top of page

Privacy Policy

1. Who We Are and Contact Details

South Hill Reflexology is a complementary therapist business based in the UK. For the purposes of data protection law, we are the Data Controller responsible for your personal data.

Telephone – 07815 186 646

Email – southhillreflexology@gmail.com

​

2. Personal Data We Collect

We may collect and process the following personal data:

 

Identity & Contact Data

  • Name

  • Contact details

  • Date of birth

  • Emergency contact’s details

 

Appointment & Service Data

  • Appointment dates and times

  • Services provided

  • Client preferences

 

Special Category Data (Health Information)

  • GP surgery details

  • Occupation

  • Relevant medical conditions

  • Injuries, allergies, or contraindications

  • Medical history

 

Health data is collected only where necessary to provide safe and appropriate complementary therapy.

 

Payment Data

  • Payment status and method
    (Financial details are handled securely by third-party payment providers; we do not store card details.)

​

3. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases to collect and use your personal and/or special category data.

 

  • Contract – to provide you with the complementary therapy you request

  • Consent – for collecting and processing  personal data, including health information, and to inform you of special offers and information related to South Hill Reflexology that we reasonably believe you would be interested in.

  • Legal Obligation – for tax, insurance, and record-keeping requirements

​

4. How We Use Your Data

Your personal data is used to:

  • Book and manage appointments

  • Provide safe and effective complementary therapy treatments

  • Communicate regarding queries

  • Maintain client records

  • Meet legal, insurance, and professional requirements

​

5. How We Protect Your Data and Our Retention Schedule

We take appropriate security measures to protect your data, including:

  • Secure digital storage (password-protected and multiple factor authentication devices and accounts)

  • Secure storage of paper records (if applicable)

  • Limited access to personal information

 

Data is retained only for as long as necessary, typically:

  • Client records: up to 7 years (for insurance/legal reasons)

 

6. Sharing Your Data

We will not share your personal data with any third parties, except where:

 

  • you have provided us with your consent

  • we have a legal requirement (including court orders) to share the data

  • you are at risk and the information is provided to for your safety, provided the requirements of The Health Service (Control of Patient Information) Regulations 2002 are satisfied

  • it is required or unavoidable in order for individual(s) or organisation(s) to maintain and update our practice management system and website.
     

All third parties are required to comply with data protection laws.

​

7. Your Data Protection Rights

 

Under UK GDPR, you have the right to:

To exercise your rights, contact us using the details above. If you make a request, we must respond to you without undue delay and in any event within one month.

​

8. Complaints

If you have concerns about how your data is handled, please contact us first.
If you remain unhappy with how we have used your data after raising a complaint with us, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: https://ico.org.uk
Phone: 0303 123 1113

​

9. Website & Cookies 

If you use our website, it may use essential cookies or basic analytics. You can control cookies through your browser settings.

​

10. Changes to This Privacy Policy

This policy may be updated from time to time. The latest version will always be available upon request or on our website.

​

​

​

​

bottom of page