Agi Reflexology

Privacy Policy

Effective Date: 1 May 2025
Last Updated: 22 May 2025

1. Introduction

Agi Reflexology ("I", "my") acts as the data controller for the personal information I collect from you. I am committed to protecting the privacy and security of your personal and health information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy outlines how I collect, use, store, and protect your information when you use my services or interact with my website.

2. Information I Collect

To provide you with the highest standard of care and tailored reflexology treatments, I may collect the following types of information. I am committed to collecting only the information that is necessary for the purposes outlined in this policy:

  • Personal Identification Information: Your full name, contact information (email address, phone number), and sex.

  • Special Category Health and Medical Information: Detailed information about your past and current health issues, symptoms you are experiencing, family medical history, lifestyle factors (e.g., stress levels, sleep patterns, diet), and any medications or supplements you are taking. This information is crucial for assessing your needs and ensuring treatments are safe and effective.

3. How I Collect Your Information & Lawful Basis for Processing

Your personal and health information is primarily collected directly from you through:

  • Consultation Forms: Currently, this is often via a Google Form completed before or during your initial consultation. This data is subject to Google's privacy policy. I use this method currently for its established security measures while I explore an integrated website form. Explicit consent for the collection and processing of your health data will be obtained at the time of collection, typically via this form.

  • During Consultations: Verbally during your reflexology sessions as part of ongoing assessment and treatment.

My lawful basis for processing your personal identification information is the necessity for the performance of our contract (to provide you with reflexology services) and for my legitimate interests in managing appointments and client communication.

My lawful basis for processing your special category health and medical information is your explicit consent, which you provide when completing the consultation form or during our consultations, and for the purpose of providing healthcare (reflexology treatments).

I am exploring options to integrate a secure, in-house form on my website for future data collection to further enhance data privacy.

4. How I Use Your Information

The information I collect is used exclusively for the following purposes, and only as permitted by law:

  • To provide you with safe, effective, and personalized reflexology treatments.

  • To maintain accurate internal client records as part of my professional practice and legal obligations.

  • To communicate with you regarding your appointments, treatment plans, or any follow-up care.

  • To ensure I have a comprehensive understanding of your health to avoid any contraindications and to tailor sessions to your specific needs. Your health data is treated with the highest confidentiality and used solely for these healthcare purposes.

I do not sell, lease, or rent your personal or health information to any third parties.

5. How I Store and Protect Your Information

I take the security of your information very seriously.

  • Your detailed health and medical information is primarily stored offline in a secure manner to enhance security and reduce the risk of unauthorized digital access.

  • Any digital information (e.g., initial contact details, appointment scheduling) is handled with care, using secure methods where possible (such as information provided via Google Forms, which has its own security measures, or on password-protected and encrypted devices if applicable).

  • I implement appropriate technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction.

Data Retention

I will retain your personal and health information only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or professional reporting requirements. Typically, client records are retained for a period of 7 years following the last treatment, in line with professional body guidelines and insurance requirements. After this period, your personal data will be securely disposed of. If you have any questions about specific retention periods for different aspects of your personal data, please contact me.

6. Data Sharing and Disclosure

I do not share your personal or health information with any third parties for marketing or any other purposes without your explicit consent. Your information is treated with the strictest confidence.

Exceptions to this are:

  • In rare circumstances where I am legally required to disclose your information, for example, in response to a court order, or to comply with other legal obligations. If such a situation arises, I will only disclose the minimum information necessary and, where legally permissible, will aim to notify you.

  • In a medical emergency, if you are unable to provide consent, I may share necessary health information with medical professionals to protect your vital interests.

7. Your Data Rights under UK GDPR

Under the UK GDPR, you have several rights regarding your personal and health information. These are:

  • The right to be informed: You have the right to be informed about how I collect and use your personal data. This Privacy Policy serves this purpose.

  • The right of access: You have the right to request access to the personal data I hold about you. You can make a subject access request by contacting me at the details below. I will respond to your request within one month.

  • The right to rectification: If you believe any personal data I hold about you is inaccurate or incomplete, you have the right to request that I correct or complete it.

  • The right to erasure (the 'right to be forgotten'): You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing. This right is not absolute and only applies in certain circumstances (e.g., if I no longer need the data for the purpose it was collected, or if you withdraw consent and there is no other legal ground for processing). It may be overridden by legal or professional obligations to retain data for specific periods.

  • The right to restrict processing: You have the right to request that I restrict the processing of your personal data in certain circumstances, for example, if you contest the accuracy of the data, or if you have objected to processing.

  • The right to data portability: You have the right to request a copy of certain personal data you have provided to me in a structured, commonly used, and machine-readable format, and to request that I transmit this data directly to another data controller, where technically feasible. This right mainly applies to data processed by automated means based on your consent or for the performance of a contract.

  • The right to object: You have the right to object to the processing of your personal data where it is being processed based on my legitimate interests. In such cases, I must stop processing unless I can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

  • Rights in relation to automated decision making and profiling: I do not currently carry out any automated decision-making or profiling using your personal data that has a legal or similarly significant effect on you.

  • The right to withdraw consent: Where I rely on your explicit consent to process your special category health data, you have the right to withdraw this consent at any time. Withdrawing consent will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw consent, I may not be able to continue providing certain services to you.

To exercise any of these rights, or if you have questions about your data, please contact me at: info@agireflexology.com. I may need to request specific information from you to help me confirm your identity before responding to such requests.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk), if you are not satisfied with my response or believe I am not processing your personal data in accordance with the law.

8. Website Data, Cookies, and Analytics

Current Website Practices (No Cookies/Analytics):
My website (agireflexology.com) does not currently use cookies or any third-party analytics tools to track your browsing activity. I do not collect personal data through your direct use of the website, other than information you voluntarily provide if you contact me via the email address listed.

9. Third-Party Links (e.g., Fresha)

My website may contain links to third-party websites, such as Fresha for online bookings. This Privacy Policy applies only to my data practices and my website (agireflexology.com). If you click on a link to a third-party website, you should review their privacy policy to understand how they collect and use your information. I am not responsible for the privacy practices of other sites.

10. Changes to This Privacy Policy

I may update this Privacy Policy from time to time to reflect changes in my practices or for other operational, legal, or regulatory reasons. The "Last Updated" date at the top of this policy will indicate the latest revision. I encourage you to review this policy periodically.

11. Contact Me

If you have any questions or concerns regarding this Privacy Policy or how I handle your data, or if you wish to exercise any of your data rights, please contact me at:

Agi Reflexology
Data Controller: Agnieszka Maksimowicz
Email: info@agireflexology.com