Privacy Policy

Last Updated: December 15, 2024

The Recovery Den ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our massage and wellness services or visit our website.

By using our services or website, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Personal Information

When you book an appointment or use our services, we collect:

  • Contact Information: Name, email address, phone number, postal address
  • Identification: Date of birth, age
  • Health Information: Medical history, current health conditions, injuries, medications, allergies, and any information relevant to providing safe and effective treatment
  • Appointment Details: Service type, appointment dates and times, treatment notes, therapist preferences
  • Payment Information: Billing address, payment method (we do not store full credit card details)

1.2 Information Collected Automatically

When you visit our website, we may automatically collect:

  • IP address and location data
  • Browser type and version
  • Device information
  • Pages visited and time spent on site
  • Referring website addresses

1.3 Health and Medical Information

Important: We collect sensitive health information to provide safe and appropriate treatments. This includes medical conditions, injuries, surgeries, medications, and any contraindications for massage or wellness treatments. This information is classified as "special category data" under UK GDPR.

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 Service Delivery

  • To provide massage and wellness services safely and effectively
  • To assess your suitability for specific treatments
  • To maintain accurate treatment records
  • To customize treatments to your needs

2.2 Appointment Management

  • To schedule, confirm, and manage your appointments
  • To send appointment reminders and confirmations
  • To process cancellations and rescheduling

2.3 Communication

  • To respond to your inquiries and requests
  • To provide customer support
  • To send important service updates
  • To send promotional materials (only with your consent)

2.4 Legal and Safety Obligations

  • To comply with legal and regulatory requirements
  • To maintain professional insurance requirements
  • To protect the safety and wellbeing of clients and staff
  • To prevent and detect fraud or illegal activities

3. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

Type of Data Legal Basis
Contact and appointment information Contract performance - necessary to provide services you've requested
Health and medical information Explicit consent & vital interests - necessary for healthcare purposes and your safety
Marketing communications Consent - you can opt out at any time
Record keeping and insurance Legal obligation - required by professional bodies and insurers

4. How Long We Keep Your Data

We retain your personal information for the following periods:

  • Treatment Records: Minimum of 8 years from the date of last treatment (as required by professional indemnity insurance and the Health and Care Professions Council guidelines)
  • Appointment History: 7 years for accounting and tax purposes
  • Marketing Consents: Until you withdraw consent or we determine the data is no longer needed
  • Website Analytics: 26 months maximum

Note: If you are under 18, records are kept until your 25th birthday or for 8 years after treatment, whichever is longer, in line with NHS guidelines.

5. Who We Share Your Information With

We do not sell, rent, or trade your personal information. We only share your data in the following circumstances:

5.1 Professional Requirements

  • Healthcare Professionals: With your explicit consent, we may share information with your GP or other healthcare providers
  • Insurance Providers: Our professional indemnity insurers may require access to anonymized case records
  • Professional Bodies: If required by regulatory authorities or professional membership organizations

5.2 Service Providers

  • Payment Processors: To process payments securely (e.g., Stripe, PayPal)
  • Appointment System: Secure booking and scheduling platforms
  • Email Service: To send appointment confirmations and communications
  • Website Hosting: Our website hosting provider

5.3 Legal Requirements

  • When required by law or legal process
  • To protect the rights, property, or safety of The Recovery Den, our clients, or others
  • In response to valid requests by public authorities

Third-Party Security: All third-party service providers are carefully selected and must agree to keep your information secure and confidential. They are only permitted to process your data on our instructions.

6. Your Privacy Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

6.1 Right of Access

You can request a copy of the personal information we hold about you.

6.2 Right to Rectification

You can ask us to correct inaccurate or incomplete information.

6.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to legal requirements for record retention.

6.4 Right to Restrict Processing

You can ask us to limit how we use your data in certain circumstances.

6.5 Right to Data Portability

You can request your data in a structured, commonly used format to transfer to another service.

6.6 Right to Object

You can object to processing based on legitimate interests or direct marketing.

6.7 Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time.

How to Exercise Your Rights: To exercise any of these rights, please contact us using the details at the end of this policy. We will respond within one month.

7. How We Protect Your Information

We implement appropriate technical and organizational measures to protect your personal data:

  • Secure Storage: Physical records stored in locked, secure locations
  • Digital Security: Encrypted digital records with password protection
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Secure Transmission: SSL/TLS encryption for data transmitted via our website
  • Regular Backups: Secure, encrypted backups of digital records
  • Staff Training: Regular data protection training for all staff members
  • Secure Disposal: Secure destruction of records when no longer needed

Data Breach: In the unlikely event of a data breach affecting your personal information, we will notify you and the Information Commissioner's Office (ICO) within 72 hours as required by law.

8. Cookies and Website Analytics

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us understand how you use our site and improve your experience.

8.2 Types of Cookies We Use

  • Essential Cookies: Required for the website to function properly (e.g., session management)
  • Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics)
  • Functional Cookies: Remember your preferences and settings

8.3 Managing Cookies

You can control and delete cookies through your browser settings. However, disabling certain cookies may affect website functionality.

9. Third-Party Links

Our website may contain links to third-party websites, social media platforms, or services. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.

10. Children and Young People

We take extra care when handling personal information of children and young people under 18:

  • We require parental or guardian consent for treatments
  • Parent/guardian must be present during treatment for children under 16
  • Extended record retention periods apply (see Section 4)
  • We obtain consent from those with parental responsibility

11. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom. Some of our third-party service providers may process data outside the UK/EEA. Where this occurs:

  • We ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses)
  • We only use providers in countries with adequate data protection standards
  • We maintain the same level of protection as required by UK GDPR

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any significant changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Posting the updated policy on our website
  • Sending an email notification for material changes (if you have an account with us)

We encourage you to review this Privacy Policy periodically.

13. How to Complain

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Telephone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Questions About This Privacy Policy?

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

The Recovery Den
Email: [email protected]
Phone: 01234 567890
Address: Your Street Address, Prestatyn, Wales, LL19 XXX

Contact Us