THE INFORMATION I COLLECT?
When you book an appointment I collect personal details such as your name, address, email and telephone. This information is used to identify you and contact you about the appointments and services you have booked and purchased.
To provide a safe and effective massage treatment I also need to collect information such as your medical background and lifestyle choices. This information is only used to make sure your treatment is as effective as possible.
Whilst you use the website I also receive information about your computer such as your IP address, operating system and browser details. This information helps me provide a better website experience for you.
How do you get my consent?
When you provide me with your personal information in the course booking an appointment, making a payment or contacting me about my services, you are giving your consent to me collecting your information and using it for that specific reason.
When completing the client intake form you will be providing me with you health related date. I need this information to provide a safe and effective treatment for you. This type of data is classed as special category data within the GDPR guidelines and I need your consent to collect, process and store this data. You will be asked to provide that consent via e-signature when completing the form.
I will not use your personal information for any secondary reason, like marketing, unless I have asked you directly for consent to do so.
How do I withdraw my consent?
For the purpose of legal protection I am required to hold the personal information you have given to me in the course of provide you with massage services and the notes about those treatments for a minimum of seven years.
Seven years after your last treatment I will permanently delete all your personal information that I hold.
If you withdraw your consent during the seven year retention period, I will archive your data until the seven year period expires.
Whilst your information is archived, I will not access or process it in any way accept if needed for legal protection or if I’m required to do so by law.
Should you wish to withdraw your consent at any time please email email@example.com with your request.
How can I access, update or amend my personal information?
You have the right to review the personal information I store about you and your massage sessions. You also have the right to request I update or amend your data if it is incorrect.
To action any of these rights you can email your request to firstname.lastname@example.org.
I may disclose your personal information if I am required to do so by law or if you violate my Terms and Conditions of service.
DATA HANDLING AND STORAGE
My appointment booking and document service is provided by IntakeQ. They specialise in the secure collection, processing and storage of personal data for medical professionals and therapists.
Your data is stored through IntakeQ using their data storage facilities, databases and the IntakeQ web framework.
Your data is stored on secure servers behind a firewall and is always encrypted when in storage and whilst being transmitted across the internet.
If you choose to pay for your massage with a debit or credit card your information will be passed to my payment processors – either Stripe for online card payments or Zettle by Paypal for card payments in person.
I never store your credit card details, it is always processed by third-parties. It is encrypted through the Payment Card Industry Security Standard (PCI-DSS).
Stripe offer a service where by you can pay for your appointment quickly using credit or debit card details previously stored with them. I can’t see your stored card details or information.
Both Stripe and Zettle by Paypal adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
In general, the third-party providers I use will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to me.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information I am required to provide to them for your purchase-related transactions.
For these providers, I recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or me. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in the UK and your transaction is processed by a payment gateway located in the United States, then your personal information used to complete that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click links on my website, they may direct you away from my website. I am not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
To protect your personal information, I take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, I follow all PCI-DSS requirements and implement additional generally accepted industry standards.
If this business is acquired or merged with another business, your information may be transferred to the new owners so that they may continue to provide you with the massage services you have requested.
QUESTIONS AND CONTACT INFORMATION
To request your information is updated, amended or deleted, or if you have any questions about how your information is collected, stored and used, please email email@example.com.
LEGAL BASIS FOR STORING DATA
This information is collected by Trevor Chisman in accordance with the guidelines set out in the General Data Protection Regulation (GDPR), Articles 6.1(a,b), 9.2(h) and 9.3.
Trevor Chisman is registered with the Information Commissioners Office. Registration Reference: ZA297458
Trevor Chisman trading names: The Massage Specialist, The Massage Rebel, Glasgow Treatment Rooms.