Privacy policy.

Why We Collect Your Data and What We Do With It

When you provide your details to this massage practice, we collect, store, and process your data for the following reasons. The bold terms correspond to legal bases under the Data Protection Act 2018, including the General Data Protection Regulation (GDPR).

  1. Contractual Necessity: We need to collect personal health information to provide you with safe and effective treatment. Your request for treatment and our agreement to provide it form a contract. You may choose not to provide this information, but without it, we cannot offer treatment.

  2. Legitimate Interests: We have a legitimate interest in collecting and processing your data to deliver our services effectively and safely.

  3. Your Legitimate Interests: We also collect your contact information to confirm appointments and provide important updates related to your care.

  4. Consent: With your explicit consent, we may occasionally send you newsletters, health tips, practice updates, or promotional offers. You can withdraw this consent at any time by contacting us via any convenient method.

Data Retention
We have a legal obligation to retain your records for seven years after your most recent appointment (or until you reach age 25 if that is longer). After this period, you may request the deletion of your records. Otherwise, we may keep records indefinitely to ensure continuity of care.

Data Security
Your medical records are securely stored. All electronic data (such as your name, email address, and telephone number) is password-protected and accessible only by authorized personnel. We take all reasonable steps to prevent unauthorized access.

Who Has Access to Your Data?
We will never share your data without your written consent, except with those who require access to provide your care or support our service delivery:

  • Your practitioner to provide treatment, manage appointments, and send reminders.

  • Acuity Scheduling, our online booking system, is GDPR compliant. Please note that Acuity only stores your contact details and booking information; it does not have access to your medical or sensitive data.

  • Mailchimp, used to send newsletters and communications; your name and email address are stored securely on their servers.

Your Rights
You have the right to:

  • Access the personal data we hold about you.

  • Request correction of any factual errors.

  • Request erasure of your data, subject to legal minimum retention periods.

Complaints
If you believe your data is being mishandled, you have the right to raise a complaint with us, the Data Controller:

Data Controller:
Cheryl Pierre
Email: cheryl@londonmassagepractice.com
Phone: 07903 195465

If you are not satisfied with our response, you may escalate your complaint to the Information Commissioner’s Office (ICO).