top of page

Privacy Policy for Tonbridge Reflexology

At Tonbridge Reflexology, we are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR). This policy explains how we collect, use, store, and safeguard your personal data.

1. Lawful Basis for Processing Your Data

We collect and process personal data under the following legal bases:

  • Consent – You provide explicit consent for us to collect and use your information.

  • Contractual Necessity – Your data is used to provide reflexology treatments and manage appointments.

  • Legal Obligations – We retain records to comply with professional and tax regulations, including ‘Claims occurring’ insurance, which requires records to be kept for seven years after the last treatment to cover potential future claims arising from past sessions.

  • As I hold special category data (i.e. health related information), the additional condition under which I hold and use this information is: for me to fulfil my role as a health care practitioner bound under the AoR Confidentiality as defined in the AoR Code of Practice and Ethics.

2. What Information We Collect

We may collect the following data:

  • Name, contact details, and appointment history

  • Health information relevant to reflexology treatments (with your informed consent)

  • Payment details for processing transactions

3. How We Use Your Information

Your data is used to:

  • Schedule and manage appointments

  • Provide best possible tailored reflexology treatment options, support and advice

  • Maintain accurate records for legal and professional purposes

  • Send service updates or promotions (only if you opt in)

4. Data Storage & Security Measures

  • Personal data is stored securely in encrypted digital records or locked physical files.

Only authorised personnel have access to your records.

  • We implement strong security measures to prevent unauthorised access, data breaches, or misuse.

5. Third-Party Sharing & Transfers

  • Your data is not sold or shared with third parties, except:

  • Booking platforms

  • Payment processors to complete transactions

  • Regulatory authorities if legally required

  • If your data is transferred outside the UK, we ensure that GDPR-compliant protections are in place.

6. Your Rights Under GDPR

  • You have the right to:

  • Access the personal data we hold about you

  • Correct any inaccurate information

  • Request deletion of your data (unless required for legal purposes)

  • Withdraw consent for marketing communications at any time

  • Restrict processing if you believe your data is being misused

7. Data Retention & Deletion

  • We store personal data only as long as necessary for treatment records and legal obligations. Data no longer required is securely deleted.

8. Therapist’s Rights

  • If you don’t agree to your therapist keeping records of information about you and your treatments, or if you don’t allow them to use the information in the way they need to for treatments, the therapist may not be able to treat you

  • Your therapist has to keep your records of treatment for a certain period as described above, which may mean that even if you ask them to erase any details about you, they might have to keep these details until after that period has passed

  • Your therapist can move their records between their computers and IT systems, as long as your details are protected from being seen by others without your permission.

9. Contact & Complaints

If you have questions about this policy or wish to exercise your rights, contact: Emma Betts at tonbridgereflexology@gmail.com

If you believe your data has been handled improperly, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

bottom of page