Serenity by Sophie

Privacy

Privacy Policy

Last updated: 21 May 2026

At Serenity by Sophie, I am committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how I, Sophie, a qualified massage therapist based in Barnack, Stamford, collect, use, store, and protect your personal data when you interact with my services through serenitybysophie.com, email, phone, or in-person bookings. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who I Am

Serenity by Sophie is a sole trader business operated by Sophie, offering Swedish massage therapy services in Barnack, Stamford. For data protection purposes, I am the data controller responsible for your personal information.

Contact Details: Email: info@serenitybysophie.com

2. What Information I Collect

I collect and process the following types of personal data to provide my massage therapy services:

  • Personal Details: Name, email address, phone number, and postal address (for billing purposes).
  • Health Information: Details of medical conditions, allergies, or other health-related information you provide during booking or consultation to ensure safe and tailored treatments.
  • Booking Information: Details of your appointments, including date, time, type of massage, and payment information.
  • Website Usage Data: Information collected automatically when you visit serenitybysophie.com, such as your IP address, browser type, and pages visited, using cookies or similar technologies (see Section 6).
  • Enquiry Data: Information you provide when contacting me via the website contact form, email, or phone.

3. How I Collect Your Information

I collect your personal data when you:

  • Book a massage session online via serenitybysophie.com.
  • Contact me through the website's contact form, email, or phone.
  • Provide health or personal details during a consultation call or in-person.
  • Make a payment for services.
  • Visit my website, where limited data may be collected via cookies (with your consent).

4. How I Use Your Information

I use your personal data for the following purposes, based on lawful grounds under the UK GDPR:

  • To Provide Services (Performance of a Contract): To process bookings, arrange consultation calls, personalise treatments, and deliver massage services.
  • To Ensure Safety (Legitimate Interests and Legal Obligation): To assess health information to ensure treatments are safe and appropriate.
  • To Communicate (Consent or Legitimate Interests): To respond to enquiries, confirm bookings, or send appointment reminders.
  • To Process Payments (Performance of a Contract): To handle payments and issue invoices.
  • To Improve My Website and Services (Legitimate Interests): To analyse website usage and improve user experience.
  • To Comply with Legal Obligations (Legal Obligation): To maintain records for tax or regulatory purposes.

I will only use your personal data for the purposes for which it was collected, unless I reasonably consider that I need to use it for another purpose compatible with the original purpose.

5. How I Share Your Information

I do not sell or share your personal data with third parties for marketing purposes. Your data may be shared only in the following circumstances:

  • Service Providers: With trusted third-party providers (e.g., payment processors or booking system providers) who assist in delivering my services. These providers are contractually obliged to protect your data and comply with UK data protection laws.
  • Legal Requirements: If required by law, such as to comply with a court order or regulatory authority.
  • Emergencies: To protect your health or safety, for example, sharing relevant health information with medical professionals in an emergency.

6. Cookies and Website Analytics

My website uses cookies and similar technologies to enable core functionality and, where enabled, to understand how visitors use the site. Cookies are small text files stored on your device.

Essential cookies

Necessary for the site to function — for example, keeping your booking session in progress as you move through checkout with Stripe, and maintaining the authenticated session on the admin area. Essential cookies do not require your consent and cannot be disabled without breaking the affected feature.

Analytics cookies — Google Analytics 4

When site analytics are enabled, the website loads Google Analytics 4 (provided by Google LLC) so I can understand how visitors find and use serenitybysophie.com. GA4 collects:

  • A pseudonymous client ID stored in your browser.
  • The pages you view and how long you spend on them.
  • Approximate geographic location (city level), derived from your IP address — Google anonymises the IP before storage.
  • Device, browser, and screen-size information.
  • The referrer that brought you to the site (e.g., a search engine or another website).

This data is used in aggregate to understand traffic patterns and improve the website. It does not contain your name, email, phone number, address, health information, or any other detail you submit through booking or contact forms. Analytics is switched off entirely on the admin area, so my own usage of the site does not appear in the statistics.

Legal basis: Consent under UK GDPR Article 6(1)(a) and Regulation 6 of the Privacy and Electronic Communications Regulations 2003 (PECR). You can withdraw consent at any time using the opt-out options below.

International transfers: Google processes some analytics data on servers in the United States. The transfer is covered by the EU–US Data Privacy Framework, to which Google LLC is certified, with Standard Contractual Clauses as a backstop.

How to opt out

  • Install Google's official Google Analytics Opt-out Browser Add-on — prevents GA4 from collecting data on any site you visit.
  • Block cookies for serenitybysophie.com in your browser settings — usually found under Settings → Privacy.
  • Use private/incognito browsing, which discards cookies when the session ends.

Disabling analytics cookies will not affect your ability to browse the site or book treatments.

7. How I Store and Protect Your Data

  • Storage: Your personal data is stored securely in password-protected systems, both digital (e.g., booking software) and physical (e.g., locked filing cabinets for paper records).
  • Security Measures: I use industry-standard measures, such as encryption for online transactions and secure servers, to protect your data from unauthorised access, loss, or misuse.
  • Retention: I retain personal data only for as long as necessary:
    • Booking and payment records: Up to 7 years to comply with tax and accounting obligations.
    • Health information: For the duration of our professional relationship or as long as necessary to ensure safe treatments.
    • Enquiry data: Up to 12 months, unless you book a service.
    • Website analytics: Google Analytics 4 retains event-level data for up to 14 months (the maximum GA4 allows), after which it is automatically deleted. Aggregated, anonymised reports may be retained beyond this.

After these periods, your data will be securely deleted or anonymised.

8. Your Data Protection Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data I hold about you.
  • Rectification: Ask me to correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data, subject to legal or contractual obligations.
  • Restriction: Request that I limit the processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests (e.g., analytics).
  • Data Portability: Request a copy of your data in a structured, commonly used format.
  • Withdraw Consent: Where processing is based on consent (e.g., marketing emails), you can withdraw consent at any time.

To exercise these rights, contact me using the details in Section 1. I will respond within one month, as required by law. There is no fee unless your request is manifestly unfounded or excessive.

9. International Data Transfers

As a UK-based business, I primarily store and process data within the UK. If any data is transferred outside the UK (e.g., via cloud-based booking systems), I ensure that appropriate safeguards, such as Standard Contractual Clauses, are in place to protect your data in accordance with UK GDPR.

10. Third-Party Links

My website may include links to third-party websites (e.g., payment processors). This Privacy Policy does not apply to those websites. I encourage you to review their privacy policies before providing personal information.

11. Changes to This Privacy Policy

I may update this Privacy Policy from time to time to reflect changes in my services or legal requirements. The updated policy will be posted on serenitybysophie.com with the "Last Updated" date. Significant changes will be communicated via email or a website notice.

12. Complaints

If you have concerns about how I handle your personal data, please contact me first using the details in Section 1. If you are not satisfied with my response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: www.ico.org.uk
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Contact Me

For any questions about this Privacy Policy or how I handle your personal data, please contact me:

Email: info@serenitybysophie.com