BS8 1QP
Email: hello@katedaguerreacupuncture.co.uk

Last updated: February 2026

Introduction

This privacy notice explains how I collect, use and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

I am committed to protecting your privacy and handling your information in a transparent and secure manner.

Lawful Basis for Processing

I process your personal data because it is necessary for:

  • The provision of healthcare treatment

  • The performance of a contract with you

  • Compliance with legal obligations

The health information I hold about you is classified as special category data under UK GDPR and is afforded additional protection.

Health data is processed under Article 9(2)(h) of UK GDPR (medical diagnosis and the provision of healthcare).

Data Security

I take appropriate technical and organisational measures to protect your personal data and keep it secure against unauthorised access, loss, or misuse.

While email is commonly used for communication, it is not always a fully secure method. I take reasonable steps to protect your information, but messages may be vulnerable in transit

What Personal Data I Collect and Why

I collect and use the following information to provide safe and effective care:

  • Contact details (name, address, telephone number, email) — to arrange appointments and communicate with you.

  • Date of birth — to correctly identify you and avoid clinical errors.

  • Medical history, presenting symptoms, and family history — to form a traditional diagnosis and develop an appropriate treatment plan.

  • Clinical findings and treatment records — to monitor progress and ensure continuity of care.

  • GP details — in the rare event that medical contact is necessary, including emergencies, and where required by my professional Code of Conduct.

  • Consent records — to demonstrate that informed consent has been obtained.

I maintain secure appointment records for administrative, legal, regulatory and insurance purposes.

I also keep accident records where required under UK health and safety legislation, including the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR).

In the event of an adverse incident, relevant information may be shared with my professional body and insurance provider where necessary.

Marketing Communications

I only send marketing communications, such as newsletters, where you have provided explicit consent. You may withdraw your consent at any time.

Website and Analytics

My website is hosted by Squarespace, which may collect anonymous usage data (for example, page visits) to help monitor and improve website performance.

This provider processes data on my behalf and is contractually required to protect your information.

Cookies may be used to enhance your browsing experience. You can control cookie settings through your browser.

Third-Party Data Processors

I use trusted third-party providers to support my practice, including:

  • Zanda — patient management software

  • Squarespace — website hosting

These providers process data on my behalf and are required to comply with data protection law.

Sharing Your Personal Data

Your personal data is treated as strictly confidential and will only be shared when necessary, including:

  • With your explicit consent

  • With healthcare professionals involved in your care

  • Where required by law (for example, court orders)

  • To protect your vital interests or those of another person

  • For safeguarding children or vulnerable adults

  • With my professional body or insurance provider in the event of a complaint or claim

  • With legal advisers if required

For further information, please visit the Information Commissioner’s Office website:
www.ico.org.uk

How Long I Keep Your Personal Data

I retain personal data only for as long as reasonably necessary.

Patient records are typically kept for 7 years in accordance with professional guidelines.

Your data is stored securely within my patient management system.

Continuity of Care

In the event that I am unable to continue practising due to serious illness or death, a nominated professional colleague may be given limited access to your contact details solely to inform you and support continuity of care.

Your Rights

Under UK GDPR, you have the right to:

  • Request access to the personal data I hold about you

  • Request correction of inaccurate or incomplete data

  • Request erasure of your data where appropriate

  • Restrict processing in certain circumstances

  • Object to processing where applicable

  • Receive your data in a portable format where applicable

  • Be informed of a data breach affecting your information

  • Lodge a complaint with the Information Commissioner’s Office

For more information about your rights, visit www.ico.org.uk.

Contacting Me About Your Data

If you wish to exercise your rights or have any concerns about how your data is handled, please contact:

Kate Daguerre
77a Queens Road, Clifton Triangle, Bristol, BS8 1QP
Email: hello@katedaguerreacupuncture.co.uk