Privacy Policy

1. About This Privacy Policy

Adrian David Massage & Mobility is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect your personal and health information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.This policy applies to all clients receiving personal training, massage, recovery and related services.

2. Data Controller

The data controller responsible for your personal information is:Adrian David Massage & Mobility
Galashiels, Scottish Borders, United Kingdom
Email: [email protected]Phone: 07832 175204Adrian David is a member of the Sports Therapy Association (STA) and holds professional indemnity and public liability insurance with Balens Specialist Insurance.

3. What Personal Data We Collect

We may collect and store the following information:Personal detailsNameDate of birthAddressEmail addressTelephone numberEmergency contact detailsHealth and medical information (special category data)Medical historyInjuries and pain historyMedicationTreatment notes and assessmentsConsent forms and health questionnairesBooking and payment informationAppointment historyInvoices and payment recordsCard payment information (processed securely via Stripe – we do not store card numbers)

4. How We Use Your Information

Your data is collected and used for the following purposes:To provide safe and effective massage, recovery and personal training servicesTo assess your suitability for treatment or exerciseTo maintain accurate clinical and treatment recordsTo manage appointments, bookings and cancellationsTo process payments and depositsTo communicate with you regarding your appointments and servicesTo comply with legal, regulatory and insurance requirements

5. Lawful Basis For Processing

Under UK GDPR, we process your data under the following lawful bases:ContractTo provide services you have booked with us.Legal obligationTo comply with insurance, accounting and regulatory requirements.Legitimate interestsTo manage our practice, maintain records and ensure continuity of care.Explicit consent (special category health data)Health information is processed only with your explicit consent, which you provide through completion of intake and consent forms.You may withdraw your consent at any time in writing, however this may affect our ability to provide treatment.

6. How Your Data Is Stored and Protected

Your information is stored securely using:Cliniko Practice Management Software (secure, encrypted healthcare system)Locked and password-protected devices and systemsWe take appropriate technical and organisational measures to protect your data against loss, misuse, unauthorised access or disclosure.Card payment information is processed securely by Stripe. We do not store or have access to your full card details.

7. How Long We Keep Your Information For

In line with professional standards and insurance requirements (including Balens and the Sports Therapy Association):Clinical and treatment records are retained for at least 7 years after your last appointmentRecords relating to minors are retained until the client reaches 25 years of ageFinancial records are retained for 6 years in accordance with HMRC requirementsAfter this period, records are securely deleted or destroyed.

8. Sharing Your Information

Your personal data will not be shared with third parties without your consent, except where required by law or professional obligation.Information may be shared with:Your GP or healthcare professional (with your consent)Insurance providers (including Balens) in the event of a claimLegal or regulatory authorities where legally requiredWe never sell or share your data for marketing purposes

9. Your Rights Under GDPR Law

You have the right to:Access the personal data we hold about youRequest correction of inaccurate or incomplete dataRequest deletion of your data (where legally permitted)Restrict or object to processingRequest data portabilityWithdraw consent at any timeTo exercise any of these rights, please contact:

10. Complaints

If you are unhappy with how your data is handled, please contact us first so we can resolve the issue.You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):Website: www.ico.org.ukTelephone: 0303 123 1113

11. Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes in legislation or business practices. The most current version will always be available on request

12. Contact