IvanaMassage.co.uk

Privacy Policy

This Privacy Policy explains how I (Massage Therapy by Ivana) collect, use, store, and protect your personal information in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

1. Who I Am

Massage Therapy by Ivana is a sole trader business providing professional massage and bodywork services in the UK. If you have any questions about this policy or your data, please Contact Me.

2. Information I Collect

I may collect and process the following types of personal information:

  • Contact details – name, email address, phone number, postal address.
  • Personal identifiers – date of birth, emergency contact details.
  • Health and medical information – as provided in your Massage Therapy Client Intake Form, including medical history, medications, allergies, injuries, and treatment preferences.
  • Appointment history – treatments received, dates, duration, and notes necessary for ongoing care.
  • Payment details – payment method and transaction records (note: I do not store full card details; these are processed securely by third-party providers such as Fresha and Zettle by PayPal).
  • Communication records – emails, messages, or notes from telephone conversations relating to your appointments or enquiries.

3. How I Collect Your Information

  • Directly from you via the Massage Therapy Client Intake Form (paper or digital).
  • Through my online booking platform Fresha.
  • Via email, phone, or in-person communication.
  • Through payment processing services such as Zettle by PayPal.

4. Why I Collect Your Information

Your information is collected for the following purposes:

  • To provide safe, effective, and appropriate massage therapy treatments.
  • To manage appointments, bookings, and cancellations.
  • To comply with insurance, legal, and regulatory obligations.
  • To process payments and issue receipts.
  • To communicate with you regarding your bookings, aftercare, or relevant updates.
  • To maintain accurate client records for continuity of care.

5. Lawful Bases for Processing

Under UK GDPR, I rely on the following lawful bases to process your personal data:

  • Consent – where you have given explicit consent (e.g. to process health information).
  • Contract – to deliver the service you have booked and manage the appointment.
  • Legal obligation – to comply with tax, accounting, and insurance requirements.
  • Legitimate interests – to maintain contact with clients regarding relevant services.

6. How Your Information is Stored

  • Paper records (e.g., signed intake forms) are kept securely in a locked cabinet.
  • Digital records are stored securely on password-protected devices or secure platforms such as Fresha, in compliance with their own privacy and security measures.
  • Access to your records is limited to me as the sole practitioner, unless required by law or with your written consent.

7. How Long I Keep Your Information

In line with professional and insurance requirements, I retain client records for:

  • Adults – 7 years from the date of your last treatment.
  • Under-18s – until your 25th birthday (or 26th if you were 17 at your last treatment).

After this period, your data will be securely destroyed or deleted.

8. Sharing Your Information

I do not sell or share your personal data with third parties for marketing purposes. I may share your information:

  • With healthcare professionals if you have provided written consent.
  • With legal, insurance, or regulatory bodies if required by law.
  • With payment processors (e.g., Fresha, Zettle by PayPal) to process transactions.

9. Your Rights

Under the UK GDPR, Data Protection Act 2018, and the Data (Use and Access) Act 2025, you have the right to:

  • Access the personal data I hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of your data where there is no legal reason for me to keep it.
  • Withdraw consent for processing where consent is the lawful basis.
  • Restrict or object to processing in certain circumstances.
  • Request data portability to another provider where applicable.

To exercise any of these rights, please email me (visit my Contact page). You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

10. Cookies & Website Analytics

My website may use cookies or analytics tools to improve performance and user experience. You can adjust your browser settings to refuse cookies if you prefer.

11. Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes in the law or my business practices. Any significant changes will be noted by updating the “Last updated” date at the top of this page.