Your Privacy Matters

As an individual therapist working within the UK, I am committed to protecting your personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and related data protection legislation. This Privacy Policy explains what data I collect, why I need it, how I store it, who I may share it with, how long I keep it, and your rights as a client.

 

This applies to any information you provide through my website, consultation forms, treatment notes, online booking system, email, telephone, text message or direct contact.

 

Who I Am

Name: Susan Jane Green

Clinic Name: Green Massage Therapy

Location: c/o 53/54 Market Square, Duns TD11 3BX

Contact: 07860164083 | info@green-massage.co.uk

 

What Data I Collect and Why

To provide safe and appropriate care, I may collect:

·       Personal data: name, address, phone number, email address and date of birth. This allows me to contact you, manage appointments and keep appropriate treatment records.

·       Health information: medical history, lifestyle information, relevant health details, assessments and treatment notes. This is needed to assess whether treatment is appropriate and to keep accurate records of your care.

·       Marketing preferences: if you choose to opt in, I may send newsletters, clinic updates or other relevant information. You can unsubscribe at any time.

·       Website or booking information: if you contact me through a website form, online booking system or payment system, relevant details may be collected to respond to your enquiry, manage your appointment or process payment.

 

Lawful Basis for Holding Your Data

Under UK GDPR, I rely on the following lawful bases where relevant:

·       Contract: to arrange and provide treatment services.

·       Legitimate interests: to manage appointments, keep appropriate records, respond to queries, manage my clinic, and respond to or defend complaints, insurance matters or legal claims.

·       Legal obligation: where the law requires me to process or retain information.

·       Vital interests: if required to protect your health or someone else’s health in an emergency.

·       Consent: for optional marketing communications and any other optional processing where consent is specifically requested.

 

Special Category Health Data

Health information is special category data under UK GDPR. I process health information only where an Article 9 condition applies, such as where explicit consent is appropriate, or where records are needed in relation to legal claims, insurance matters, professional complaints or regulatory matters.

   

How I Store Your Data

Your data is stored securely in one or more of the following ways:

·       Locked filing cabinets for paper forms.

·       Encrypted devices or password protected systems for digital records.

·       Secure online booking, payment or clinic management systems, where used.

 

Only those who need access for legitimate clinic, administrative, professional, legal or insurance purposes will have access to your information. I take reasonable steps to protect your data from unauthorised access, loss, misuse or disclosure.

 

How Long I Keep Your Data

Treatment records are kept for 7 years after your last treatment, unless my insurer or another legal requirement requires a different period.

For clients under 18, records are kept until the client turns 25.

After the relevant retention period, records will be securely destroyed or deleted.

 

Sharing Your Data

Your data will only be shared where necessary and appropriate. This may include:

·       With your consent, for example when referring you to another professional.

·       With my insurance provider, professional association, legal adviser, regulator or relevant authority if needed for a complaint, insurance matter, legal claim or legal obligation.

·       With third party service providers, such as booking systems, payment providers or product suppliers, where you use those services or ask me to arrange something on your behalf.

I will not sell your personal data.

 

Your Rights Under UK GDPR

You have the right to:

·       Access the personal data I hold about you.

·       Request correction of inaccurate or incomplete data.

·       Request erasure of your data in certain circumstances.

·       Restrict or object to certain types of processing.

·       Receive a copy of your data in a commonly used digital format, where this applies.

·       Withdraw consent where consent is the lawful basis for processing.

Some rights are not absolute. I may need to retain certain information for insurance, legal, regulatory, tax or complaint related reasons.

 

Complaints and Contact

If you have a concern about how I handle your data, please contact me first so I can respond. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Telephone: 📞 0303 123 1113

Website: 🌐https://ico.org.uk

 

 

For any questions about this Privacy Policy, or to exercise your rights, contact:

📧info@green-massage.co.uk                          📞 07860164083