Privacy and Safeguarding Policies

Privacy Policy

Effective Date: 12th May 2025


I. Who We Are

NeuroMassage Ltd is a UK-based wellness and massage therapy provider specializing in services for individuals with neurological conditions and additional care needs.


II. What Information We Collect

We only collect personal data that is necessary to deliver our services and comply with legal obligations. This may include:

  • Name, email address, and phone number (for client communication and appointment booking)
  • Medical history or health-related information provided by clients via intake or consent forms
  • Information about children (only with explicit parental or guardian consent)
  • Booking data via platforms such as TeamUp, Google Calendar, and Apple iCal

We do not collect or store financial information directly. Payments are processed securely through third-party platforms such as Xero.


III. How We Use Your Information

We process your personal data in order to:

  • Provide therapeutic services
  • Manage appointments and communications
  • Maintain treatment records as required by healthcare law
  • Fulfill legal obligations regarding client safety and record-keeping

We do not use your data for email marketing unless you have explicitly opted into our founder’s separate wellness newsletter.


IV. Legal Basis for Processing

We rely on the following lawful bases for processing your data under UK GDPR:

  • Consent: for collecting medical history and treating clients, especially children
  • Legal Obligation: to meet healthcare regulations regarding record retention
  • Legitimate Interest: to run our business effectively and safely


V. Data Retention

In compliance with UK healthcare guidelines, we retain client records securely for 7–8 years after the last treatment (or until the child reaches age 25, whichever is longer). After this period, data is securely deleted or anonymised.


VI. Data Storage & Security

All data is securely stored in Google Cloud, with strict password protection. Access is limited to authorized team members directly involved in your care.

 

VII. Sharing Your Information

We never sell or share your data with third parties for marketing purposes.

With your explicit consent, we may share necessary information with other members of your healthcare team (e.g., therapists, GPs) to support your wellbeing.


VIII. Children and Safeguarding

We treat children from age 3 onwards, always with full parental/guardian consent. Safeguarding policies are in place to protect young clients. Children are never contacted or marketed to directly.

If you’d like to review these policies, please contact us at info@neuromassage.co.uk.


IX. Your Rights

You have the right to:

  • Access your personal data
  • Request corrections to inaccurate data
  • Request deletion of your data (subject to healthcare retention rules)
  • Withdraw consent at any time (where applicable)
  • Lodge a complaint with the ICO (Information Commissioner’s Office)

To exercise any of these rights, please email info@neuromassage.co.uk.


X. Cookies & Analytics

Our website uses basic analytics tools (e.g., Instagram Insights, website traffic stats) to understand engagement. We do not use invasive tracking or personalized ads.


XI. Third-Party Links

We may link to wellness resources, our founder’s newsletter (Gemma Eves), or affiliate websites. These have their own privacy policies, and we encourage you to review them independently.

 


Safeguarding Policy

Last updated: 12th May 2025

I. Our Commitment

At NeuroMassage Ltd, we are committed to providing a safe, respectful, and inclusive environment for all clients, including children, vulnerable adults, and those with additional needs. We take safeguarding seriously and follow all relevant UK legislation, including the Care Act 2014 and Children Act 1989/2004.


II. Who We Work With

We offer services to:

  • Adults, including those with disabilities, neurological conditions, or mental health challenges
  • Children and young people, when accompanied by a parent or legal guardian

III. Key Safeguarding Principles

  • We never treat a child without written consent from a parent/guardian.
  • All practitioners working with vulnerable clients must provide an up-to-date Enhanced DBS check.
  • Clear boundaries are maintained during sessions. Clients are fully informed about techniques used.
  • We follow the principle of “no secrets”: any disclosures of harm or risk will be handled appropriately, even without consent, if safety is at risk.

IV. Data Protection and Confidentiality

  • All client data is stored securely in compliance with GDPR.
  • Notes are kept for 7–8 years in line with UK healthcare regulations.
  • Only authorized team members have access to personal and medical information.
  • Information is only shared with third parties (e.g., other healthcare providers) with client consent, or where legally required to protect safety.

V. Responding to Concerns

If any safeguarding concern arises (e.g., abuse, neglect, inappropriate behavior):

  • We will follow our safeguarding response process.
  • If a client is in immediate danger, we may contact emergency services.
  • We will report concerns to local safeguarding authorities if needed.

VI. Training and Responsibilities

  • All staff and therapists receive regular safeguarding training.
  • The Designated Safeguarding Lead (DSL) is: Gemma Eves
  • Email: info@neuromassage.co.uk
  • Phone: [Insert if applicable]
  • Concerns or complaints can be reported confidentially to the DSL.

VII. Working with Children

  • Parents/guardians must be present or nearby during children’s appointments.
  • We never advertise services directly to children.
  • Our website and marketing are directed to adult decision-makers only.

VIII. Review of This Policy

This policy is reviewed annually or as legislation changes.