Skip to main content
Legal

Privacy
Policy

How we collect, use and protect your personal information.

Last updated: 8 June 2026

This policy explains how MASG Therapy ("we", "us", "our") handles your personal data when you visit www.masgtherapy.co.uk, contact us, or attend a treatment. We are committed to protecting your privacy and handling your information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

MASG Therapy is a sports massage practice operated by Missy Gillespie. We are the data controller responsible for your personal data.

2. What information we collect

Depending on how you interact with us, we may collect:

  • Enquiry details — when you use our contact form we collect your name, email address, phone number (optional), the treatment you're interested in, and anything you write in your message.
  • Booking details — when you book online through our Square Appointments widget, Square collects your name, contact details and appointment information, and processes any payment. See section 5.
  • Health information — before treatment we ask you to complete a consultation/health form covering injuries, medical history, lifestyle and problem areas. This is special category data (data about your health) and we treat it with extra care.
  • Website usage data — like most websites, we use analytics to understand how visitors use the site (e.g. pages viewed, device type, approximate location). See our Cookie Policy.

3. How we use your information & our lawful basis

To respond to your enquiries and arrange appointments — on the basis of taking steps at your request before entering a contract, and our legitimate interest in running the practice.
To provide your treatment safely and keep clinical records — on the basis of the provision of health care (UK GDPR Article 9(2)(h)) and your explicit consent for handling your health data.
To take payment and meet our accounting and tax obligations — on the basis of contract and legal obligation.
To improve our website using analytics — on the basis of your consent, which you can withdraw at any time.

We do not use your information for automated decision-making or profiling, and we will never sell your data.

4. Marketing

We will only send you marketing messages (for example, offers or aftercare tips) if you have asked us to, and you can opt out at any time by replying to any message or contacting us. Responding to your enquiry or managing your appointment is not marketing.

5. Who we share your information with

We never sell your data. We only share it with trusted service providers ("processors") who help us run the practice, and where the law requires it. These include:

  • Square — our online booking and payment provider. Square processes your booking and card details under its own privacy policy.
  • Web3Forms — delivers contact-form submissions to our email inbox. See the Web3Forms privacy policy.
  • Google — for website analytics (Google Analytics) and the embedded map (Google Maps). See Google's privacy policy.
  • Email provider (Google / Gmail) — we receive and store your enquiries in our business inbox.

Some providers may process data outside the UK. Where they do, appropriate safeguards (such as UK approved standard contractual clauses or adequacy decisions) are in place to protect your information.

6. How long we keep your information

  • Clinical / treatment records are kept in line with our insurer's and professional requirements — typically 7 years after your last appointment (longer for clients under 18, until they reach age 25).
  • Enquiries that don't lead to a booking are kept for up to 12 months, then deleted.
  • Financial records are kept for at least 6 years to meet HMRC requirements.

7. Your rights

Under UK data protection law you have the right to:

  • Access the personal data we hold about you
  • Ask us to correct inaccurate or incomplete data
  • Ask us to delete your data (where we're not legally required to keep it)
  • Restrict or object to how we use your data
  • Request a copy of your data in a portable format
  • Withdraw consent at any time, where we rely on consent

To exercise any of these rights, email us at Masgtherapy@gmail.com. We will respond within one month. There is normally no charge.

8. Cookies

Our website uses cookies and similar technologies. For full details of what we use and how to control them, please see our Cookie Policy.

9. How we protect your information

We take appropriate technical and organisational measures to keep your data secure, including limiting access, using reputable providers and storing clinical records securely. No method of transmission over the internet is 100% secure, but we work to protect your information at all times.

10. Complaints

If you have a concern about how we handle your data, please contact us first so we can put things right. Our full Data Protection Complaints Procedure explains how to complain and what we'll do — we acknowledge complaints within 30 days and respond as soon as possible. You also have the right to complain to the UK supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113

11. Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with a revised "last updated" date.