Massage & Reflexology in Bath
Privacy Policy
Your privacy is of the utmost importance to us. Please take your time to read this Privacy Policy carefully.
Purpose of processing the information we hold
The main purpose for holding and using your personal information is to be able to offer you complementary therapy treatments.
​
What personal information do we collect and use?
In order to provide complementary therapies we need to collect and process personal data about you as follows:
-
on booking an appointment we would ask for your full name, address, date of birth, mobile number and email address.
-
on completing a Consultation Form online or in person we would ask for your GP details, emergency contact name and number and medical history. All this information is confidential and would only be shared with your GP (with your consent) if it was deemed necessary.
-
on paying for a treatment session online we get advised of your name, address, email and payment amount. Payment in person by card reader is processed by a third party.
-
on signing up for the newsletter we would ask for your first name, surname and email address.
-
on visiting the website your IP address is noted and used within Google Analytics for statistical data reporting.
-
Information obtained through use of cookies and website browsing history.
-
your marketing preferences.
When do we collect personal information about you?
We collect personal information about you when you:
-
book an appointment for a complementary therapy treatment either online, by email, text or phone.
-
complete a medical history form either online or in person before the treatment session.
-
pay for a treatment session online or on site.
-
sign up for the newsletter.
-
visit our website.
-
contact us for any reason.
-
Cookies - Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. You can set your browser to not accept cookies and can remove cookies from your browser however, in a few cases some of our website features may not function as a result. More information on cookies can be found here.
Why do we collect your personal information?
We collect the information in order to:
-
confirm your appointment, send you reminders and a follow up email about your appointment.
-
ensure that the treatment booked is suitable and that it is safe for you to go ahead.
-
send you an invoice after your treatment in order for you to claim the cost via your health provider or make payment if you have requested this option.
-
email you newsletters about the latest news and special offers.
-
preparation of annual tax return.
-
compile statistical information.
-
maintain appropriate business records.
Lawful Basis for holding and using the information
We hold and use your personal information in order to provide complementary therapies to you and to comply with our obligations under this contract. On booking a complementary therapy session a contract is formed and we are obliged to carry out the session unless there are reasons as to why a session may not be appropriate and should this be the case you will be informed immediately.
Before commencing a complementary therapy session we have a legal obligation to obtain special category data to ensure that we can provide a safe and effective treatment for you and in order to do this medical information will be requested and such records retained for insurance purposes.
We have a legal obligation to hold payment information for submission of end of year accounts to HMRC and an obligation to maintain appropriate business records on an ongoing basis.
We obtain your consent for sending out newsletters for marketing purposes, and you can withdraw your consent at any time.
Who do we share this information with?
We may disclose your personal information to third parties for the purposes described in this Privacy Policy. These might include providers such as IT suppliers, website provider, lawyers, marketing agencies, payment processing providers, document management providers, our industry bodies and tax advisers.
We use the following third parties to process personal data on our behalf. These third parties are based in the United States and are committed to complying with the EU General Data Protection Regulation 2018 (GDPR) when it comes into force on 25 May 2018. They are already EU-U.S Privacy Shield compliant.
-
Google (Privacy Policy)
-
Mailchimp (Privacy Policy)
-
PayPal (Privacy Policy)
-
Acuity Scheduling (Privacy Policy)
-
Wix (Privacy Policy)
What marketing activities do we carry out?
Email Marketing
We send out a newsletter to people that have signed up to receive regular communication from us. If you have consented to receive our newsletter and changed your mind, you may unsubscribe at any point either by clicking the unsubscribe link in the email or emailing: roseholistictreatments@gmail.com
Please note that we respect your privacy and will never share your information for marketing purposes.
​
How long do we hold on to this information and how will it be destroyed?
We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations. Our insurance provider stipulates that client records should be retained for a minimum of 10 years after which time electronic records will be manually deleted and paper records will be shredded. For accounting purposes all information relating to payments will be held for 7 years after which time the electronic records will be manually deleted and paper records will be shredded.
​
Your rights under GDPR
Under data protection law you have certain legal rights in relation to the personal information that we hold about you.
Please note that in some cases we may not be able to comply with your request (e.g. we might not be able to delete your data) for reasons such as our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make and if we can’t comply with your request, we will tell you why.
​
You have rights under GDPR as follows:
• The right to be informed
You have the right to know how your information will be held and used. This Privacy Policy outlines that information.
• The right of access
You have the right to see our records of your personal information so you know what is held about you.
• The right to rectification
You have the right to tell us to make changes to your personal information if it is incorrect or incomplete.
• The right to erasure (also called “the right to be forgotten”).
You have the right to request us to erase any information we hold about you. Please note that we are legally obliged to hold medical records for 10 years.
•The right to restrict processing of personal data
You have the right to request limits on how we use your personal information however this is not an absolute right and only applies in certain circumstances.
• The right to data portability
Under certain circumstances you can request a copy of personal information held electronically so you can transfer it to a third party of your choice
• The right to object
You have the right to object to how your data is used and you can unsubscribe from marketing emails at any time by clicking the unsubscribe link in the email or contacting us directly.
• Rights in relation to automated decision-making and profiling
• Right to lodge a complaint with the ICO
If you feel that your personal information is not being used in the correct way then please do get in contact to allow us to rectify this immediately. Our contact details are at the end of this page.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Email: casework@ico.org.uk
​
Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
How we protect your information
We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical procedures to safeguard and secure the information we collect from you.
How to contact us
Please contact us if you have any questions about our privacy policy or information we hold about you.
Email: roseholistictreatments@gmail.com
Post: Rose Holistic Treatments, 9 Avondale Road, Bath BA1 3EG
​
Changes to our Privacy Policy
The policy is reviewed on a regular basis in line with any changes in the data protection law. This policy was last updated on 15 May 2018.
​
This Privacy Policy is not allowed to be copied or amended for use by any other person and remains the property of Rose Holistic Treatments at all times.