top of page
Safe Hands Massage Therapy.png

Privacy Policy
Last updated: 25/08/2025
Who We Are (Data Controller)
Safe Hands Massage Therapy is the data controller for any personal data we collect. We are committed to protecting your privacy and ensuring the security of your personal information in accordance with UK GDPR and Data Protection Act 2018. This privacy policy explains how we collect, use, and protect your personal data when you use our services or visit our website.
What Personal Data We Collect
We collect and process the following categories of personal data:

  • Contact information (name, email address, phone number)

  • Health information provided through our health questionnaire

  • Booking and appointment details

  • Payment information (processed securely through our payment provider)

  • Website usage data and cookies (see our Cookie Policy for details)

How We Use Your Data and Our Lawful Basis for Processing
We process your personal data under the following lawful bases:
Contract
We process your contact details and booking information to fulfill our service contract with you.
Explicit Consent
We process sensitive health data only with your explicit consent to provide safe and effective massage therapy.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Health data will be retained for the period required by professional therapy practice regulations and insurance requirements, typically 7 years from your last appointment. Contact and booking information may be retained for up to 3 years for legitimate business purposes, unless you request earlier deletion.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption of sensitive data, secure hosting environments, access controls, and regular security assessments. All health data is handled with the highest level of security appropriate for special category personal data.
International Data Transfers
Some of our service providers may be located outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including adequacy decisions or standard contractual clauses approved by the UK authorities. We conduct transfer risk assessments to ensure your data remains protected to UK standards.
Your Data Protection Rights
Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access to your personal data

  • Right to rectification of inaccurate data

  • Right to erasure in certain circumstances

  • Right to restrict processing

  • Right to data portability

  • Right to object to processing

  • Right to withdraw consent for health data processing

How to Contact Us
If you have any questions about this privacy policy or wish to exercise your data protection rights, please contact us:
Contact Form
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been breached.

bottom of page