Privacy Notice and Your Rights Under GDPR

Privacy Notice Theraflex Massage Ltd

Under the General Data Protection Regulations (EU) (GDPR) which came into force on 25th May 2018, changes and improvements were made regarding the collection, retention, storage and use of personal data. This Privacy Notice will explain how Theraflex Massage Ltd collects and stores this information and what your rights are, in compliance with the GDPR.

Organisation Contact Details

Donna Lopez, Therapist and Director

Theraflex Massage Ltd

Enterprise House

Wrest Park

Silsoe, MK45 4HS

0797 267 6607

What is Personal Data?

Personal data is any information about you that enables you to be identified.

The lawful basis for the processing.

Theraflex Massage collects information under the lawful basis of Legitimate Interests.  We collect this information to enable us to contact you and to provide a safe, appropriate and accurate treatment plan. It would not be possible to do this without this information. All contact with you will be concerning your treatments or appointments, and other business relating solely to Theraflex Massage Ltd.

Personal data obtained

Only information required to allow us to contact you and provide appropriate treatment will be collected and includes the following:

  • Name
  • Date of birth
  • Contact details including address, phone number and e mail address
  • Occupation
  • Leisure activities
  • Medical and health information.


This information will be collected at the time of the first appointment and may be added to at subsequent appointments or through information gathered during treatments. All efforts will be made to ensure that information collected is accurate and up to date, but any inaccuracies can be changed by e mailing with details of the changes to be made.

Sharing of Information

Information gained for the purposes detailed above will not be shared except in the following circumstances:

  • when requested for an insurance claim or if making a referral to another practitioner. The permission of the client will be required.
  • If there is concern that a law has been or will be broken
  • If there are concerns that the individual is a risk to themselves or to other people.


Retention of Information

The length of time the information will be held is in accordance with the conditions of Theraflex Massages insurance policy:

“The records shall be kept for at least 7 years following the last occasion on which treatment was given. In the case of treatment to minors, it is advisable that records should be kept for at least 7 years after they reach the age of majority (18).”

Storage of Information

Records are kept in written form and stored securely. Currently Theraflex does not hold computerised records.

Your Rights

Under GDPR you have the following rights:

Right to be Informed.

This is through this privacy notice and other documents referred to within this document.

Right of Access.

You have the right to access personal data held. Further Information can be found in a separate document, Your Rights Under GDPR.

Right of Rectification.

The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete.

Right of Erasure.

The GDPR introduces a right for individuals to have personal data erased, otherwise known as the right to be forgotten.

Right to restrict processing.

You have the right to request the restriction or suppression of your personal data.

Right to Object.

The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances.

Further information and how you can apply for any of the above can be found in the document Your Rights Under GDPR.


Your Rights Under GDPR

The following outlines your rights under the GDPR.

Right to be Informed

Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR. At the first appointment, clients will be given and/or emailed a copy of the Privacy notice which gives details of the following:

  • Contact details for the organisation
  • what personal information is collected
  • for what purpose that information is collected
  • the lawful basis for the processing of the information
  • under what circumstances this information will be shared
  • for how long information will be held
  • how information is stored
  • your rights in brief detail.

Rights of Access, Rectification, Erasure, Restrict Processing and Objection.

Requests for access, rectification, erasure, to restrict processing and challenge the information held can be made verbally or by e mail and must be responded to within 1 month. As notes are handwritten, these will be scanned, and emailed.

Contact Details

Donna Lopez, Therapist and Director

Theraflex Massage Ltd

Enterprise House

Wrest Park

Silsoe, MK45 4HS

0797 267 6607