We want you to be absolutely confident that we are holding your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so. This privacy notice outlines the details.
How Hibiscus Massage collects your personal data
Hibiscus Massage stores and processes contact details, appointment details and payment details within our secure booking system (Acuity Scheduling). There may also be ad-hoc notes relating to your appointments with us.
Hibiscus Massage stores the paper consultation form you complete when you come for your first massage. This information includes your contact details, email address, health notes and treatment plan. It is provided only to the massage practitioner.
Why do we collect your data?
When you supply your personal details to Hibiscus Massage, they are stored and processed for three reasons:
- Your massage practitioner needs to collect personal information about your health in order to provide you with the best possible massage session. You can, of course, refuse to provide the information, but then it will not be possible for you to have a massage.
- Hibiscus Massage has a “Legitimate Interest” in collecting this information. Without it, the massage practitioner will be unable to do her job effectively and safely.
- We also think that it’s important that we can contact you in order to confirm your appointments or to update you on matters related to your medical care, plus any massage sessions, loyalty bonuses or referrals. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.
Your massage practitioner has a legal obligation to retain your records for eight years after your last appointment. After this period, you can ask us to delete your records if you wish. Otherwise, we will retain your records indefinitely in order that we can provide you with the best possible care should you need to see us at some future date.
How your records are stored
Hibiscus Massage will store your paper consultation form in a secure filing box.
Hibiscus Massage will store all other data electronically (“in the cloud”) using the Acuity Scheduling booking system and the PayPal online payment system. Access to both these systems is password protected.
How Hibiscus Massage protects your data
Hibiscus Massage will never share your data with anyone who does not need access without your written consent.
Only the massage practitioner, who is also the owner of Hibiscus Massage, will have routine access to your data. This ensures she can provide you with a safe and effective massage session and keep you up to date with loyalty and referral bonuses.
Your personal information will be treated as confidential and will never be shared with any third parties without your written consent.
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.