Please take the time to read through this information carefully.
The Soma Room Ltd respects and protects your privacy. This notice sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website at www.thesomaroom.com and us, the website owners. Furthermore, the way we use, store and protect any personal data we collect from you, or that you provide to us, will also be detailed within this notice.
THE INFORMATION WE COLLECT
When you book an appointment with us, we collect personal details such as your name, email and telephone number. This information is used to identify you and contact you about the appointments and services you have booked.
To provide a safe and effective massage treatment we also need to collect information about your health and medical background. This information is only used to ensure your treatment is as effective as possible.
Whilst you use the website we also receive information about your computer such as your IP address, operating system and browser details. This information helps us provide a better website experience for you.
When you buy a gift voucher, we collect personal details such as your name, email, recipient’s name and possibly a postal address. This information is used to identify you and provide the service you have requested.
When you provide us with your personal information in the course of booking an appointment, completing your massage intake form, making a payment or contacting us about our services, you are giving your consent to us collecting that information and using it for that specific reason.
We will not use your personal information for any secondary reason, like marketing, unless we have asked you directly for consent to do so.
How do I withdraw my consent?
For the purpose of legal protection we are required to hold the personal information you have given to us in the course of providing you with massage services and the notes about those treatments for a minimum of seven years. Seven years after your last treatment we will permanently delete all your personal information that we hold. If you withdraw your consent during the seven year retention period, we will archive your data until the seven year period expires. Whilst your information is archived, we will not access or process it in any way accept if needed for legal protection or if we are required to do so by law.
Should you wish to withdraw your consent at any time please email firstname.lastname@example.org with your request.
How can I access, update or amend my personal information?
You have the right to review the personal information we store about you and your massage sessions at any time. These will be sent by email, in a PDF document attachment. You also have the right to request we update or amend your data if it is incorrect.
To action any of these rights at any time please email email@example.com with your request.
Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
DATA HANDLING & STORAGE
Our appointment booking is provided by Acuity Scheduling, and our intake form and treatment note service is provided by IntakeQ. These services are GDPR compliant and specialise in providing secure collection, processing and storage personal data for healthcare practitioners worldwide.
Your data is stored through Acuity Scheduling and IntakeQ using their data storage facilities, databases and web framework, on secure servers. It is always encrypted when in storage and whilst being transmitted across the internet.
If you choose to pay for a massage or gift voucher with a debit or credit card, your information will be passed to our payment processors - either PayPal, iZettle or Stripe depending on the method of booking.
We never store your credit card details - it is always processed by third-parties. It is encrypted through the Payment Card Industry Security Standard (PCI-DSS).
Both PayPal and Stripe offer a service whereby you can pay for your appointment or gift voucher quickly using credit or debit card details previously stored with them. We can't see your stored card details or information.
Paypal, Stripe and iZettle all adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
In general, the third-party providers we use will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in (or have facilities that are located in) a different jurisdiction than either you or us.
If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in the UK and your transaction is processed by a payment gateway located in the United States, then your personal information used to complete that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click links on our website, they may direct you away from our website. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally; it is statistical data which does not identify any personal details whatsoever.
When someone visits www.thesomaroom.com we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, and attempt to find out the identities of those visiting our website.
You can adjust the settings on your computer to decline any cookies if you wish. This can be done within the “settings” section of your computer. For more information please read the advice at AboutCookies.org.
As part of the registration process for our e-newsletter, we collect personal information. We use that information for a few different reasons: to tell you about important updates or news about the clinic, to inform you about any discounts or special offers, to check that our records for you are correct, and to check that you're happy with our service. We don't rent or trade email lists with other organisations and businesses.
We use a couple of third-party providers to achieve this. We use MailChimp to deliver our newsletter, and GatherUp to gather feedback about your experience with us, both of which adhere to GDPR regulations. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our communication with you. You can unsubscribe to general mailings at any time by clicking the unsubscribe link at the bottom of any of our emails, or by emailing firstname.lastname@example.org.
If this business is acquired or merged with another business, your information may be transferred to the new owners so that they may continue to provide you with the massage services you have requested.
QUESTIONS & CONTACT INFORMATION
To request your information is updated, amended or deleted, or if you have any questions about how your information is collected, stored and used, please email email@example.com.
If, for any reason, you are unhappy with how we are handling your data, please raise your concerns with us first, so that we can seek a resolution. If you are still not satisfied, then you have the right to complain to the Information Commissioner’s Office (ICO).
LEGAL BASIS FOR STORING DATA
This information is collected by The Soma Room Ltd in accordance with the guidelines set out in the General Data Protection Regulation (GDPR), Articles 6.1(b), 9.2(h) and 9.3.
The Soma Room Ltd Ltd will never lease, distribute or sell your personal information to any third parties.
The Soma Room Ltd is registered with the Information Commissioner's Office. Registration Reference: ZA466689.
OUR CONTACT DETAILS
The Soma Room Ltd
7 Springbridge Mews