Skip to main content

Lotus Thai Massage GDPR Compliance Statement

At Lotus Thail Massage, we are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR). This statement outlines how we collect, use, and protect your personal data.

1. Data Controller and Contact Information

Lotus Thail Massage
7 The Walk, Billericay, CM112YS
01277 631766

If you have any questions or wish to exercise your rights under GDPR, please contact us at [email protected]

2. Data We Collect

We may collect and process the following personal data in the course of providing our services:

  • Personal identification information: Name, address, phone number, and email address.
  • Health-related information: Relevant medical history or health conditions that you voluntarily provide to ensure safe treatment.
  • Appointment details: Dates and times of appointments and any preferences related to services.
  • Payment information: Billing details and payment method.

3. How We Use Your Data

We collect and process your personal data for the following purposes:

  • To schedule, manage, and confirm your appointments.
  • To provide massage services safely and effectively, taking into account any health conditions.
  • To communicate with you about your bookings, reminders, or promotions (with your consent).
  • To maintain accurate billing records and process payments.
  • To comply with legal or regulatory obligations.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you provide explicit consent for us to process health-related information.
  • Contractual necessity: To fulfil the services you request.
  • Legal obligations: To comply with local laws and regulations, such as tax reporting.
  • Legitimate interests: For purposes such as business administration, customer support, and service improvement.

5. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by legal obligations. After this period, we will securely delete or anonymize your data.

6. Data Sharing and Transfers

We do not sell or share your personal data with third parties, except when required by law or for the following purposes:

  • To trusted service providers that help us manage our booking system or payment processing.
  • To comply with legal or regulatory requirements.

If personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your data.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you.
  • Rectification: You can request corrections to your personal data if it is inaccurate or incomplete.
  • Erasure: You can request the deletion of your personal data under certain conditions, such as when it is no longer needed for the purposes it was collected.
  • Restriction: You can request that we restrict the processing of your data, for example, if you contest the accuracy of the data.
  • Data portability: You have the right to request your personal data in a structured, commonly used, machine-readable format.
  • Objection: You can object to the processing of your data, including for marketing purposes.
  • Withdraw consent: If we process your data based on consent, you can withdraw your consent at any time.

To exercise any of these rights, please contact us at [email protected]

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, or misuse. These include secure systems for storing health records and payment information.

9. Marketing Communications

With your consent, we may use your contact information to send you promotions, offers, or newsletters. You can opt out of receiving these communications at any time by contacting us or clicking the “unsubscribe” link in our emails.

10. Updates to this Statement

We may update this GDPR statement periodically to reflect changes in our data practices or legal obligations. Any updates will be posted on our website, and the effective date will be updated accordingly.

Effective Date: 1st September 2024

Close Menu

7 The Walk,
Billericay,
Essex, CM12 9YB

T: 01277 631766