Home / Privacy Policy

Privacy Policy

Last updated: April 2026

Who we are

Lucy Hall Massage Therapy is the data controller for the personal information we collect and process. We are based at 2 Antwerp Cottages, Thoday Street, Cambridge, CB1 3AU. You can contact us at info@lucyhallmassage.com with any questions about how we handle your data.

This policy explains what personal data we collect, why we collect it, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

What data we collect

We may collect and process the following personal data:

  • Name, email address, phone number and appointment details when you book a treatment
  • Health and medical information you provide as part of your consultation, where relevant to your treatment
  • Payment information — processed securely via SimplyBook.me. We do not store your card details
  • IP address and browsing behaviour via Google Analytics and Meta Pixel
  • Any communications you send us by email or through our website

Why we collect your data

We collect and use your data for the following purposes:

  • To manage your bookings and appointments (contractual necessity)
  • To provide safe and appropriate treatment — health information is collected where clinically relevant (legitimate interest and, where required, explicit consent)
  • To send appointment reminders and follow-up communications (legitimate interest)
  • To comply with legal obligations, including keeping records required by our professional bodies
  • To analyse how our website is used and improve our services (legitimate interest, via Google Analytics)
  • To show relevant advertising on social media platforms (consent, via Meta Pixel)

Legal basis for processing

Under UK GDPR, we rely on the following legal bases:

  • Contract: to fulfil your booking and provide the services you have requested
  • Legitimate interests: to run and improve our business, communicate with clients, and keep our website functioning
  • Legal obligation: to comply with professional, financial and health and safety requirements
  • Consent: for marketing communications and the use of Meta Pixel tracking. You may withdraw consent at any time

Health data

Health information is classed as special category data under UK GDPR. We collect this only where necessary for your safe treatment, and only with your explicit consent. This information is kept securely and is not shared with third parties except where required by law or in a medical emergency.

Third parties we share data with

We share your data with the following third parties only where necessary:

  • SimplyBook.me — our booking platform, which processes appointment and payment data. Their privacy policy is available at simplybook.me
  • Google Analytics — anonymous website usage data to help us understand how visitors use our site
  • Meta (Facebook/Instagram) — via Meta Pixel, for advertising purposes. You can opt out via your Meta ad preferences

We do not sell your personal data to any third party.

How long we keep your data

We retain personal data for as long as necessary to fulfil the purposes for which it was collected:

  • Booking and appointment records: 7 years (in line with HMRC requirements)
  • Health consultation records: 7 years from last treatment, or 7 years after a minor turns 18
  • Marketing data: until you withdraw consent or unsubscribe
  • Website analytics data: as per Google Analytics retention settings (default 26 months)

Your rights

Under UK GDPR you have the following rights:

  • Right of access — you can request a copy of the personal data we hold about you
  • Right to rectification — you can ask us to correct inaccurate data
  • Right to erasure — you can ask us to delete your data in certain circumstances
  • Right to restrict processing — you can ask us to limit how we use your data
  • Right to data portability — you can request your data in a structured, machine-readable format
  • Right to object — you can object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making — we do not carry out automated decision-making or profiling

To exercise any of these rights, please contact us at info@lucyhallmassage.com. We will respond within one month. If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Cookies

Our website uses cookies. Please see our Cookie Policy for full details of the cookies we use and how to manage them.

Changes to this policy

We may update this Privacy Policy from time to time. The current version will always be available on this page with the date it was last updated. We encourage you to review it periodically.

Questions about this page? Contact us at info@lucyhallmassage.com