Privacy Policy

---

EMMA HEATH MASSAGE & MOVEMENT 

PRIVACY POLICY – PUBLISHED APRIL 2022

OVERVIEW 

This website is operated by Emma Heath - Massage & Movement and whose registered address is 61 Moormead, Budleigh Salterton, Devon EX9 6PR. (“We”) are committed to protecting and preserving the privacy of our visitors when visiting our site or communicating electronically with us.

As part of our compliance with the General Data Protection Regulation (GDPR) we have set out our privacy policy in this document to specify our commitment to our clients and users of our online services about how we collect, process and protect personal data that is supplied to us with their permission and appropriate to our business practices.

The GDPR seeks to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. It should be noted that GDPR does not apply to information already in the public domain.

Any personal data that is collected when you enrol to participate in one of our classes, register via our website or use our online services is only used by us for essential communication appropriate to us performing our contractual obligation to you as a Pilates studio.  As part of our business activities, we do employ appropriate direct marketing activities from time to time such as sending out relevant news and updates about our services which is designed to enhance your experience and the services we offer. We do not share your data with third parties at any time.

TYPES OF INFORMATION COLLECTED FROM YOU

We may collect, store and use the following kinds of personal information about individuals who visit and use our website:

1. Information you supply to us. You may supply us with appropriate information about you by filling in forms on our website. This includes information you provide when you submit a contact/enquiry form. The information you give us may include your name, address, e-mail address and phone number.

2. Information our website automatically collects about you. With regard to each of your visits to our website we may automatically collect information including the following:

· technical information, including a truncated and anonymised version of your Internet protocol (IP) address, browser type and version, operating system and platform;

· information about your visit, including what pages you visit, how long you are on the site, how you got to the site (including date and time); page response times, length of visit, what you click on, documents downloaded and download errors

HOW WE COLLECT YOUR DATA
At the point of registration for a service or appointment, Emma Heath Massage & Movement collects your name, email address and other relevant personal data such as phone number, postal address, emergency contact, referral type, date of birth and only relevant medical and musculoskeletal history in order to carry out basic communication, fulfil bookings, give you the best service and to safeguard your health and wellbeing to ensure classes are appropriate to you.

Your personal data is used for essential communication about your bookings, purchases, reminders and class changes and in the case of class cancellations and emergencies.

Any payment made through our website is handled by a separate, secure and certificated service provider. We DO NOT store specific customer payment information digitally or in paper form and all payment information is encrypted.

The enrolment form we ask clients to complete when they first register is available in a paper and online format and is required by our insurance company and provides essential information required to work within our professional and studio guidelines. 

We are required by law to keep client records for seven years after their last visit. These records are kept in a locked file or secure online when not in use by the client’s teacher and are only seen by personnel who have direct dealings with the client’s programme or bookings.

HOW WE USE YOUR DATA
We use email and SMS (text) as the primary form of communication with you if you are an existing customer. We also periodically send general emails using Mailchimp about products and services we offer to both existing and previous customers, or those who have directly enquired about our services. You have the right to opt out of these at any time.

We may use your information for the following purposes:

· in the normal course of our business, to allow us to register you so we can provide our services safely and appropriately according to your specific class and service needs;

· to allow us to manage your ongoing class bookings on the basis that processing is necessary in order to perform our contract with you;

· to inform you or any material changes affecting our ability to deliver the contracted service;

· to validate your information and periodically check that the data we hold about our customers is accurate, consistent and up to date in order to continue to provide our services;

· to comply with any legal obligations to which we are subject

HOW WE SHARE YOUR DATA
The information and data we collect is important for us and we would not want to share this with anyone else unrelated to our business practices. Unless we have your express consent, we will never disclose, rent, trade or sell your personal data to any third parties for their marketing or mailing purposes.

HOW WE PROTECT YOUR DATA
We protect your digital and paper data using our professional secure systems supplied by Godaddy, iZettle and Mailchimp and through due diligence with paper filing systems held under lock and key.

We do not share your information with any third party. If you are under the care of another practitioner, be that a doctor or other healthcare professional or complementary therapist we will ask that you pass on any relevant information, rather than us speaking to them directly, unless both parties have your express permission.

We will treat all of your information in strict confidence and we will endeavour to take all reasonable steps to keep your personal information secure once it has been transferred to our systems. We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, and data stored on our IT systems, the website and associated databases.

YOUR RIGHT TO OPT-OUT OF DIRECT MARKETING AND PROMOTIONS
We provide an opt-out for marketing emails and invite prospective customers to opt-in for our newsletters and information in a secure form on our website and during the registration process. At any time you are able to opt out of these communications if you don’t wish to be kept updated.

CHANGES TO THIS POLICY

We may change this policy from time to time, depending on changes in the law and our internal privacy processes. We encourage you to check it from time to time when you visit our website.