Please take the time to read through this information carefully.
THE INFORMATION I COLLECT?
When you book an appointment, I collect personal details such as your name, address, email and telephone. This information is used to identify you and contact you about the session and services you have booked and purchased.
To provide a safe and effective massage treatment, I also need to collect information such as your medical background and lifestyle choices. This information is only used to make sure your treatment is as effective as possible.
While you use the website, I also receive information about your computers such as your IP address, operating system and browser details. This information helps me provide a better website experience for you.
How do you get my consent?
When you provide me with your personal information in the course booking an appointment, making a payment or contacting me about my services, you are giving your consent to me collecting your data and using it for that specific reason.
When completing the client intake form, you will be providing me with your health-related date. I need this information to provide a safe and effective treatment for you. This type of data is classed as special category data within the GDPR guidelines, and I need your consent to collect, process, and store this data. You will be asked to provide that consent via e-signature when completing the form.
I will not use your personal information for any secondary reason, like marketing unless I have asked you directly for consent to do so.
How do I withdraw my consent?
For legal protection, I am required to hold the personal information you have given to me in the course of providing you with massage services and the notes about those treatments for a minimum of seven years.
Seven years after your last treatment, I will permanently delete all your personal information that I hold.
If you withdraw your consent during the seven-year retention period, I will archive your data until the seven-year period expires.
While your information is archived, I will not access or process it in any way, only if needed for legal protection or if I'm required to do so by law.
Should you wish to withdraw your consent at any time, please email firstname.lastname@example.org with your request.
How can I access, update or amend my personal information?
You have the right to review the personal information I store about you and your massage sessions. You also have the right to request I update or amend your data if it is incorrect.
To action any of these rights, you can email your request to email@example.com.
In general, the third-party providers I use will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to me.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their privacy policies concerning the information I am required to provide to them for your purchase-related transactions.
For these providers, I recommend that you read their privacy policies so you can understand how these providers will handle your personal information.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or me. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in the UK and your transaction is processed by a payment gateway located in the United States, then your personal information used to complete that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click links on my website, they may direct you away from my website. I am not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
To protect your personal information, I take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, I follow all PCI-DSS requirements and implement additional generally accepted industry standards.
If this business is acquired or merged with another company, your information may be transferred to the new owners so that they may continue to provide you with the massage services you have requested.
QUESTIONS AND CONTACT INFORMATION
To request your information is updated, amended or deleted, or if you have any questions about how your information is collected, stored and used, please email firstname.lastname@example.org.
LEGAL BASIS FOR STORING DATA
This information is collected by Barry Cooper under the guidelines set out in the General Data Protection Regulation (GDPR), Articles 6.1(a,b), 9.2(h) and 9.3.