Privacy Policy

General Data Protection Regulation Policy (GDPR)

Data Protection Act May 2018 (DPA)

Name:        Louise Atwill (Data Controller)

Business:   Bowen Body Therapy

Address:     46 Lyppiatt Road, Bristol, BS5 9HS

Phone:        07707 142 054



ICO:              Data Protection Registration number ZB296813

I respect your privacy and I am committed to protecting your personal data. The purpose of this policy is to explain how I control, process, handle and protect your personal information through the business and while you browse or use this website. If you do not agree to the following policy you may wish to cease viewing / using this website.


Policy key definitions

  • “I”, “our”, “us”, or “we” refer to the business, Bowen Body Therapy.
  • “you”, “the user” refer to the person(s) using this website.
  • ICO means Information Commissioner’s Office.
  • Cookies mean small files stored on a user’s computer or device.

Key principles of GDPR

Our privacy policy embodies the following key principles;

(a) Lawfulness, fairness and transparency(b) Purpose limitation(c) Data minimisation(d) Accuracy
(e) Storage limitation(f) Integrity and confidence(g) Accountability.

The UK GDPR provides the following rights for individuals and you can read about your individual rights here:

(i) The right to be informed(ii) The right of access(iii) The right to rectification
(iv) The right to erasure(v) The right to restrict processing(vi) The right to data portability
(vii) The right to object(viii) Rights in relation to automated decision making and profiling

What information is being collected?
Attending the Bowen Body Therapy clinic, we will need to have a record of your personal details (date of birth, telephone numbers, email) and sensitive data (relevant medical information) relating to your session. Personal data about your presenting symptoms and treatment provided will also be documented in detail. You have access to this information at all times.

Who is collecting it?
Louise Atwill, your practitioner, is collecting data.

How is it collected?
Through direct interactions – in person at your appointments; by completing forms, corresponding by email, post, phone calls, text messages. If you provide additional, relevant medical notes/letters, these may also form part of the data collected and held by us. No personal data is collected via social media.

Why is it being collected?
We will only use your personal data to fulfil a contractual obligation you have instructed us to undertake and to provide the services you have requested from us.

Data is collected to record, guide and supervise your progress and be able to communicate effectively with you for the best outcomes. It is also used to compare progress week to week and to highlight changes, red flags, yellow flags, action to be taken and a detailed dialogue of treatment provided.

Data collection is a requirement for professional insurance cover. 

How will it be used?
Data will be used to communicate appointments, session information, progress, relevant referrals and relevant consented media.

How is the information stored?
Information is stored online using secure data storage technologies and is accessed using devices encrypted with a pin number/fingerprint recognition. Louise Atwill has sole access rights to this information.

Identifiable details (name, date of birth, telephone numbers, email address) are not recorded online. Identifiable details are recorded on paper and stored in a locked filing cabinet. Only Louise Atwill has access to this filing cabinet.

Your online and paper records are allocated a unique reference number which means personal details and medical information cannot be identified or traced back to you.

All devices such as phone and laptop are locked with passcodes and not left unattended. Louise Atwill has sole access to these devices to retrieve the data.​

How long will the data be stored?
There is a legal requirement that your records are stored for a minimum of 7 years after the date of your last treatment. (If you are/were under 18 when your treatment took place, the retention requirement is 7 years after you have reached the age of 18.) After this period of time, information will be destroyed by deleting, shredding or burning. 

If you provide data prior to an appointment and subsequently not attend, the information will be deleted 14 days of receiving it.

What will be the effect of this on the individuals concerned?
There should be no data leakage with regards to clients. 

No data is shared with 3rd parties without consented permission. 

Data is never sold, rented or shared.

Approximately 4 times per year we may send you information about the services we offer using the information you have shared with us. We will ask for your consent before doing this and you will always have the option to unsubscribe at any time.

Please contact us if you have any questions about this privacy policy or the information we hold. You can do this by email ( or post (46 Lyppiatt Road, Bristol, BS5 9HS).

If you believe we are not handling your data correctly you have a right to make a complaint, this should be sent to us using the above contact details. If you are unhappy with our response you should then contact the ICO by contacting them or using the following web page