top of page

Privacy Policy

1. Who We Are and Contact Details

South Hill Reflexology is a complementary therapist business based in the UK. For the purposes of data protection law, we are the Data Controller responsible for your personal data.

Telephone – 07815 186 646

Email – southhillreflexology@gmail.com

​

2. Personal Data We Collect

We may collect and process the following personal data:

 

Identity & Contact Data

  • Name

  • Contact details

  • Date of birth

  • Emergency contact’s details

 

Appointment & Service Data

  • Appointment dates and times

  • Services provided

  • Client preferences

 

Special Category Data (Health Information)

  • GP surgery details

  • Occupation

  • Relevant medical conditions

  • Injuries, allergies, or contraindications

  • Medical history

 

Health data is collected only where necessary to provide safe and appropriate complementary therapy.

 

Payment Data

  • Payment status and method
    (Financial details are handled securely by third-party payment providers; we do not store card details.)

​

3. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases to collect and use your personal and/or special category data.

 

  • Contract – to provide you with the complementary therapy you request

  • Consent – for collecting and processing  personal data, including health information

  • Legal Obligation – for tax, insurance, and record-keeping requirements

  • Legitimate Basis - to manage your bookings, including appointment confirmation and reminders, and to inform you of information related to South Hill Reflexology that we reasonably believe you would be interested in.

​

4. How We Use Your Data

Your personal data is used to:

  • Book and manage appointments

  • Provide safe and effective complementary therapy treatments

  • Communicate regarding queries

  • Maintain client records

  • Meet legal, insurance, and professional requirements

​

5. How We Protect Your Data and Our Retention Schedule

We take appropriate security measures to protect your data, including:

  • Secure digital storage (password-protected and multiple factor authentication devices and accounts)

  • Secure storage of paper records (if applicable)

  • Limited access to personal information

 

Data is retained only for as long as necessary, typically:

  • Client records: up to 7 years (for insurance/legal reasons)

 

6. Sharing Your Data

We will not share your personal data with any third parties, except where:

 

  • you have provided us with your consent

  • we have a legal requirement (including court orders) to share the data

  • you are at risk and the information is provided to for your safety, provided the requirements of The Health Service (Control of Patient Information) Regulations 2002 are satisfied

  • it is required or unavoidable in order for individual(s) or organisation(s) to maintain and update our practice management system and website.
     

All third parties are required to comply with data protection laws.

​

7. Your Data Protection Rights

 

Under UK GDPR, you have the right to:

To exercise your rights, contact us using the details above. If you make a request, we must respond to you without undue delay and in any event within one month.

​

8. Complaints

If you have concerns about how your data is handled, please contact us first.
If you remain unhappy with how we have used your data after raising a complaint with us, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: https://ico.org.uk
Phone: 0303 123 1113

​

9. Website & Cookies 

If you use our website, it may use essential cookies or basic analytics. You can control cookies through your browser settings.

​

10. Changes to This Privacy Policy

This policy may be updated from time to time. The latest version will always be available upon request or on our website.

​

​

​

​

bottom of page