Skip to main content

GDPR Policy

Amanda Brooks is a sole trader in complementary therapy and currently holds the email addresses for her clients so will be classed as the Data Protection Officer


The websites and both have opt in to the newsletters, which asks the customer to accept subscription after their initial enquiry and the option to unsubscribe at any time. The email database is never shared and is kept, in order, to update customers with new information, in regards, to, health, changes in my services such as: new therapies, changes to opening hours, holidays, price increases, etc. No personal information of clients is held on either website.

Mail Chimp and Campaign Monitor– Email Campaigns

MailChimp and Campaign Monitor is used to send monthly email about the month’s current topic – which has an unsubscribe button and supports SSL encryption.

Using MailChimp and Campaign Monitor signup forms on and  results in there always being a record of the permission data, and also has a double opt-in feature, which, requires the client to choose for a second time, thereby, ensuring they are happy with the sign-up to the newsletter.

Also all e-news sent either via or will include a “preferences” link in the footer of any campaign, which gives all recipients the ability to easily update and edit their profile details within the MailChimp and Campaign Monitor account, meeting the GDPR’s right of access requirement. Or, if they contact Amanda Brooks, this will be actioned within one week of contact



Emails with my clients are on devices that are password protected and/or use biometrics to access.


All payments are either through Paypal, Stripe or Internet Banking where encrypted passwords are used to access the accounts.

Computer, Mobile Phone, Ipads and Phone Security

All devices have Kaspersky Total Security on them, which are kept up-to-date on a regular basis. The devices are either hard wired to the internet or use the wireless network and have encrypted passwords that, along with the password protection of Kaspersky on each device, is only accessible by Amanda Brooks, or her staff. Data is not stored in the ‘cloud’.

Each device is password and finger print protected, so no-one can access the data unless they are Amanda Brooks, or her staff.


Amanda Brooks is currently with the ICO (Information Commissioner’s Office) and has compliance for the data with them.

Data breaches

In the event of a data breach, ICO (Information Commissioner’s Office) will be contacted within 72 hours, and from the decision reached with them, all affected clients will be contacted by Amanda Brooks.

The right to be forgotten, object, rectification, access and portability.

  • Right to be forgotten: An individual may request that an organization delete all data on

that individual without undue delay. Within 48 hours (during normal working hours and excluding holidays) of the request being made the client’s information will be deleted from any newsletter or database list that Amanda Brooks holds.  

  • Right to object: An individual may prohibit certain data uses.
  • Right to rectification: Individuals may request that incomplete data be completed or

that incorrect data be corrected. This is to be actioned within 48 hours (during normal working hours and excluding holidays) of the request.

  • Right of access: Individuals have the right to know what data about them is being

processed and how. This is laid out in the sign-up form that each client must complete in order to receive emails about the services.

  • Right of portability: Individuals may request that personal data held by one

organization be transported to another by written request from said client, this will be actioned within one week.

Business Paperwork

All paperwork is kept under lock and key which is only accessible by Amanda Brooks and her employees.