Privacy and Cookies Policy



This policy relates to Nicola Paton Massage Therapist and it details the type of data I may collect about you when you receive a treatment from me or visit my website.  This policy explains why I collect this data, how I store it and when I will destroy it.

This document also explains how cookies may influence your user experience on my website and third-party booking system.   

General Data Protection Regulation 2018

The introduction of the new General Data Protection Regulation (GDPR) in May 2018 outlines how businesses must collect data. To use my services, I must collect, use and hold some of your personal and contact data.  With the new GDPR 2018, you can refuse to give certain information, however please note that if you refuse to give certain information, your treatment may not go ahead.     

When do I collect your data?

  • When you book a treatment through the third-party booking system
  • When you complete a consultation form prior to your treatment
  • When you contact me with a query or feedback via email, telephone, social media or in person
  • When you complete any surveys or questionnaires that I generate

What data do I collect and how do I collect it?

I use third-party companies to support my business and these companies all have their own privacy policies that you are able to access.

  • Microsoft outlook for email

If you contact Nicola Paton Massage Therapist by email, I will access your email address and may request additional information such as you home address, telephone number and medical and health history.

  • My website host is ‘Wordpress’

If you get in contact through my website ‘contact form’, your full name and email address will be collected through my website host WordPress.  

  • Appointedd for booking treatments online 

If you book an appointment using Appointedd, I will ask for your full name, email address and telephone number.

  • Stripe for online payments 

If you make a payment via my Appointedd scheduling booking site, the third-party payment platform Stripe will be used to process and safely handle your payment.  You will be required to issue your personal data through their secure site, including payment details.  

  • Facebook, Instagram, MailChimp and SurveyMonkey for marketing/promotional purposes.

I may collect personal data from you when using SurveyMonkey and MailChimp including full name and email address

  • Consultation form and treatment records

You will be expected to complete a consultation form prior to your treatment and I will collect your name, home address, phone numbers, email address, your emergency contact details and your medical and health history.  Please note treatments will not go ahead if I am unable to collect and store this information. 

Treatment records are notes detailing what I have found during my assessments and what treatment I have given you. Please note treatments will not go ahead if I am unable to collect and store this information 

How do I use your data?

I only collect data that I consider essential, to allow me to:

  • Contact you for appointment confirmations and reminders 
  • Check that it is safe to treat you
  • Ensure I give you the most appropriate treatment for your needs
  • Compare my findings pre- and post- treatment

I may need to share your data with authorised legal, regulatory and insurance authorities.  For example, when a court order is submitted to share data with law enforcement agencies or a court of law, I am legally obliged to provide access to the personal data I have collected about you. 

How I protect your data

The security of my business is extremely important and I have done the utmost to ensure that the third-party companies that I use to support my business hold sufficient security procedures and protection. 

All consultation forms and treatment records are kept secure in a locked file. Only I have access to these records and I take all appropriate steps to protect the confidentiality of your data.  

How long will I keep your data?

I am required by my Insurance Policy to take and retain client records for at least 7 years following the last date on which a treatment was given. In the case of a treatment to a minor, records will be kept for 7 years after they reach the age of majority (18). 

After 7 years following the last date on which your treatment was given, I will destroy all of your records by shredding them.

Who do I share your data with? 

Other that the companies above who support my business I DO NOT share or sell your personal data to any other third-party company.   


I will only share photography and videography if you have given me permission to do so. 

Your rights under GDPR 2018

It is my understanding that you have the right to:

  • Access your personal data that I hold about you
  • Object to the processing of your personal data
  • Restrict the processing of your personal data
  • Rectify your personal data
  • Erase your personal data
  • Receive a copy of your personal data

I may be unable to fully meet the above request, for example if you make a request for me to delete all your personal data, I may be required to retain some data for taxation, legal, regulatory and insurance purposes.  


Cookies are small text files that are placed on your computer to help this website provide a better user experience.  As a rule, cookies will make your browsing experience better.  

The purpose of cookies:

Security – I use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect my website

Analysis – I use cookies to help me to analyse the use and performance of my website (cookies used for this purpose are Google Analytics). These cookies collect information about how visitors use the website, for instance which pages visitors go to most often, and if they get error messages from web pages.  These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how the Website works.

Cookie consent – I use cookies to store your preferences in relation to the use of cookies more generally.  These cookies improve your experience. 

Social media – I use cookies so you can easily like and share my content on social media. These cookies allow third parties to track the success of their application or customise the application for you. Due to the way cookies work I am unable to access these cookies, nor can the third parties access the data in cookies used on my site 

Contact Information

If you have any questions regarding the use of your data and/or your individual rights, please contact Nicola Paton on 07999442607 or  

To find out more information regarding the GDPR and to make any complaints, please visit the governing body website at