This privacy policy outlines how Nordic Therapies complies with UK data protection laws, including the General Data Protection Regulation (GDPR). We are committed to safeguarding the privacy of our clients and ensuring that personal data is handled appropriately and securely.

1. Lawful Basis for Handling Data

In accordance with Article 6 of GDPR, Nordic Therapies handles data on the following lawful bases:

•Consent: Personal data is collected with your express consent, for example, when you sign up for our mailing list to receive updates on treatments and availability.

•Legitimate Interests: Data may be used for marketing purposes, such as sending you details of special offers, events, and services that may interest you.

•Legal Obligations: As a provider of manual therapies, we are required to collect medical information through a health questionnaire. This information is stored securely in paper format and kept under lock and key.

2. Data Collection for Contractual Purposes

If you book a treatment with Nordic Therapies, we will need to collect personal data to fulfill our contractual obligations. This may include:

•Name and contact information: To manage your booking and invoicing, including email addresses, home/business addresses, and telephone numbers.

All data is stored securely for accounting purposes and is never shared with third parties unless required by law. We do not store any credit card information, as payments are made via bank transfer, card, or cash.

3. Privacy Safeguards

Nordic Therapies respects your right to privacy and is committed to keeping your data safe. We inform clients at the point of data collection how their data will be used, stored, and processed. Our privacy notices include:

•The purpose of processing your data

•How long the data will be retained

•Who, if anyone, it will be shared with

We ensure these notices are provided when you book treatments online, via phone, or by email.

4. Your Rights

Under GDPR, you have several rights concerning your data, including:

•Right of Access: You have the right to request access to the personal data we hold about you. Requests will be processed within one month and are provided free of charge.

•Right to Rectification: If you believe that any data we hold is incorrect or incomplete, you may request a correction or update. We will rectify this information within one month of your request.

•Right to Erasure: You may request that your personal data be erased. Nordic Therapies will respond to such requests within one month and may extend this to two months for complex cases.

5. Security Measures

We take appropriate technical and organisational measures to ensure that your personal data is secure. This includes:

•Storing physical health records in a locked, secure location

•Ensuring any electronic data is protected by strong encryption and secure passwords

6. Data Retention

Nordic Therapies will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or to meet legal and accounting obligations. After this period, your data will be securely deleted.

7. Data Breaches

In the unlikely event of a data breach, Nordic Therapies will notify the affected individuals and relevant authorities within 72 hours, as required by GDPR, if the breach poses a risk to the rights and freedoms of individuals.

8. Automated Decision-Making

Nordic Therapies does not engage in automated decision-making or profiling of individuals for marketing purposes. Any decisions relating to your treatment are made by a qualified therapist, ensuring a personalised experience.

9. Updates to This Policy

We may update this privacy policy from time to time to reflect changes in our services or legal obligations. You will be notified of any significant changes via email or a notice on our website.

10. Contact Information

If you have any questions about this privacy policy or how we handle your data, please contact us at:  nordictherapies@gmail.com