top of page

Privacy Policy

 

 

Claire Ephgrave Bodywork

Effective Date: 11th February 2026

 

Claire Ephgrave Bodywork is committed to protecting your privacy and handling your personal data transparently and securely in accordance with UK GDPR and the Data Protection Act 2018.

​

 

1. Who We Are

​

Claire Ephgrave Bodywork

82 High Street, Stotfold, SG54LD.

Email: hello@ephgravebodywork.co.uk

 

Claire Ephgrave Bodywork is the Data Controller responsible for your personal data.

​

 

2. What Information Is Collected

​

The following personal data may be collected:

 

  • Full name

  • Email address

  • Phone number

  • Postal address (if provided)

  • Date of birth (if relevant to treatment)

  • Medical and health information relevant to treatment

  • Treatment and appointment history

  • Payment information (processed via third-party providers)

 

Health information is classified as special category data under UK GDPR and is processed with additional safeguards.

 

​

3. How Your Information Is Collected

 

Your data may be collected when you:

 

  • Book an appointment via the online booking system

  • Complete a consultation or health form

  • Contact via email, phone or social media

  • Purchase a gift voucher or package

  • Subscribe to marketing emails

 

​

 

4. Lawful Basis for Processing

 

Your data is processed under the following lawful bases:

 

  • Contract – to provide treatments and services you have booked

  • Legal obligation – for tax, accounting and insurance purposes

  • Legitimate interest – to manage bookings and communicate with you

  • Explicit consent – for processing health information

  • Consent – for sending marketing communications

​

You may withdraw consent at any time.

 

​

5. How Your Information Is Used

​

Your personal data is used to:

 

  • Provide safe and appropriate treatments

  • Assess suitability for massage or bodywork

  • Manage appointments and bookings

  • Communicate about appointments

  • Send marketing emails (where consent has been given)

  • Maintain accurate treatment records

  • Comply with legal and insurance obligations

​

Your information will never be sold or shared for third-party marketing.

 

​

6. Marketing Communications

​

Marketing emails are currently sent directly via Gmail.

 

You will only receive marketing communications if you have given consent or are an existing client under legitimate interest guidelines.

 

You may unsubscribe at any time by contacting: hello@ephgravebodywork.co.uk

 

Marketing contact details are retained until you withdraw consent or request removal.

​

 

7. Payment Processing

​

Payments are processed securely via:

 

  • Stripe (online booking payments)

  • SumUp (payment links/in person purchases)

​

Claire Ephgrave Bodywork does not store full card details.

 

These providers act as independent data controllers and process payment data in accordance with their own privacy policies.

​

 

8. Data Storage & Security

​

Personal data is stored securely:

 

  • Digital records are password protected

  • Devices are secured with passcodes

  • Paper consultation forms are stored securely in locked storage

  • Booking systems use secure third-party platforms

​

Reasonable technical and organisational measures are taken to protect your data from unauthorised access, loss or misuse.

​

 

9. Data Retention

​

Client treatment records are retained for a minimum of 7 years following your last appointment, in line with professional insurance and legal requirements.

 

Children’s records (if applicable) are retained until age 25.

 

Marketing contact data is retained until consent is withdrawn.

 

After retention periods expire, data is securely deleted or destroyed.

 

​

10. Sharing Your Information

​

Your personal data will not be shared with third parties unless:

 

  • Required by law

  • Required for insurance or legal defence

  • Necessary to protect your vital interests

 

 

Booking platforms and payment processors may process data on your behalf under contractual agreements.

​

 

11. Your Rights

​

Under UK GDPR, you have the right to:

 

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure (where legally permissible)

  • Restrict or object to processing

  • Withdraw consent

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

​

ICO website: https://ico.org.uk

ICO Helpline: 0303 123 1113

 

​

12. Cookies

 

 

This website may use cookies for functionality and analytics purposes. You can manage cookie preferences through your browser settings.

​

 

13. Changes to This Policy

 

 

This Privacy Policy may be updated from time to time. The latest version will always be available on this website.

bottom of page