Privacy Policy
This privacy policy explains how GR8BODY ("we", "us", "our") collects, uses and protects your personal data when you use our website at gr8body.uk or contact us to book a treatment. We are committed to handling your data responsibly in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Business name: GR8BODY
Trading as: GR8BODY – Mobile Massage Therapy by Anna
Address: The Green, Bexleyheath, DA7 5DW
Email: info@gr8body.co.uk
Phone: 020 3411 7476
As a sole trader providing mobile massage therapy services, Anna is the data controller responsible for your personal data.
2. What Data We Collect
We may collect and process the following types of personal data:
2.1 Data you provide directly
- Name, email address, telephone number and home address/postcode (for booking purposes)
- Health information relevant to your treatment (such as pregnancy stage, medical conditions, medications) — this is special category data under UK GDPR
- Treatment preferences and session notes
- Payment information (bank transfer confirmations — we do not store card details)
- Messages and correspondence sent via contact forms, email, WhatsApp or telephone
2.2 Data collected automatically
- Standard website usage data including IP address, browser type, pages visited and time of visit (via cookies and server logs)
- Cookie consent preferences
3. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Booking and managing your treatments | Performance of a contract |
| Processing health information to provide safe, adapted treatment | Explicit consent (special category data) |
| Responding to your enquiries | Legitimate interests |
| Sending appointment reminders | Performance of a contract |
| Processing payments | Performance of a contract |
| Improving our website and services | Legitimate interests |
| Complying with legal obligations | Legal obligation |
We will only use your data for the purposes stated above. We do not use your data for automated decision-making or profiling.
4. Special Category Data (Health Information)
Because we provide massage therapy, we need to collect information about your health to ensure treatments are safe and appropriate. This is "special category" data under UK GDPR. We process this data only:
- With your explicit consent
- For the purposes of providing, or assessing the provision of, health care
Health information you share with us is treated with the highest level of confidentiality and is not shared with anyone outside of your care.
5. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We may share data with:
- Payment processors — where relevant for processing bank transfers
- Professional indemnity insurers — only in the event of a complaint or insurance claim
- Legal authorities — if required by law
Any third parties we work with are required to handle your data securely and in accordance with UK GDPR.
6. Cookies
We use cookies on our website to improve your experience. A cookie is a small text file stored on your device. We use:
- Essential cookies — required for the website to function (e.g. cookie consent preference)
- Analytics cookies — to understand how visitors use our site (if analytics are enabled)
You can control cookies through your browser settings. Refusing cookies may affect some website functionality. We display a cookie consent banner when you first visit the site.
7. How Long We Keep Your Data
- Client records and treatment notes: 7 years from the date of last treatment (in line with professional body guidance and UK healthcare record-keeping standards)
- Enquiry correspondence: 12 months from the date of the enquiry
- Website analytics data: As per the analytics provider's retention policy (typically 26 months)
- Financial records: 6 years (required by HMRC)
8. Your Rights
Under UK GDPR, you have the following rights:
- Right of access — you can request a copy of the personal data we hold about you
- Right to rectification — you can ask us to correct inaccurate data
- Right to erasure — you can ask us to delete your data (subject to legal obligations)
- Right to restriction of processing — you can ask us to limit how we use your data
- Right to data portability — you can request your data in a commonly used, machine-readable format
- Right to object — you can object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, please contact us at info@gr8body.co.uk. We will respond within 30 days.
9. Data Security
We take data security seriously. Your personal data is stored securely and access is limited to Anna. We use encrypted communications where possible and do not store card payment details.
If we become aware of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) as required by law.
10. International Transfers
We aim to keep your data within the UK. Where any third-party service provider operates outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR.
11. Children's Data
Our services are for adult women only (18+). We do not knowingly collect personal data from children. Where treatments are provided to minors (under 18) in the context of parental or guardian accompaniment, we obtain explicit written parental consent.
12. Changes to This Policy
We may update this privacy policy from time to time. The most current version will always be available on this page. The date at the top of the policy indicates when it was last updated.
13. Complaints
If you have concerns about how we handle your data, please contact us first at info@gr8body.co.uk. If you remain unhappy, you have the right to complain to the Information Commissioner's Office (ICO):
ICO: ico.org.uk/make-a-complaint
ICO Helpline: 0303 123 1113