Privacy Statement

Virginia Acupuncture Clinic
GDPR Privacy Statement

The EU General Data Protection Regulation EU2016/679 (herein after “the Regulation”) applies to the processing of personal data carried out in the process of delivering medical treatments using Oriental medicine techniques, including acupuncture.

Further to Article 11 and Article 12 of this Regulation, the Virginia Acupuncture Clinic provides the data subjects with the following information:

  • The controller is the Virginia Acupuncture Clinic (“the Clinic”)

Person designated as being in charge of the processing operation: Ms. Maureen Fanthom. Email:

  • The purpose of the processing is to inform and record a safe treatment plan for patients, the implementation and management of that plan, and communication with the patient to schedule treatment sessions.
  • The categories of data collected and used for the processing operations are:

– administrative data (contact details)
– medical data (personal medical history – special category)
– treatment data (record of each treatment and outcome – special category)

  • The special categories of data are processed under the Regulation’s exemption for medical diagnosis and provision of healthcare by a healthcare professional.
  • The recipients of the data are:

– the practitioners at Virginia Acupuncture Clinic
– the practice administrators at Virginia Acupuncture Clinic
– medical insurance companies only during specific litigation.

  • The Clinic uses “” site to provide online booking capability to its clients. This site is hosted in France, and receives the clients name, email address, and optionally, phone number. In this case Simply Book is a data processor.
  • The applicants have the right of access and the right to rectify the data concerning him or her by contacting the person designated as being in charge of the processing operation. The right of rectification can only apply to factual data processed.
  • The applicants right to erasure is not available for this data, under the Regulation’s exception for the establishment, exercise or defence of legal claims. Medical records must be kept for a minimum period of 7 years to comply with medical insurance requirements.
  • The legal basis of the processing operation at stake is consent by the patient, and the legal obligation required by the practitioner’s medical insurance company.
  • The time limits for storing the data are 7 years after the last appearance of the patient at a treatment session.

The candidates have the right to have recourse at any time to the Irish Data Protection Commissioner or the European Data Protection Supervisor (EDPS) at