Privacy Policy

Effective date: 7 February 2026

Who we are

We are Amanda Morris Holistics ("we", "us"). We provide holistic therapy and massage services in the UK. For contact details see our Contact page.

Data we collect

We collect personal data necessary to provide our services, including name, contact details, booking and payment information, medical history and consultation notes, and any information you provide when contacting us. We may also collect anonymised website analytics and technical data (IP address, browser type) for site performance.

How we use your data (purposes and lawful bases)

• To provide and manage treatments (contractual necessity).
• To process payments and refunds (contractual necessity).
• To contact you about appointments, changes or cancellations (contractual necessity/legitimate interest).
• To fulfil legal obligations such as accounting and tax records (legal obligation).
• With your consent, to send marketing or promotional communications (consent).
• To maintain records of clinical notes to ensure safe treatment (legitimate interest/consent where required).

Sharing and disclosure

We do not sell your personal data. We may share data with third parties only where necessary to provide services (payment processors, IT providers), to comply with legal obligations, or with your consent. Where third parties process data on our behalf we require them to provide appropriate safeguards.

International transfers

Personal data is normally processed within the UK. If we transfer data outside the UK/EEA we will ensure appropriate safeguards are in place in accordance with UK data protection law.

Data retention

We retain personal and accounting records for periods required by law (typically up to 6 years for tax purposes). Clinical or medical records are retained for a sensible period to ensure continuity of care; typically up to 6 years after the last treatment unless otherwise required. If you are a minor, records may be kept until the patient reaches 25 where appropriate.

Your rights

You have certain rights under UK data protection law, including the right to:

• Request access to your personal data (subject access request).
• Request correction of inaccurate data.
• Request erasure in certain circumstances.
• Request restriction of processing or object to processing (including direct marketing).
• Request data portability where applicable.
• Withdraw consent where processing is based on consent.

To exercise your rights contact us via our Contact page. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.

Cookies and tracking

Our website may use cookies for essential site functionality and anonymous analytics. You can control cookies through your browser settings. If we use non-essential cookies we will request your consent where required.

Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or destruction. No system is completely secure; where a breach occurs we will follow legal obligations including notifying affected individuals and the ICO where required.

Children

Our services are not aimed at children. If you are booking for a child you must provide parental or guardian consent and disclose any relevant medical information.

Changes to this policy

We may update this policy from time to time. The latest version will always be published on this page. Continued use of our services after changes indicates acceptance.

Related documents

See our Terms & Conditions for service and cancellation terms.

Contact

To exercise your rights or for any privacy questions contact us via the Contact page.

Note: This policy is for general guidance and does not constitute legal advice. For bespoke legal advice please consult a solicitor or data protection specialist.