Privacy Policy

LAST UPDATED: Oct. 2022

Who we are

Suggested text: Our website address is: https://balancesportsmassage.com.

At different points during your interaction with our booking system and therapists, you will be asked to provide personal information. We take the security of personal data seriously and are committed to keeping you fully informed of your rights under the General Data Protection Regulation (GDPR). We aim to be transparent and to provide you with accessible information on how your personal data is used.


This document tells you:

  • What information is used and Why
  • Who can see it
  • How it is secured

This policy covers the key points that we need to obtain your explicit consent for; to offer our services to you and act as a processor and controller of your sensitive data. By agreeing to this privacy policy, you are consenting to us processing your personal data for the purposes outlined. You can withdraw consent at any time by using the details provided at the end of this policy document. 


What and Why

We request the minimum amount of information possible from you to uniquely identify you and give you the best possible service we can.

Medical Notes: these may include your name, age, address, supplements and medicine details, lifestyle, diet, occupation, presenting complaints, severity, injury history, past treatments, and diagnosis. We will only collect what is relevant and necessary for your treatment. We need to collect personal information about your health in order to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes a contract. You can refuse to give any of this information, but that may limit the level of service we can provide if any. It is therefore a condition of any treatment, that you give your explicit consent to allow us to document and process your personal data. We have a legal obligation to retain your records for 6 years after your most recent appointment.

How your contact details are used – We think it is important that we can
contact you in order to:

  • Discuss your treatment and appointments.
  • Send appointment confirmations and reminders.
  • Book and cancel appointments.

This again constitutes a “Legitimate Interest”. You can update this preference at any time should you prefer not to receive any of the above but it may impact how we are able to offer our service to you.

You provide us with personal data in the following ways:

  • Through email, over the telephone or in person.
  • During treatment or consultation.
  • By completing an online questionnaire.
  • By using our online booking services.
  • When making payments using a card and online payment.


Who and Where

Your medical information, history, and treatment plan, if any, will remain confidential, and will only be disclosed to those involved with your treatment, a treatment plan, or care, or in accordance with UK law and guidelines from any relevant professional bodies. We have put in place physical, electronic, and operational procedures intended to safeguard and secure the information that we hold about you. Our therapists have a legal duty to respect the confidentiality of your personal data and medical information, and access to this information is restricted only to those who have a reasonable need to access it (therapists involved in your care). All our data is held securely, and all our data processors comply with GDPR safety regulations.

Some of our data is held outside the EEA by appointed data processors. Your data will be stored in the following external platforms, depending on how you provided it to us. Where we can, we collect minimal data to limit your personal data available to those technology partners that apply blanket rights to them (in this case Mailchimp). Sensitive data such as date of Birth is never collected on any of our partner platforms. Acuity Scheduling: All data in relation to your clinical management is processed and stored here. We use Acuity Scheduling to book your appointments online and provide electronic note-keeping and storage for your special category data. Acuity Scheduling is an encrypted cloud-based patient management platform located in the USA. Acuity Scheduling has a legal obligation to protect patient data subject to rights in accordance with GDPR. All data collected by Balance Sports Massage is shared with our external marketing partner, Global Digital Canvas Ltd. Please see their website to learn more about their privacy policy (www.gdcanvas.com).

  • Google: Your initial consultation form exists on the google forms platform, also protected by legal privacy obligations. Google does not collect emails or any other data on these forms.
  • Mailchimp: Clinic operational updates come to you via Mailchimp. When you use our services, you agree for us to store your email and preferences in Mailchimp, you can unsubscribe from this list at any time. Sensitive data such as addresses are not shared with mandatory collectors like Mailchimp.
  • Stripe: Transaction details for any payments made using our booking system are processed by Stripe. Their updated privacy policy can be read here.

We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only, and protect personal and confidential information held on equipment such as laptops with encryption. We ensure external data processors that support us are legally bound to operate and provide security arrangements where data that could or does identify a person are processed.