This is the Privacy Notice of Energising Massage. In this document, “we”, “our”, or “us” refer to Energising Massage.
The purpose of this Privacy Notice
This Privacy Notice is designed to help you understand what kind of information we collect in connection with our services and how we will process and use this information. In the course of providing you with services, we will collect and process information that is commonly known as personal data.
This Privacy Notice describes how we collect, use, share, retain and safeguard personal data.
This Privacy Notice sets out your individual rights. We explain these later in the Privacy Notice but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
Where we collect data directly from you, we are considered to be the controller of that data i.e. we are the data controller. Where we use third parties to process your data, these parties are known as processors of your personal data i.e. therapists working on behalf of Energising Massage.
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller. All data processors are required to comply with our Privacy Notice and other policies to safeguard the confidentiality of your personal information.
Personal data we collect
In order for us to ensure we can carry out the right treatment for you it is necessary to collect personal information about you, from you. This will be carried out in the form of a client consultation and health check questionnaire. At a minimum this will hold your full name, phone number, email address, date and consent of your first consultation, notes on your medical history, where appropriate to the treatment being given; and subsequent notes on further treatments given.
At the start of each subsequent treatment you will be asked to check the original information given in the health check questionnaire is still correct and to advise of any changes in your medical history that may affect the treatment being given at that time. Any changes you disclose will be updated on the health check questionnaire.
We will also collect electronic personal information, which may include your full name, email address and phone number if you book a massage using any of our online booking systems or email us directly.
By booking a massage via a booking form, email, or by telephone we will ask you to agree to the terms of this Privacy Notice.
Your contact data in the form of name, email, telephone and place of work is stored online in Google mail contacts.
If you object to the collection and use of your personal data we may be unable to provide you with our services.
Why do we need your personal data?
We collect this information to ensure the treatment you have booked is suitable and to ensure there are no contradictions (reasons as to why the treatment may not be carried out at that time).
We will also use your data to advertise future massage dates (at your place of work) and available appointments on those dates. It will be used to confirm and remind you of appointments you have already booked. It may also be used to provide further relevant information specific to any treatment you have received.
Who might we share your information with?
We will not share your details or personal information with anyone else.
We will not share your information with any third parties for the purposes of marketing.
What do we do with your information?
All client health check questionnaires and personal details are strictly private and confidential, will not be shared with anyone else and will be securely stored. We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data.
How long do we keep hold of your information?
The retaining of data is necessary where required for contractual, legal or regulatory purposes. It is a requirement that client consultation records are taken and retained for a period of seven years after the last treatment has been carried out. After this time if you no longer wish to receive any further treatments or notification of future available massage appointments, your records will be confidentially disposed of and your personal data deleted from our Google mail contacts.
How can I access the information you hold about me?
You can ask to see what information we hold about you at any time. See Your rights below.
We may update this Privacy Notice from time-to-time. We will post a new version on our website as well as notify you that we have updated the Privacy Notice. You are advised to ensure you are happy with the changes before continuing your treatments with us.
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared (if applicable), where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
– The right to be informed about the personal data being processed;
– The right of access to your personal data;
– The right to object to the processing of your personal data;
– The right to restrict the processing of your personal data;
– The right to rectification of your personal data;
– The right to erasure of your personal data;
– The right to data portability (to receive an electronic copy of your personal data);
– Rights relating to automated decision making including profiling.
Individuals can exercise their Individual Rights at any time. As mandated by law we will not charge a fee to process these requests. However if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.
In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for regulatory and other statutory purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
If you are dissatisfied with any aspect of the way in which we process your personal data please contact email@example.com
How to contact us
If you have any questions regarding this Notice, the use of your data and your Individual Rights please contact firstname.lastname@example.org