Privacy Policy - Human Engineering Clinic

Privacy Policy- Breathe Treatments

1. Who We Are

Breathe Treatments is a UK-based specialist clinical massage and rehabilitation practice providing complementary, non-invasive therapeutic services, including sports and soft-tissue therapy, Manual Lymphatic Drainage (MLD), pregnancy-adapted massage, oncology-adapted massage, and rehabilitation-focused care.

Website: https://breathetreatments.com

Data Controller: Breathe Treatments

Contact Email: [email protected]

Telephone: +44 7306 631818

Location: United Kingdom

Breathe Treatments is the Data Controller for the purposes of UK data protection law.

2. Our Legal Duties

We process personal data in accordance with:

• UK General Data Protection Regulation (UK GDPR)

• Data Protection Act 2018

• ICO guidance

Given the nature of our services, we apply enhanced safeguards to health-related information.

3. Personal Data We Collect

a) Identity & Contact Data

• Name

• Email address

• Telephone number

• Booking and enquiry details

b) Health & Special Category Data

Where voluntarily provided and clinically necessary:

• Medical history relevant to treatment

• Pregnancy status

• Cancer history (current or previous)

• Injuries, symptoms, or diagnoses

• Medication information

This information is collected solely for clinical safety, assessment, and treatment adaptation.

c) Website & Technical Data

• IP address

• Browser and device data

• Cookies (see Cookies section)

4. Lawful Basis for Processing

We process data under the following lawful bases:

• Consent

• Performance of a contract

• Legitimate interests

• Legal obligation

• Explicit consent for special category (health) data under UK GDPR Article 9

Consent may be withdrawn at any time, subject to legal or clinical obligations.

5. How We Use Your Data

Your data is used to:

• Respond to enquiries

• Manage bookings and appointments

• Conduct clinical assessments

• Adapt treatments safely

• Maintain accurate client records

• Meet legal, insurance, and professional requirements

We do not sell or share your data for marketing purposes.

6. Data Sharing

Data may be shared only where necessary with:

• Website hosting and IT providers

• Booking and communication platforms

• Payment processors

• Legal, insurance, or regulatory bodies (if required)

All third parties are required to comply with UK GDPR standards.

7. Data Retention

• Enquiry data: up to 12 months

• Client treatment records: retained in line with professional and insurance requirements

• Financial records: retained in accordance with UK law

Data is securely deleted or anonymised when no longer required.

8. Cookies

We use essential and functional cookies to ensure website functionality. Analytics cookies may be used where appropriate.

Cookies can be managed through your browser settings.

9. Embedded Content

Pages may include embedded content (e.g. videos). Embedded content follows the privacy policies of the third-party provider.

10. Your Rights

You have the right to:

• Access your data

• Correct inaccuracies

• Request erasure (where applicable)

• Restrict or object to processing

• Withdraw consent

• Lodge a complaint with the ICO

Requests can be made using the contact details above.

11. Data Security

We apply appropriate technical and organisational measures to protect your data. Access is limited to authorised individuals only.

Updates

This policy may be updated to reflect legal or operational changes. The latest version will always appear on our website.