Privacy Policy

Privacy Policy — Amori

Last updated: 19 January 2026

Amori (“I”, “me”, “my”) is committed to protecting your privacy and handling your personal data lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how your personal data is collected, used, stored, and protected when you:

  • Book or receive massage therapy services
  • Contact me
  • Use my website: amori.website

1. Who I Am (Data Controller)

Business name: Amori
Business type: Sole trader
Trading address: 54 Scotch Street, Dungannon, BT70 1BD, Northern Ireland
Email: contact@amori.website
Phone: 07770020068

For the purposes of data protection law, Amori is the Data Controller. As a sole practitioner, I personally manage all client and website data.

2. Personal Data I Collect

2.1 Client & Contact Information

  • Name
  • Phone number
  • Email address
  • Emergency contact details
  • GP details (where relevant for safety)

2.2 Health & Treatment Information (Special Category Data)

To provide safe and appropriate massage therapy, I collect and process health-related information, including:

  • Medical history and contraindications
  • Injuries, conditions, medications, and allergies
  • Treatment notes recorded after each session
  • Signed consultation and consent forms confirming that:
    • I do not diagnose medical conditions
    • Information provided is accurate and kept up to date
    • No sexual behaviour is permitted
    • I may refuse or stop treatment if it is unsafe or inappropriate

This information is classified as special category (health) data and is handled with enhanced safeguards.

2.3 Booking & Payment Information

  • Appointment dates and times
  • Attendance records
  • Payment method and amount

I do not store card details.

2.4 Website & Technical Data

When you visit my website, certain technical data may be collected via cookies and similar technologies, including:

  • Anonymised IP address
  • Pages visited
  • Time spent on pages
  • Traffic source
  • Interaction with website features (e.g. live chat)

Further details are provided in my Cookie Policy.

3. Lawful Basis for Processing

Under UK GDPR, I process personal data on the following lawful bases:

a) Contract

Where processing is necessary to provide massage therapy services that you have booked.

b) Legitimate Interests

Where necessary to:

  • Maintain accurate client records
  • Ensure treatments are safe and appropriate
  • Manage bookings and client communications
  • Improve my services and website

These interests do not override your rights and freedoms.

c) Consent

I rely on explicit consent for:

  • Processing health and medical information
  • Website analytics cookies
  • Marketing or advertising cookies (where applicable)

You may withdraw your consent at any time.

d) Legal Obligation

Where I am required to retain records for professional, insurance, or legal reasons.

4. How I Use Your Personal Data

Your personal data is used to:

  • Assess suitability for treatment
  • Provide safe, professional massage therapy
  • Maintain treatment and consultation records
  • Manage appointments and reminders
  • Process payments
  • Respond to enquiries
  • Improve my website and services
  • Comply with legal, regulatory, and insurance requirements

I do not use automated decision-making or profiling.

5. Website Cookies & Tracking

My website uses a consent management platform (CookieYes) that allows you to accept, reject, or customise cookies.

Cookies used may include:

  • Analytics cookies: Google Analytics 4, PixelYourSite
  • Marketing cookies: Facebook / Meta Pixel
  • Functional cookies: Chaty live chat

Non-essential cookies are only activated if you give consent.

Full details are available in my Cookie Policy on my website.

6. Third-Party Services

I may use the following third-party service providers:

Website & Analytics

  • Google Analytics (Google LLC)
  • PixelYourSite
  • CookieYes
  • Chaty live chat

Website Hosting

  • Fasthosts
  • WordPress

Payments

  • Bank transfer
  • Tide

Some third-party providers may process data outside the UK. Where this occurs, appropriate safeguards are in place in accordance with UK GDPR.

I do not sell, rent, or trade personal data.

7. Data Storage & Security

7.1 Storage

  • Client records are currently stored as paper files in a locked cabinet
  • Any future electronic records will be encrypted and access-restricted

7.2 Security Measures

  • Physical security of records
  • Access limited to me as sole practitioner
  • Professional indemnity and data protection insurance
  • Procedures for identifying and managing data breaches

8. Data Retention

I retain personal data only for as long as necessary:

  • Treatment notes & consent forms:
    • Adults: 10 years from last appointment
    • Minors: until age 27
  • Booking & appointment records: 7 years
  • Marketing data: Until consent is withdrawn (reviewed annually)

Once retention periods expire, data is securely destroyed (shredding or permanent deletion).

9. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate or incomplete data
  • Request erasure (where legally permitted)
  • Restrict processing
  • Object to processing
  • Withdraw consent at any time
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact: contact@amori.website

10. Complaints

If you have concerns about how your data is handled, please contact me first so I can try to resolve the issue.

If you remain dissatisfied, you may lodge a complaint with the Information Commissioner’s Office (ICO).

11. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect legal, regulatory, or operational changes.

The most recent version will always be available on my website.