THE INFORMATION WE COLLECT?
When you book an appointment we collect personal details such as your name, address, email and telephone. This information is used to identify you and contact you about appointments and the services you have purchased.
To provide a safe and effective massage treatment we also need to collect information such as your medical background and lifestyle choices.
Whilst you browse the website we also receive information about your computer such as your IP address, operating system and browser details. This information helps use provide a better browsing experience for you.
How do you get my consent?
When you provide us with personal information to book an appointment, complete your client intake form, make payment online or contact us about our services, we imply that you have given your consent to our collecting it and using it for that specific reason only.
If we ask you for personal information for a secondary reason, like marketing, we will either ask you directly for your consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
For the purpose of legal protection we are required to hold the personal information you have given us to provide massage services and our notes about the treatments we have provided for a minimum of 7 years.
If you no longer want us to contact you or provide you with massage services you can request we archive your personal information. When your information is archived, will no longer process it accept for legal protection or if we're required to do so by law.
Outside of these requirements you can withdraw your consent for us to continue contacting you and collecting or processing your data by emailing us at firstname.lastname@example.org
We may disclose your personal information if we are required to do so by law or if you violate our Terms and Conditions.
DATA HANDLING AND STORAGE
Our appointment booking and document service is provided by IntakeQ. They specialise in the secure collection, processing and storage of personal data for medical professionals and therapists.
Your data is stored through IntakeQ using data storage, databases and the IntakeQ web framework.
Your data is stored on secure servers behind a firewall and is always encrypted when in storage and whilst being transmitted across the internet.
If you choose to pay for your massage with a debit or credit card your information will be passed to our payment processors - either Stripe for online card payments or iZettle for in-house card payments.
The Massage Specialist never stores your credit card details, it is always processed by either third-parties. It is encrypted through the Payment Card Industry Security Standard (PCI-DSS).
Stripe offer a service where by you can pay for your appointment quickly using credit or debit card details previously stored with them. The Massage Specialist can at no point see your card details or informtation.
Both Stripe and iZettle adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in the UK and your transaction is processed by a payment gateway located in the United States, then your personal information used to complete that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our website, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
If this business is acquired or merged with another business, your information may be transferred to the new owners so that we may continue to provide you with the massage services you have requested.
QUESTIONS AND CONTACT INFORMATION
If you would like to request your information is changed or deleted, or have any questions about how your information is collected, stored and used, please email email@example.com.
LEGAL BASIS FOR STORING DATA
This information is collected by Trevor Chisman in accordance with the guidelines set out in the General Data Protection Regulation (GDPR), Articles 6.1(b), 9.2(h) and 9.3.
Trevor Chisman is registered with the Information Commissioners Office. Registration Reference: ZA297458
Trevor Chisman trading names: The Massage Specialist, The Glasgow Treatment Rooms, MassageLogica.