Privacy Policy

Privacy Policy

Effective Date: 1 May 2025

At [Your Business Name], your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal information in accordance with the UK GDPR and Data Protection Act 2018.

1. Who We Are

[Your Business Name] is a holistic massage therapy business based in the UK. Our mission is to provide nurturing, professional care that improves your well-being.

Contact details:

Holistic Massage Therapies 

49 Victoria Rd Surbiton KT64NG

info@holistic-massage-therapies.co.uk

07477945661

2. What Personal Data We Collect

We may collect the following personal data:

• Name, email address, phone number
  
   
• Date of birth
  
   
• Health information relevant to treatment
  
   
• Appointment history
  
   
• Transaction records (via SumUp – we do not store card details)
  
   

3. How We Collect Data

Your data is collected when:

• You book an appointment through Fresha
  
   
• You complete a consultation or consent form
  
   
• You communicate with us by email, phone, or in person
  
   

4. Why We Collect Your Data

We collect and process your personal data to:

• Schedule and manage appointments
  
   
• Provide safe, personalized treatment
  
   
• Comply with legal, financial, and insurance obligations
  
   
• Respond to your enquiries or feedback
  
   
• Send appointment reminders or updates (only with consent)
  
   
• Process secure payments via SumUp
  
   

5. How Your Data Is Stored

All booking and client information is securely stored via Fresha, and payments are processed via SumUp, both of which are GDPR-compliant platforms.

We do not store your card or payment details ourselves.

6. Sharing Your Data

Your data will never be sold. We may share necessary information with:

• Our booking system provider (Fresha)
  
   
• Our payment processor (SumUp)
  
   
• Insurance providers or regulators (only if legally required)
  
   

7. Your Rights

You have the right to:

• Access the personal data we hold about you
  
   
• Request corrections or updates
  
   
• Withdraw consent at any time
  
   
• Request erasure of your data (unless we’re legally required to keep it)
  
   
• Lodge a complaint with the ICO (Information Commissioner’s Office)
  
   

8. Data Retention

We retain your records for up to 7 years after your last appointment, in accordance with UK insurance and legal requirements.

9. Cookies & Website Analytics

If your website uses cookies or analytics tools (e.g., Google Analytics), add a simple note like:

This website uses cookies to enhance your browsing experience. You can manage cookie preferences in your browser settings.

Data Protection Policy

This policy outlines how we handle and protect client data within [Your Business Name].

1. Lawful Basis

We process personal data under the lawful bases of consent, contract, and legal obligation, as per the UK GDPR.

2. Responsibilities

We are responsible for:

• Keeping client data confidential and secure
  
   
• Ensuring third-party systems (e.g., Fresha) meet UK GDPR standards
  
   
• Training staff (if applicable) in data protection best practices
  
   

3. Security Measures

• Password-protected access to digital client records (via Fresha)
  
   
• Payment details are handled by SumUp, a PCI-compliant and GDPR-compliant third-party provider.
  
   
• Regular software updates and secure devices
  
   
• No unnecessary paper records retained
  
   

4. Data Breaches

In the unlikely event of a data breach, we will notify affected individuals and the ICO within 72 hours, in line with GDPR guidelines.

5. Reviewing the Policy

We review this policy annually or whenever there is a significant change in data practices or legal requirements.