Voyo Massage - Privacy Notice for Clients
Who we are:
We are Voyo Massage. For the purposes of this notice, the term ‘we’ encompasses all those employed by Voyo Massage to carry out its business
Our Contact Details:
If you have any questions about this Privacy Notice, please contact:
The processing of your personal data is governed by the General Data Protection Regulations (GDPR), enacted in the UK by the Data Protection Act 2018
The types of personal data we collect
The personal data we use may include:
Your name, address and contact details, including email address and home and mobile telephone numbers. If you provide these details, we may use them to contact you unless you ask us not to. This could include emails, text or voicemail messages;
Date of birth;
Information about your previous medical history and any treatment provided by us;
Information about medical or health conditions, including whether or not you have a disability for which we need to make reasonable adjustments;
The terms and conditions of your contract with us for the provision of massage and related services; and
Emergency contact details
online web forms completed by you at the start of your treatment;
correspondence with you, either verbal, written or electronic; or
through treatment appointments, meetings or other assessments.
How we collect the personal data
We may collect this information in a variety of ways. For example, data might be collected through:
Providing your personal data
We will tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, we need you to provide your personal data so we can provide care and treatment to you.
What we use your personal data for
1. Provision of service
To support the provision of your massage or other treatments;
To decide how best to provide treatment to you;
As necessary to support the contract with you and to allow us to receive full payment for those services;
To take steps at your request during the course of your treatment;
To keep your records up to date;
2. Business purposes
As necessary for our own legitimate interests or those of other persons and organisations;
For good governance, accounting, and managing and auditing our clinical and business operations both internally and by third parties;
For surveys of patient experience and quality of care;
To monitor emails, calls, other communications;
3. To comply with a legal obligation:
When you exercise your rights under data protection law;
For compliance with legal and regulatory requirements;
For the establishment and defence of legal rights;
For activities relating to the prevention, detection and investigation of crime;
To verify your identity, make credit fraud prevention and anti-money laundering checks; and
To investigate complaints, legal claims and data protection or clinical incidents.
The legal basis for processing
In providing you massage and related services, we will process your personal data under Article 6 (1)b of the General Data Protection Regulations, on the legal basis that processing is necessary for the performance of a contract for the provision of our services, or in order to take steps at your request prior to entering into a contract.
In addition, we may process your personal data on the following legal bases;
Legal obligation: the processing is necessary for compliance with a legal obligation Article 6 (1)(c) *
Vital interests: the processing is necessary to protect someone’s life. Article 6 (1) (d)
Public interest: the processing is necessary to perform a task in the public interest. Article 6 (e)
Legitimate interests: the processing is necessary for an organisation’s legitimate interests or the legitimate interests of a third-party Article 6 (1) (f)
When processing special category (health) data, we do so in accordance with Article 9 (2)(h) GDPR for the purpose of providing health care.
In addition, we may process your special category data on the following legal bases;
Vital interests of the Data Subject - Article 9 (2) (c)
Substantial public interest - Article 9 (2) (g)
Public interest in the area of public health such as protecting against serious cross border threats to health - Article 9 (2) (i)*
* This includes Reg 3(4) of Health Service Control of Patient Information Regulations allowing massage providers to share personal data to support efforts against COVID-19.
Sharing of your personal data
Subject to applicable data protection laws we may share your personal data with:
Subject to your consent, your General Practitioner (GP) where we believe this will enhance the quality of your care;
Our legal and other professional advisors, including our auditors;
Fraud prevention agencies, credit reference agencies, and debt collection agencies;
Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators including the Information Commissioner's Office;
Professional bodies governing the provision of our massage services;
Courts, to comply with legal requirements, and for the administration of justice;
In an emergency or to otherwise protect your vital interests;
To protect the security or integrity of our business operations and other patients;
When we restructure or buy or sell our business or its assets or have a merger or re-organisation;
Payment systems and providers; and
Anyone other party where we have your consent or as required by law
Use of your personal data for marketing purposes
With your consent, and subject to your communications preferences, we may use your contact details to send you communications containing information on new facilities, services and treatments which we think may be of interest to you. We will not share your data with any external party for marketing purposes.
You are free at any time to change your mind and withdraw your consent by contacting us using the details given at the top of this Notice.
This will not affect the massage services we provide to you.
How long do we keep your data?
Information will be kept for a minimum of seven years after the last consultation.
Information may be held for longer periods where any of the following apply:
Retention in case of queries. We will retain your personal data as long as necessary to deal with any outstanding queries you may have;
Retention in case of claims. We will retain your personal data for as long as you might legally bring claims against us or until the completion of any such claim; and
Retention in accordance with legal and regulatory requirements. We will retain your personal data after you have received massage services based on legal and regulatory requirements and obligations pertaining at any given time.
Your rights under applicable data protection law
Your rights are, where applicable:
The right to be informed about processing of your personal data;
The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
The right to object to processing of your personal data;
The right to restrict processing of your personal data;
The right to have your personal data erased (the "right to be forgotten”);
The right to request access to your personal data and information about how we process it;
The right to move, copy or transfer your personal data ("data portability"); and
Rights in relation to automated decision-making including profiling
You may exercise these rights by contacting us using the details given at the top of this Notice. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us using the details given at the top of this Notice.
You can also complain to the Information Commissioner’s Office if you are unhappy with how we have used your data;
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk