Nordic Therapies Privacy Notice
Last updated: 15.2.2026
Controller: Nordic Therapies
Contact: nordictherapies@gmail.com / +44 78 6258 1838
Nordic Therapies is committed to protecting your personal data and handling it lawfully, fairly, and transparently. This notice explains what we collect, why we collect it, how long we keep it, and your rights under UK data protection law (UK GDPR, Data Protection Act 2018, and where relevant PECR). If you are in the EEA, equivalent EU GDPR principles apply.
⸻
1) Who we are
For data protection purposes, Nordic Therapies is the data controller of your personal data.
If you have questions about this notice or want to exercise your rights, contact:
nordictherapies@gmail.com / +44 78 6258 1838
⸻
2) What personal data we collect
Depending on how you use our services, we may collect:
• Identity and contact data: name, phone number, email address, address.
• Booking and service data: appointment details, treatment type, visit notes, scheduling history.
• Health and wellbeing data: information you provide in consultation and health questionnaires (for example injuries, symptoms, relevant medical history, contraindications, medications where relevant).
• Payment and transaction data: payment status, invoice records, partial payment references (we do not store full card details).
• Communications data: messages sent by WhatsApp, email, website contact forms, and related enquiry history.
• Technical data (website): IP address, browser/device data, cookie-related analytics data where enabled.
⸻
3) Special category data (health information)
Because Nordic Therapies provides manual therapy treatments, we process health data, which is special category data under data protection law.
We process this data only where necessary and under an appropriate legal basis and condition, for example:
• treatment suitability and safety screening,
• professional record keeping,
• responding to health or safety incidents.
Where required by law, we maintain appropriate safeguards and policies for this type of data.
⸻
4) Why we use your data and lawful bases
We use personal data for the following purposes:
1. To respond to enquiries and manage bookings
• Lawful basis: contract and/or legitimate interests.
2. To provide treatments safely and appropriately
• Lawful basis: contract.
• Special category condition: processing necessary for health-related care/management and related safeguarding requirements, or explicit consent where appropriate.
3. To manage payments, accounting, and legal records
• Lawful basis: legal obligation and contract.
4. To communicate service updates (non-marketing)
• Lawful basis: contract and/or legitimate interests.
5. To send marketing (if used)
• Lawful basis: consent and compliance with electronic marketing rules (PECR) where required.
• You can opt out at any time.
6. To protect business operations, prevent misuse, and maintain security
• Lawful basis: legitimate interests.
⸻
5) Marketing communications
If you subscribe to updates, we may send information about treatments, availability, offers, and events.
• We only send electronic marketing where permitted by law.
• You can unsubscribe at any time using the unsubscribe link, by WhatsApp, or by emailing us at nordictherapies@gmail.com
• We keep suppression records so we can respect your opt-out choice.
⸻
6) Cookies and website tracking
Our website may use cookies and similar technologies for core functionality, analytics, and performance improvement.
• Where consent is required, non-essential cookies are only set after your choice.
⸻
7) Who we share your data with
We do not sell your personal data.
We may share data with trusted service providers where necessary, such as:
• Website hosting and form providers (to host the website, receive form submissions, and display testimonials that you have submitted or consented to us publishing).
• booking/admin tools,
• accounting software/providers,
• payment processors,
• email/communications providers.
These providers process data under contracts with confidentiality and security obligations.
We may also disclose data where required by law, regulation, insurance requirements, or to protect legal rights/safety.
⸻
8) International transfers
If any provider processes data outside the UK/EEA, we use appropriate safeguards (for example adequacy regulations, standard contractual clauses, or equivalent transfer mechanisms) as required by law.
⸻
9) How long we keep data
We keep personal data only as long as necessary for the purposes described above and to meet legal, insurance, tax, and professional record-keeping obligations.
Typical retention periods (adjust these to your actual policy):
• Enquiries (non-client): up to 12 months.
• Client contact/booking records: up to 6 years after last appointment.
• Health/treatment notes: up to 7 years after last treatment (or longer where required for legal/insurance reasons).
• Financial records/invoices: 6 years plus current financial year (or as legally required).
• Marketing consent records: until consent is withdrawn, then suppression details retained to honour opt-out.
When data is no longer required, it is securely deleted or anonymised.
⸻
10) Data security
We use appropriate technical and organisational security measures, including:
• restricted access to personal data,
• secure passwords and device protections,
• encrypted/cloud-secure systems where applicable,
• locked storage for paper records (if used),
• confidentiality practices and secure disposal procedures.
⸻
11) Data breaches
If a personal data breach occurs, we assess risk promptly.
Where legally required, we notify the ICO and affected individuals within the required timeframes.
⸻
12) Your data protection rights
Subject to legal conditions and exemptions, you have the right to:
• be informed about how your data is used,
• access your personal data,
• request correction of inaccurate/incomplete data,
• request erasure,
• request restriction of processing,
• object to processing (including direct marketing),
• data portability (where applicable),
• withdraw consent at any time (where processing is based on consent).
To exercise your rights, contact: [insert email].
You also have the right to complain to the UK Information Commissioner’s Office (ICO).
You can contact the ICO via its official website.
⸻
13) Automated decision-making and profiling
Nordic Therapies does not use automated decision-making or profiling to make treatment decisions or legal/significant decisions about you.
⸻
14) Children’s data
Services are intended for adults unless a parent/guardian books for a minor and appropriate safeguards/consents are in place. We do not knowingly collect unnecessary data from children.
⸻
15) Third-party links
Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please read their privacy notices separately.
⸻
16) Changes to this privacy notice
We may update this notice from time to time to reflect legal, operational, or service changes.
The latest version will always be published on this page with the revised “Last updated” date.
