T: 07809 123376

Privacy & Data Protection Policy

LAST UPDATE: September 2022 

  • Introduction
    • Covid-19

    • Data controller

    • Lawful basis for processing

    • Individual rights

    • Security

    • Disclosures

    • Changes to this privacy policy

  • Cookies

  • Data collected when you contact us

    • Newsletter/Update Subscription

  • Data collected by third parties on our behalf

    • Design &  Host


We protect your personal data in line with the requirements of the General Data Protection Regulation (GDPR). The GDPR requires data controllers such as ourselves to document our lawful basis for processing personal data. It also gives you rights over how your data is processed. This privacy policy documents the data we collect, why and how we process it, and how to exercise your rights.

Sussex Massage Therapy fully complies with the most up to date Data Protection policy and has a transparent approach to data processing which empowers individuals to know about the collection and use of their personal data.  We collect data to ensure we have the right information for assessing your suitability to treatment, for completing the appropriate treatment, for contacting you regarding appointment follow-ups and for a referral to a GP or other healthcare practitioner if deemed necessary.  Your data may be viewed by clinic staff to ensure that continuity of care is given and for standard clinic running purposes. 


Your data may be shared with NHS Trace and Test if required to minimise the spread of Covid-19.   All information held will be treated as strictly confidential. Data that is collected for Covid-19 tracing purposes will be kept for 7 years.

Data controller

The data controller responsible for this website is Holly Biggs, who can be contacted at [email protected].

This website may contain links to third-party websites, who have their own data controllers and privacy policies. This privacy policy applies only to this website.

Lawful basis for processing

For each method by which we collect personal data, this privacy policy documents our lawful basis for processing the data. Where we rely on your consent to process your data, we explain how you can withdraw your consent and delete your data.

Individual rights

The GDPR gives you rights over how your personal data is processed. You can exercise your rights by contacting us. In some cases you can also exercise your rights through automated systems, as described at the relevant points in this privacy policy.


The GDPR requires us to implement appropriate technical measures to protect data. We verify the identity of any individual who requests access to data before granting access. We use Transport Layer Security (TLS, also known as SSL) to encrypt any data you supply to us through our website. Additional technical measures are described at the relevant points in this privacy policy.


In addition to any sharing of data described elsewhere in this privacy policy, we may disclose data for legal reasons. If we suspect criminal activity, we may disclose data relating to those involved or affected to the appropriate authorities. We may also be obliged to disclose data if we receive a request from an appropriate authority.

Changes to this privacy policy

We may occasionally make changes to this privacy policy. Following any changes, the date at the top of this privacy policy will be updated. If any change allows for wider access to data, such changes will only apply to data collected after the date of the updated privacy policy.


Cookies are small pieces of text that are stored by your browser. Each cookie has a name and is associated with a particular site. When your browser sends a request to a site (for example, to download a page, image, or video), the computer that responds (known as a server) may tell your browser to set one or more cookies. When your browser makes further requests to the same site it sends the cookies back to the server. This allows the server to remember you as you browse the site and provide features such as shopping baskets or password-protected areas. For more information on the cookies we use, see our cookie policy.

Data collected when you contact us

Newsletter/Update subscription

When you subscribe through our form on our site, we collect your name, email address, and telephone number. We collect this information in order to keep you up to date with our latest services, special offers and any other information we recognise as may being of interest to you. You can cancel this contact at any time by contacting us with your request.

Lawful basis for processing;   Consent given by data subject 

Why?   You have given your consent by checking the box on the “keep in touch” form

Data collected by third parties on our behalf

Design & Host 

Our site is hosted by Design & Host.  Design & Host use a third party to log all requests in order to determine the causes of reported faults and to detect and block suspicious traffic. The log records the time of the request, your IP address, the requested resource, the referring site (if specified by your browser), and your browser’s user agent string (which will usually include the name and version of your browser and operating system). Log files are deleted after ninety days.

Lawful basis for processing ; Compliance with a legal obligation 

Why?  To comply with the GDPR obligation to implement appropriate technical measures to protect data