Privacy Policy

Last Updated: January 2026

Who We Are

Mango Massage provides massage therapy services. We are committed to protecting your privacy and complying with UK GDPR and the Data Protection Act 2018.

Contact: enquiries@mangomassage.me | 07564 011574 | Flat 12 Long Fox Manor, 825 Bath Road, BS4 5RT

What Information We Collect

When you book or receive treatment:

  • Name, email, phone number, address

  • Health information (medical history, current conditions, medications, allergies, injuries, treatment preferences)

  • Appointment history and treatment notes

  • Payment information (we do not store full card details)

When you visit our website:

  • Usage data (pages visited, browser type, IP address)

  • Cookies (see our Cookie Policy)

Why We Use Your Information

We collect and use your information to:

  • Provide safe and effective massage therapy

  • Assess your suitability for treatment and plan treatments

  • Manage appointments and send reminders

  • Process payments

  • Comply with professional healthcare record-keeping requirements

  • Respond to your enquiries

Legal basis: Performance of contract, legitimate interests (providing safe healthcare), legal obligation, and your explicit consent for health data.

Health Information (Special Category Data)

Your health information receives extra protection under GDPR. We process it because:

  • It's necessary to provide healthcare treatment

  • You give explicit consent by completing our health questionnaire

  • It protects your safety and wellbeing

You can withdraw consent at any time, but this may affect our ability to treat you safely.

How Long We Keep Your Data

  • Health records and treatment notes: 8 years from last appointment

  • Appointment and payment records: 7-8 years

  • Marketing consent: Until you withdraw consent

  • Website analytics: 26 months

Who We Share Your Information With

We do not sell your data. We only share it when:

  • You give consent (e.g., referrals to other healthcare professionals)

  • Legally required (e.g., professional bodies, insurers if claims made, law enforcement)

  • Service providers help us (e.g., Squarespace for website hosting, booking systems, payment processors, email providers)

All third parties are required to keep your data secure.

Your Rights

You have the right to:

  • Access your personal data (Subject Access Request)

  • Correct inaccurate or incomplete data

  • Delete your data (though we may need to retain health records for 8 years)

  • Restrict how we use your data

  • Object to processing

  • Withdraw consent at any time

  • Complain to the ICO (Information Commissioner's Office)

To exercise these rights, contact us using the details above.

Data Security

We protect your information with:

  • Locked filing cabinets for paper records

  • Password-protected and encrypted digital storage

  • SSL encryption on our website

  • Access limited to authorized personnel only

Marketing

We only send marketing emails if you've given consent. You can unsubscribe anytime by clicking "unsubscribe" in emails or contacting us directly.

Clients Under 18

For clients under 18, we require parental or guardian consent before treatment or collecting data.

Changes to This Policy

We may update this policy occasionally. Significant changes will be communicated via email or our website. Check the "Last Updated" date above.

Complaints

If you're unhappy with how we handle your data, you can complain to:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Tel: 0303 123 1113 | Website: www.ico.org.uk