Our Privacy Notice
Please take the time to read through this information carefully.
Bristol Massage Therapy Ltd respect and protect your privacy. This notice sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website at www.bristolmassagetherapy.co.uk and the us, website owners. Furthermore, the way we use, store and protect any personal data we collect from you, or that you provide to us, will also be detailed within this notice.
The Information We Collect
When you book an appointment we collect personal details such as your name, email and telephone. This information is used to identify you and contact you about the appointments and services you have booked.
To provide a safe and effective massage treatment we also need to collect information such as your medical background and lifestyle choices. This information is only used to make sure your treatment is as effective as possible.
Whilst you use the website we also receive information about your computer such as your IP address, operating system and browser details. This information helps us provide a better website experience for you.
When you buy a gift voucher we collect personal details such as your name, email, recipient’s name and possibly a postal address. This information is used to identify you and provide the service you have requested.
When you provide us with your personal information in the course booking an appointment, completing your massage intake form, making a payment or contacting us about our services, you are giving your consent to us collecting that information and using it for that specific reason.
We will not use your personal information for any secondary reason, like marketing, unless we have asked you directly for consent to do so.
How do I withdraw my consent?
For the purpose of legal protection we are required to hold the personal information you have given to us in the course of provide you with massage services and the notes about those treatments for a minimum of seven years.
Seven years after your last treatment we will permanently delete all your personal information that we hold.
If you withdraw your consent during the seven year retention period, we will archive your data until the seven year period expires.
Whilst your information is archived, we will not access or process it in any way accept if needed for legal protection or if I'm required to do so by law.
Should you wish to withdraw your consent at any time please email firstname.lastname@example.org with your request.
How can I access, update or amend my personal information?
You have the right to review the personal information we store about you and your massage sessions at any time. These will be sent by email, in a Microsoft Word document attachment.
You also have the right to request we update or amend your data if it is incorrect.
To action any of these rights at any time please email email@example.com with your request.
Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
DATA HANDLING & STORAGE
Our appointment booking and document service is provided by Cliniko. They specialise in providing secure collection, processing and storage personal data for healthcare practitioners worldwide.
Your data is stored through Cliniko using their data storage facilities, databases and the Cliniko web framework, on secure servers is always encrypted when in storage and whilst being transmitted across the internet.
If you choose to pay for your massage with a debit or credit card your information will be passed to our payment processors - either PayPal or Stripe for online card payments (for purchasing our gift vouchers) or iZettle for card payments in person.
We never store your credit card details, it is always processed by third-parties. It is encrypted through the Payment Card Industry Security Standard (PCI-DSS).
Both PayPal and Stripe offer a service whereby you can pay for your gift voucher quickly using credit or debit card details previously stored with them. We can't see your stored card details or information.
Paypal, Stripe and iZettle all adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
In general, the third-party providers we use will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in the UK and your transaction is processed by a payment gateway located in the United States, then your personal information used to complete that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click links on our website, they may direct you away from our website. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
If this business is acquired or merged with another business, your information may be transferred to the new owners so that they may continue to provide you with the massage services you have requested.
To request your information is updated, amended or deleted, or if you have any questions about how your information is collected, stored and used, please email firstname.lastname@example.org.
Questions & contact information
If, for any reason, you are unhappy with how we are handling your data, please raise your concerns with us first, so that we can seek a resolution. If you are still not satisfied, then you have the right to complain to the Information Commissioner’s Office (ICO).
This information is collected by Bristol Massage Therapy Ltd in accordance with the guidelines set out in the General Data Protection Regulation (GDPR), Articles 6.1(b), 9.2(h) and 9.3.
Bristol Massage Therapy Ltd is registered with the Information Commissioner's Office. Registration Reference: ZA113419
Bristol Massage Therapy Ltd will never lease, distribute or sell your personal information to any third parties.
Legal basis for storing data
Last updated: 09 May 2018