This Privacy Notice will help you understand what personal data I collect, why I collect it and what I do with it.
1. Information I collect
Website logs
When you visit my website, my servers may automatically log the standard data provided by your web browser. This may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
Device data
I may also collect data about the device you’re using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What I collect can depend on the individual settings of your device and software. I recommend checking the policies of your device manufacturer or software provider to learn what information they make available to me.
Personal information
In the course of providing you with my products and services I may ask for personal information, such as your:
- Name
- Phone/mobile number
- Mailing address
- Payment information
MASSAGE APPOINTMENTS
When you book an appointment I collect personal details such as your name, email and telephone. This information is used to identify you and contact you about the appointments and services you have booked and purchased.
To provide a safe and effective massage treatment I also need to collect information such as your medical background and lifestyle choices. This information is only used to make sure your treatment is as effective as possible.
When you provide me with your personal information in the course booking an appointment, making a payment or contacting me about my services, you are giving your consent to me collecting your information and using it for that specific reason.
When completing the client intake form you will be providing me with you health related date. I need this information to provide a safe and effective treatment for you. This type of data is classed as special category data within the GDPR guidelines and I need your consent to collect, process and store this data. You will be asked to provide that consent via e-signature when completing the form.
For the purpose of legal protection I am required to hold the personal information you have given to me in the course of provide you with massage services and the notes about those treatments for a minimum of seven years.
Seven years after your last treatment I will permanently delete all your personal information that I hold.
If you withdraw your consent during the seven year retention period, I will archive your data until the seven year period expires.
Whilst your information is archived, I will not access or process it in any way accept if needed for legal protection or if I’m required to do so by law.
2. Legal bases for processing
I will process your personal information lawfully, fairly and in a transparent manner. I collect and process information about you only where I have legal bases for doing so.
These legal bases depend on the services you use and how you use them, meaning I collect and use your information only where:
- it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when I provide a service you request from me);
- it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote my services, and to protect my legal rights and interests;
- you give me consent to do so for a specific purpose (for example, you might consent to me sending you my newsletter); or
- I need to process your data to comply with a legal obligation.
Where you consent to my use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).
I don’t keep personal information for longer than is necessary. While I retain this information, I will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, I advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, I may retain your personal information for my compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.
3. Collection and use of information
I may collect, hold, use and disclose information for the following purposes and personal information will not be further processed in a manner that is incompatible with these purposes:
- to enable you to customise or personalise your experience of my website;
- to enable you to access and use my website, associated applications and associated social media platforms;
- to contact and communicate with you;
- for internal record keeping and administrative purposes;
- for analytics, market research and business development, including to operate and improve my website, associated applications and associated social media platforms;
- to run competitions and/or offer additional benefits to you;
- for advertising and marketing, including to send you promotional information about my products and services and information about third parties that I consider may be of interest to you; and
- to comply with my legal obligations and resolve any disputes that we may have.
4. Disclosure of personal information to third parties
I may disclose personal information to:
- my employees, contractors and/or related entities;
- credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services I have provided to you;
- courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
- third parties to collect and process data.
5. International transfers of personal information
The personal information I collect is stored and processed in UK, Europe, Canada and United States of America, or where I or my partners, affiliates and third-party providers maintain facilities. By providing me with your personal information, you consent to the disclosure to these overseas third parties.
I will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.
Where I transfer personal information from a non-EEA country to another country, you acknowledge that third parties in other jurisdictions may not be subject to similar data protection laws to the ones in our jurisdiction. There are risks if any such third party engages in any act or practice that would contravene the data privacy laws in our jurisdiction and this might mean that you will not be able to seek redress under our jurisdiction’s privacy laws.
6. Your rights and controlling your personal information
Choice and consent: By providing personal information to me, you consent to me collecting, holding, using and disclosing your personal information in accordance with this privacy policy. If you are under 16 years of age, you must have, and warrant to the extent permitted by law to me, that you have your parent or legal guardian’s permission to access and use the website and they (your parents or guardian) have consented to you providing me with your personal information. You do not have to provide personal information to me, however, if you do not, it may affect your use of this website or the products and/or services offered on or through it.
Information from third parties: If I receive personal information about you from a third party, I will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to me.
Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to me using your personal information for direct marketing purposes, you may change your mind at any time by contacting me using the details below. If you ask me to restrict or limit how I process your personal information, I will let you know how the restriction affects your use of my website or products and services.
Access and data portability: You may request details of the personal information that I hold about you. You may also request a copy of the personal information I hold about you. Where possible, I will provide this information in CSV format or other easily readable machine format. You may request that I erase the personal information I hold about you at any time. You may also request that I transfer this personal information to another third party.
Correction: If you believe that any information I hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact me using the details below. I will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
Notification of data breaches: I will comply with laws applicable to me in respect of any data breach.
Complaints: If you believe that I have breached a relevant data protection law and wish to make a complaint, please contact me using the details below and provide me with full details of the alleged breach. I will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps I will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Unsubscribe: To unsubscribe from my e-mail database or opt-out of communications (including marketing communications), please contact me using the details below or opt-out using the opt-out facilities provided in the communication.
7. Cookies
I use “cookies” to collect information about you and your activity across my site. A cookie is a small piece of data that my website stores on your computer, and accesses each time you visit, so I can understand how you use my site. This helps me serve you content based on preferences you have specified. Please refer to my Cookie Policy for more information.
8. Business transfers
If my assets are acquired, or in the event that I go out of business or enter bankruptcy, I would include data among the assets transferred to any parties who acquire my business. You acknowledge that such transfers may occur and that any parties who acquire my business may continue to use your personal information according to this policy.
9. Limits of our policy
My website may link to external sites that are not operated by me. Please be aware that I have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
10. Changes to this policy
At my discretion, I may change my privacy policy to reflect current acceptable practices. I will take reasonable steps to let users know about changes via my website. Your continued use of this site after any changes to this policy will be regarded as acceptance of my practices around privacy and personal information.
If I make a significant change to this privacy policy, for example changing a lawful basis on which I process your personal information, I will ask you to re-consent to the amended privacy policy.
Website Data Controller
Trevor Chisman
trevor@themassagerebel.com
This policy is effective as of 1 May 2019.
Last updated 18 October 2022
For any questions or comments please Contact me.