Privacy policy

Holistic Wellbeing Treatments respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how Holistic Wellbeing Treatments collects, uses, stores and protects personal information when you visit the website, contact us, make a booking, or receive treatments from us.

For the purposes of UK data protection law, including the UK GDPR and the Data Protection Act 2018, Holistic Wellbeing Treatments is the data controller of your personal data.

Contact details

Holistic Wellbeing Treatments
Twin Pines, North Common Road, Wivelsfield Green, West Sussex, RH17 7RJ
Email: alice@holisticwellbeingtreatments.com
Phone: +44 (0) 7717 824085

Information we collect

We may collect and use the following personal information:

  • name
  • phone number
  • email address
  • postal address, where relevant
  • booking and appointment details
  • records of enquiries, correspondence and messages
  • payment and transaction information, where relevant
  • health and wellbeing information relevant to treatment, such as medical conditions, injuries, recent surgery, medications, allergies, pregnancy, contraindications, GP or specialist advice, and treatment notes
  • limited technical information generated when the website is used, such as basic website logs and essential cookie information

Some health-related information is special category personal data under UK data protection law and is subject to additional protection.

How we collect information

Personal information may be collected:

  • directly from you when you contact us by email, phone, message or website enquiry
  • when you book or manage an appointment
  • when you complete consultation or client intake forms
  • during discussions before, during and after treatment
  • from third party booking providers you choose to use, such as Fresha
  • automatically, in a limited way, through the operation and security of the website

How we use information

We use personal information to:

  • respond to enquiries
  • arrange, confirm, change or cancel appointments
  • provide treatments safely and appropriately
  • assess whether a treatment is suitable
  • keep client records and treatment notes
  • process payments and maintain business and tax records
  • send service communications such as appointment reminders and follow-up information
  • protect the business, clients and website from misuse or security issues
  • comply with legal, regulatory, insurance and professional requirements
  • establish, exercise or defend legal claims where necessary

Lawful bases for processing

Under UK data protection law, a lawful basis is required for processing personal data.

For ordinary personal data, we rely on one or more of the following lawful bases:

  • steps taken at your request before entering into a contract, for example when you enquire about availability or make a booking
  • performance of a contract, for example providing a treatment that has been booked
  • compliance with legal obligations, for example accounting, tax and record-keeping requirements
  • legitimate interests in running and protecting the business, managing bookings, keeping appropriate records, and communicating with clients, provided those interests are not overridden by your rights

For health information and other special category data, we rely on your explicit consent for consultation, suitability checks, treatment delivery and related record keeping.

If the health information reasonably required is not provided, or if consent for its use is withdrawn, it may not be possible to provide treatment safely or at all.

Who we share information with

We do not sell personal information and we do not share it with third parties for their own marketing purposes.

Personal information may be shared where necessary with:

  • booking and appointment management providers, such as Fresha
  • website hosting, IT and administrative service providers
  • payment providers, if payment is made through a third party system
  • professional advisers, insurers or accountants where necessary
  • regulators, courts, law enforcement or other authorities where required by law or where necessary to protect legal rights

Where a third party service such as Fresha is used, that provider may also process personal information in accordance with its own privacy terms.

International transfers

Some service providers may process personal data outside the UK. Where that happens, reasonable steps will be taken to ensure appropriate safeguards are in place so that personal data remains protected in accordance with UK data protection law.

How long we keep information

Personal information is kept only for as long as necessary for the purposes set out in this Privacy Policy.

As a general guide:

  • enquiry data where no appointment is booked, up to 12 months
  • client and treatment records, normally up to 7 years after the last appointment
  • financial and tax records, normally 6 years after the end of the relevant financial year
  • website technical and security data, only for as long as reasonably necessary for security, performance and troubleshooting

Information may be kept for longer where there is a legal requirement, an insurance requirement, or an ongoing complaint or claim.

How we protect information

Reasonable technical and organisational measures are used to protect personal information against unauthorised access, loss, misuse, alteration or disclosure. These measures may include secure devices, password protection, restricted access to records, and the use of reputable third party systems where appropriate.

No method of transmission or storage is completely secure. However, appropriate steps are taken to keep personal information as safe as reasonably possible.

Cookies and website tracking

This website is intended to use only essential cookies that are necessary for the website to function properly.

Advertising or analytics cookies are not knowingly used without the appropriate notice and consent mechanism. Cookies can also be managed through browser settings.

Please also see the separate Cookie Notice on this website.

Your rights

Under UK data protection law, you have rights in relation to your personal information, subject to certain legal limitations. These include the right to:

  • request access to your personal data
  • request correction of inaccurate or incomplete data
  • request deletion of your data in certain circumstances
  • request restriction of processing in certain circumstances
  • object to processing based on legitimate interests in certain circumstances
  • request transfer of certain data to you or another provider
  • withdraw consent at any time where processing is based on consent, including explicit consent for health information

To exercise any of these rights, please contact us using the details above.

Complaints

If you have a concern about how personal data is handled, please contact us first so the issue can be addressed.

You also have the right to complain to the Information Commissioner's Office, or ICO, which is the UK data protection regulator.

Third party websites

This website may contain links to third party websites or booking platforms. We are not responsible for the privacy practices of those third parties. Their privacy policies should be read separately.

Changes to this policy

This Privacy Policy may be updated from time to time. Any changes will be posted on this page and the Last updated date will be revised.

Last updated: 13 March 2026.