Serenity by Sophie

Menu
Menu
Serenity by Sophie

Privacy Policy

Last Updated: 27th October 2025

At Serenity by Sophie, I am committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how I, Sophie, a qualified massage therapist based in Barnack, Stamford, collect, use, store, and protect your personal data when you interact with my services through www.serenitybysophie.com, email, phone, or in-person bookings. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who I Am

Serenity by Sophie is a sole trader business operated by Sophie, offering Swedish massage therapy services in Barnack, Stamford, and mobile services within a 10-mile radius. For data protection purposes, I am the data controller responsible for your personal information.

Contact Details: Email: info@serenitybysophie.com 

2. What Information I Collect

I collect and process the following types of personal data to provide my massage therapy services:

  • Personal Details: Name, email address, phone number, and postal address (for mobile services or billing purposes).
  • Health Information: Details of medical conditions, allergies, or other health-related information you provide during booking or consultation to ensure safe and tailored treatments.
  • Booking Information: Details of your appointments, including date, time, type of massage, and payment information.
  • Website Usage Data: Information collected automatically when you visit www.serenitybysophie.com, such as your IP address, browser type, and pages visited, using cookies or similar technologies (see Section 6).
  • Enquiry Data: Information you provide when contacting me via the website contact form, email, or phone.

3. How I Collect Your Information

I collect your personal data when you:

  • Book a massage session online via www.serenitybysophie.com.
  • Contact me through the website’s contact form, email, or phone.
  • Provide health or personal details during a consultation call or in-person.
  • Make a payment for services.
  • Visit my website, where limited data may be collected via cookies (with your consent).

4. How I Use Your Information

I use your personal data for the following purposes, based on lawful grounds under the UK GDPR:

  • To Provide Services (Performance of a Contract): To process bookings, arrange consultation calls, personalise treatments, and deliver massage services (including mobile services).
  • To Ensure Safety (Legitimate Interests and Legal Obligation): To assess health information to ensure treatments are safe and appropriate.
  • To Communicate (Consent or Legitimate Interests): To respond to enquiries, confirm bookings, or send appointment reminders.
  • To Process Payments (Performance of a Contract): To handle payments and issue invoices.
  • To Improve My Website and Services (Legitimate Interests): To analyse website usage and improve user experience.
  • To Comply with Legal Obligations (Legal Obligation): To maintain records for tax or regulatory purposes.

I will only use your personal data for the purposes for which it was collected, unless I reasonably consider that I need to use it for another purpose compatible with the original purpose.

5. How I Share Your Information

I do not sell or share your personal data with third parties for marketing purposes. Your data may be shared only in the following circumstances:

  • Service Providers: With trusted third-party providers (e.g., payment processors or booking system providers) who assist in delivering my services. These providers are contractually obliged to protect your data and comply with UK data protection laws.
  • Legal Requirements: If required by law, such as to comply with a court order or regulatory authority.
  • Emergencies: To protect your health or safety, for example, sharing relevant health information with medical professionals in an emergency.

6. Cookies and Website Analytics

My website uses cookies to enhance your browsing experience and analyse site performance. Cookies are small text files stored on your device. The types of cookies I use include:

  • Essential Cookies: Necessary for the website to function (e.g., to process bookings).
  • Analytics Cookies: To understand how visitors use my website, such as which pages are visited most often (e.g., via Google Analytics).

You can manage cookie preferences through your browser settings or via the cookie consent banner on www.serenitybysophie.com. Disabling cookies may affect website functionality.

7. How I Store and Protect Your Data

  • Storage: Your personal data is stored securely in password-protected systems, both digital (e.g., booking software) and physical (e.g., locked filing cabinets for paper records).
  • Security Measures: I use industry-standard measures, such as encryption for online transactions and secure servers, to protect your data from unauthorised access, loss, or misuse.
  • Retention: I retain personal data only for as long as necessary:
    • Booking and payment records: Up to 7 years to comply with tax and accounting obligations.
    • Health information: For the duration of our professional relationship or as long as necessary to ensure safe treatments.
    • Enquiry data: Up to 12 months, unless you book a service.
    • Website analytics: Anonymised data may be retained for up to 24 months.

After these periods, your data will be securely deleted or anonymised.

8. Your Data Protection Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data I hold about you.
  • Rectification: Ask me to correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data, subject to legal or contractual obligations.
  • Restriction: Request that I limit the processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests (e.g., analytics).
  • Data Portability: Request a copy of your data in a structured, commonly used format.
  • Withdraw Consent: Where processing is based on consent (e.g., marketing emails), you can withdraw consent at any time.

To exercise these rights, contact me using the details in Section 1. I will respond within one month, as required by law. There is no fee unless your request is manifestly unfounded or excessive.

9. International Data Transfers

As a UK-based business, I primarily store and process data within the UK. If any data is transferred outside the UK (e.g., via cloud-based booking systems), I ensure that appropriate safeguards, such as Standard Contractual Clauses, are in place to protect your data in accordance with UK GDPR.

10. Third-Party Links

My website may include links to third-party websites (e.g., payment processors). This Privacy Policy does not apply to those websites. I encourage you to review their privacy policies before providing personal information.

11. Changes to This Privacy Policy

I may update this Privacy Policy from time to time to reflect changes in my services or legal requirements. The updated policy will be posted on www.serenitybysophie.com with the “Last Updated” date. Significant changes will be communicated via email or a website notice.

12. Complaints

If you have concerns about how I handle your personal data, please contact me first using the details in Section 1. If you are not satisfied with my response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): Website: www.ico.org.uk Phone: 0303 123 1113 Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Contact Me

For any questions about this Privacy Policy or how I handle your personal data, please contact me: Email: info@serenitybysophie.com