GDPR Policy for Reiki work

GDPR Policy for Reiki work

The General Data Protection Regulation (GDPR) relates to any of your personal information that I may collect, store or share. This page outlines my GDPR/privacy policy.

I am registered with the Information Commissioners Office in the UK (ICO) (security number CSN5986266) and adhere to the GDPR guidelines. As I am self-employed, I operate as the data controller for Nine Keys.

Personal information that I collect

When you contact me, and as part of our initial assessment, I will ask you for the following information:

  1. Name, telephone number, email address, address
  2. Gender, date of birth
  3. Key relationships, occupation
  4. GP name and address, plus any medical conditions you feel may be relevant to undergoing a course of Reiki or that may present in the therapy room, including any prescribed medication
  5. Emergency contact and relationship to you
  6. Therapeutic history and current reasons for seeking Reiki

How I will store your information

  • Mobile phone

I will store your contact information (name, mobile number, email address and address – item 1 above) and your emergency contact information (item 5 above) on a mobile phone that is reserved for therapy purposes. This allows me to contact you when necessary, but does not allow the information to be shared elsewhere. I use WhatsApp for business on this phone to send messages, so any correspondence between us will be stored there.

  • Laptop

All other information collected during the assessment session (items 2-6 above) will be stored electronically on a password protected laptop that will be kept in a locked filing cabinet in my home or office. This laptop utilises two-part verification for all external purposes (enhanced security measure).

  • Paper

I sometimes make brief notes after sessions. I will store your anonymised session notes in a file (identified only by your first name). This will be kept in a locked filing cabinet in my home or office when not in use.

  • Email/text messaging/WhatsApp

Any emails you send me will be saved as a PDF and stored on my laptop, then deleted from my email account. 

Any text messages or WhatsApp messages will be stored in my phone until they are deleted by me (usually at the end of our last session together). Electronic correspondence will also be held by whatever method you use to contact me, unless/until you delete it yourself (e.g. by WhatsApp, by your email provider or on your phone).

I use a password-protected account on my computer for my therapy work, separate to my personal account. My email is dedicated to therapy work and only available via this password-protected account. This ensures no overlap between personal and professional use of my electronic devices.

  • Website

None of your personal information is stored on my website.

How I may share your personal information

  • Therapeutic Will

Your name and contact details will be shared with my Therapeutic Executor. This is so that should I die unexpectedly while we are working together, you will be contacted and offered alternative support.

  • Emergencies

With your consent wherever possible, if you or your health are at risk, I may share your contact information with an emergency healthcare service (e.g. Mental Health Crisis Team).

If you share with me your intention to cause harm to another person or organisation (e.g. terrorism), I may be legally required to inform an authority without seeking your permission. In such a situation, I may also be required to share your personal information without your knowledge.

How long do I hold your information?

When we have finished working together, I will delete electronic copies of your information and correspondence within one month. I will hold onto your session information (written or electronic) for up to seven years past the end of our working together. This is so that I have a reference of our work in situations such as you returning to Reiki in the future. After this time has passed, I will shred the written information.

Your rights

You have the following rights:

  • To know what information I hold about you (outlined on this page).
  • To see the information I hold about you (free of charge for the initial request).
  • To amend any inaccurate or incomplete personal information I hold about you.
  • To withdraw consent to me using your personal information.
  • To request that I delete any personal information I hold about you (though I can decline if the information is needed for me to practice lawfully and competently).

You can complain to the ICO if you are unhappy with how I have used your data. See below for contact information.

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF // 0303 123 1113

Please note

A copy of this statement will be emailed to you before we first meet for Reiki, along with a contract. I would be very happy at this point to explain anything that is not clear. If we agree to work together, I will ask you to confirm via email, before our first session, that you agree to the terms of this GDPR statement and to the terms of the contract.


This document outlines what I have done to ensure the confidentiality of your data and personal information, according to legal requirements. However, it is important to be aware that I do not have control over external software, apps or service providers, including those that you use. As such, it is important that you are happy with the services you use at your end. In addition, there are sometimes rare and unforeseen data breaches over which I have no control, such as hacking incidents.