ACHILLES’ HEEL REFLEXOLOGY PRIVACY NOTICE

Our contact details: 

Business Name: Achilles’ Heel Reflexology 
Address: 40 Turney Road, London, SE21 8LU 
Email: info@achillesheelreflexology.co.uk

What personal data we collect, use and why:

Achilles’ Heel Reflexology (AHR) never buys or rents personal data. All data processed in our business is provided directly by you or your parent/carer (in the case of children under 18).

As a qualified reflexologist and member of Professional Reflexology, we collect and use your personal data for the following purposes:

• to provide reflexology treatments
• to maintain accurate treatment records as required by our professional insurance 
• to manage appointments and client relationships 
• to meet our legal and professional obligations 
• to provide follow-up care and treatment recommendations 
• to manage enquiries and communications 

Types of data we collect:

We collect the following information:

• Contact details: names, addresses, phone numbers and email addresses 
• Health information: medical history, current health conditions, medications, previous treatments, treatment outcomes and any reactions 
• Treatment records: detailed consultation notes, treatment provided, results and aftercare instructions 
• Payment information: financial details for processing payments 
• Records of communications: emails, messages and phone call notes 
• Consent records: written consent forms, including for children and vulnerable adults 

For children and vulnerable individuals under 18, we always obtain consent from a parent, guardian or other responsible carer before collecting any personal data or providing treatment.

How we store your data securely:

Your personal data is stored securely using a combination of digital systems and physical records:

Digital systems we use:

• Microsoft 365 (email and document storage) 
• IONOS (website hosting) 

Physical records:

• Paper consultation and treatment notes stored securely in locked cabinets 

All systems are chosen for their strong security standards and compliance with UK data protection law.

How long we keep your data:

We retain your personal data for the following periods to meet our professional insurance requirements and legal obligations:

• Treatment records for adults: 7 years from your last treatment 
• Treatment records for children: 7 years after they reach age 18 (25 years old) 
• Financial records: 7 years to meet legal requirements 
• Marketing communications: 3 years or until you ask us to stop 
• General correspondence: 3 years 

Special arrangements for festival and event work:

When working at festivals as Achilles Heel Reflexology we may receive information through online booking forms, or if working at events as a subcontractor, the event organiser may receive this booking information. In these situations:

• We only access your data to provide your treatment 
• We may retain copies of any booking information after the event 
• All data belongs to AHR and remains with us / or the event organiser and is returned to them 
• We may keep brief treatment notes (name, date, condition treated) as required by our insurance 
• Any personal data provided directly to us during treatment follows our standard retention policy 

Lawful basis for processing your data:

UK data protection law requires us to have a lawful basis for processing your personal data. We process your information based on:

• Consent: You (or your parent/guardian) have given clear permission for us to process your data for specific purposes 
• Vital interests: Processing is necessary to protect your health and wellbeing.
• Legal obligation: We must keep treatment records to meet professional insurance requirements 
• Legitimate interests: We have assessed our processing and identified legitimate business interests that don’t override your rights 

Your data protection rights:

Under UK data protection law, you have the following rights:

• Right of access: Request copies of your personal data and information about how we use it 
• Right to rectification: Ask us to correct any errors or incomplete information 
• Right to erasure: Request deletion of your data (subject to our professional obligations) 
• Right to restrict processing: Ask us to limit how we use your data 
• Right to object: Object to processing based on legitimate interests 
• Right to data portability: Request transfer of your data in a portable format 
• Right to withdraw consent: Remove your permission for processing at any time 

Important note: As a healthcare practitioner, we may not be able to delete all your data if we need to keep treatment records to meet our professional insurance requirements or legal obligations.

To exercise any of these rights, please contact us using the details above. We aim to respond within one calendar month, though complex requests may take longer.

Who we share your data with:

Achilles’ Heel Reflexology does not sell, rent or routinely share your personal data with other organisations. We may share your information with:

• Healthcare professionals: Other practitioners involved in your care (with your consent) 
• Professional advisors: Legal or professional consultants when necessary 
• Insurance providers: Our professional insurance company if required for claims 
• Legal authorities: When we have a legal obligation to share information
• Professional Reflexology: For professional registration and compliance purposes 

Achilles’ Heel Reflexology software providers may have access to your data as part of providing their services:

• Microsoft (Office 365 services) – Privacy Policy 
• IONOS (web hosting) – Privacy Policy 

All our suppliers are carefully selected for their security standards and are bound by confidentiality agreements.

Transfers outside the UK:

Some of our software providers may store data outside the UK using global hosting services. When this happens, we ensure appropriate safeguards are in place to protect your data in line with UK data protection law.

Cookies and website:

Our website uses cookies (small text files) to improve your experience and remember your preferences.

Children and vulnerable adults:

Achilles’ Heel Reflexology takes extra care when working with children and vulnerable adults:

• We always obtain consent from parents or guardians before treating children under 18 
• We ensure a parent, guardian or appropriate adult is present during treatments 
• We maintain clear records of who provided consent 
• We follow safeguarding procedures if we have concerns about a client’s welfare 

How to complain:

If you have concerns about how Achilles’ Heel Reflexology handles your personal data, please contact us first using the details at the top of this notice.

If you remain unhappy after raising a complaint with us, you can contact the Information Commissioner’s Office (ICO):

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF

Helpline: 0303 123 1113 
Website: https://www.ico.org.uk/make-a-complaint 

Updates to this notice

Achilles’ Heel Reflexology reviews this privacy notice regularly and may update it from time to time. Please check back to ensure you understand our current practices.

This notice was last updated: 6th August, 2025