PRIVACY NOTICE
MH Massage Therapy Ltd, trading as Massage Therapy MH
Last updated : 1 January 2025
This Privacy Notice for MH Massage Therapy Ltd, trading as Massage Therapy MH ('we', 'us', or 'our'), describes how and why we collect, store, use, and/or share ('process') your personal information when you use our services, including when you:
This privacy notice might not be applicable in full if we provide our services as part of an event, as part of a charitable fundraising including but not limited to services being offered as a price of a raffle, corporate wellbeing programs, our services are not directly booked online on our webpage or by using the client portal and/or we collaborate with a third party to offer our services.
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Notice, a further detailed description about the personal data we collect, process, use, store and our data processors will follow after the summary of these key points.
What personal information do we process?
Personal information provided by you and how it is processed is depending on the interaction with us and/or use of services we provide. Please see ‘Privacy Notice in Full’ for a full list of personal data we process and data processors we use.
Do we process any sensitive personal information?
We collect and process sensitive personal information to ensure that there are no contraindications which prevent or restrict massage therapy. This information will be provided by yourself by completing the intake/consultation form, which includes your medical history, medical conditions, prescribed medication and allergies. This means that the personal information we collect and process includes special categories of personal data as defined in the UK GDPR.
Do we collect any information from third parties?
Any information coming from third parties will be provided to us on your behalf and/or based on your request. An example could be a written note from your medical practitioner confirming that your medical condition is not a contraindication for massage therapy.
In what situations and with which parties do we share personal information?
We collaborate with third party vendors, data processors, to process and store the personal data we collect. We will only share your personal data with a healthcare professional if a referral is required and only after you give explicit consent for us to do so. There might be circumstances where personal data is shared with our insurance company and/ or legal advisors.
How do we keep your information safe?
We do have a range of security measures in place to protect your personal information from unauthorised access, use, or loss. Two-step verification, where available, is in place to increase data security and minimise the risk of unauthorised use of access to the personal data we hold.
Reasonable steps have been taken to assess third party vendors, who are categorised as data processors in the UK GDPR, to ensure they are compliant and have appropriate data protection safeguards in place to protect your personal data.
We will review our security measures in place on a regular basis and adjust and/ or implement additional security measurements if they become available.
How can I get my personal data?
Under the UK General Data Protection Regulation you have rights when it comes to your personal data. The right to access your personal data we hold is one of them. You right to access of personal data hold us can be exercised by submitting a Data Subject Access Request on our webpage : DSAR | Massage Therapy MH
Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about the information we collect and store, to enable us to deliver our services.
FURTHER DETAILS
Table of contents
1. Collecting personal information
We collect personal information provided by you for a variety of reasons. Which information and how it is being collected, processed, used and/or retained, depends on the interaction, the nature of the interaction and/or the service we are providing.
We request you to provide us with personal information if we believe there is valid reason to do so and have been taken the following into account when determining the required information:
2. Legal bases we rely on
The UK GDPR is outlining our requirement to explain the valid legal bases we rely on in order to process your personal information. Valid legal bases we rely on are contractual obligations, to be able to provide you with our servers or consent given by yourself.
Special rules apply for sensitive personal data like medical information, which falls under the so-called special category of personal data in the UK GDPR. Processing and use of this data will be based on your explicit consent.
3. Data processors and processing of personal data
We use third party vendors and service providers for hosting our webpage, online appointment bookings, client management, payment gateway, cookie consent management, email delivery, newsletter and marketing email delivery and accounting. In the UK GDPR they are defined as our data processors.
Website
One.com is the hosting service for our webpage and email delivery service, excluding marketing emails and automated emails in relation to a booked appointment. The online booking system powered by Acuity is embedded and one.com is therefore not the hosting service of this tool
We use Termly for our cookie management system. Please see the cookies we use for more detailed information.
Online booking system
Acuity scheduling from Squarespace is our online booking system which is embedded in our webpage. The personal data collected such as name, telephone number, address and telephone number will enable us to contact you and to deliver to mobile massage therapy. The details will be entered manually in our practice management software from Zanda Health. Square is the payment gateway we use for all appointments booked via Acuity Scheduling and payments made when ordering massage packages and/or massage certificates.
More information on SquareSpace Terms of service Terms of Service – Squarespace and Data Processing Addendum Data Processing Addendum – Squarespace
Client Portal/ Online intake/ consultation form/
The Client Portal is part of Zanda Health, and clients can login to their account to make an appointment, view future appointments and invoices. Stripe is processing payments made through the client portal.
Information about your medical history, medical conditions, recent surgery, ongoing treatments and/or allergies are collected when you complete the online consultation form. We collect and process sensitive personal information to ensure that there are no contraindications preventing or restricting massage therapy.
All personal information that you provide to us must be true, complete and accurate. You must notify us of any changes to such personal information, including any changes to your health and medication.
We might further store information and documentation in relation to the massage therapy such as; result of any postural assessment, reason for visit, findings, treatment plans, recommendations, other non physical conditions shared which could impact your current physical condition.
Concession types might be used where a discounted price has been offered to volunteers of a local charity.
More information on Zanda Health’s Terms of Use | Practice Management Software | Zanda, Privacy Policy - Zanda Health and a EU Standard Contractual Clause UK Addendum is in place.
Payment Gateway/ payment processors
The necessary date to process your payments for our services will be handled and stored by Stripe and Square. We don’t have access to your card details when you book an appointment on our webpage, when using the client portal or use tap to pay in-person.
The privacy policy of Stripe is available on https://stripe.com/gb/privacy
Square’s privacy policy can be found here https://squareup.com/gb/en/legal/general/privacy-no-account? country_redirection=true.
Newsletter/ Marketing related emails
Receiving the newsletter or any marketing related emails will require you to subscribe to them separately. Your date is processed and stored with MailChimp and is not linked to your client profile in our practice management system. An unsubscribe link can be found at the footer of those emails.
Mailchimp Data Processing Addendum is avaible Mailchimp Data Processing Addendum Preview | Mailchimp
4. Other third parties we share information with
We might need to share personal information with our insurance company and/or legal advisors if a claim has been made. We will only share your personal data with a healthcare professional if a referral is required and only after you give explicit consent for us to do so.
5. Cookies and other tracking technologies
We use termly for our cookie consent management including the consent banner. Termly is using two different cookies for:
We might in the future make use of other cookies and/or tracking technologies, to track the efficiency of marketing campaigns.
6. Data retention
All personal data we collect, store and use, and which is directly related to massage treatments provided, will be retained for 10 years. Submitting contact forms, emails will be saved for a maximum of 3 months if not related to a massage treatment provided.
7. Your Privacy rights under the UK GDPR
Right to be informed
Right of access to personal data we hold
Right to rectification of inaccurate or incomplete personal data
Right to object
We collect and process your personal data to provide your mobile massage services or any other services. The personal information collected will not be used for marketing purposes, including profiling. Unless you have subscribed to our newsletter and marketing by completing the form on our webpage Newsletter | Massage Therapy
The newsletter and/or direct marketing emails do include a link to unsubscribe, if you no longer would like to receive the newsletter or any other marketing related emails from us.
More information about your rights can be found on the ICO webpage.
UK Regulator
The Information Commissioner’s Office is the regulator of data protection and other information rights legislation in the UK. A copy of our ‘Data Protection Registration Certificate is available on their website.
More information about the UK GDPR and other regulation in relation to Data protection is available on the Information Commissioner’s Office (ICO) website, https://ico.org.uk
If you still have any questions or concerns, please contact us by sending us an email with your questions or concerns. Our email address is GDPR at massagetherapymh.co.uk.
Exercising your rights
You right to access of personal data hold us can be exercised by submitting a Data Subject Access Request on our webpage : DSAR | Massage Therapy MH
For any other requests in relation to your rights, you can contact us by telephone, email or post. We will consider and act upon any request in accordance with your rights under the UK GDPR. A further detailed description of each of your rights can be found in the ‘Privacy Notice in Full’
8. Updates to our privacy notice
We will update our privacy notice when required due to changes, but not limited to, the nature of our services and/or, the way we process your information and the data processors we use and/or any changes in applicable regulations in the UK. Changes will be incorporated in our Privacy notice and included in the overview of amendments of the original Privacy Notice at the end of this document.
9. Contact details in relation to our privacy notice and your rights
MH Massage Therapy Ltd / trading as Massage Therapy MH
Registered Address : 71-75 Shelton Street Covent Garden, WC2H 9JQ London
Telephone number 07783998298
Email : GDPR at massagetherapymh.co.uk
Additionally you can use the contact form available on our webpage, Contact-Form, where you have the option to select your preference when you would like to be called back.
10. How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice. If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow
Cheshire, SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
Updates
Any updates and/or amendments will be listed here and incorporated in our privacy notice.
QUICK LINKS
© Copyright | MH Massage Therapy Ltd, trading as Massage Therapy MH | All Rights Reserved