Privacy Policy
Please take the time to read through this information carefully.
Olive Tree Therapies respects and protects your privacy. This notice sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website at www.olivetreetherapies.com and me, André, the website owner. Furthermore, the way I use, store and protect any personal data I collect from you, or that you provide to me, will also be detailed within this notice.
1. The information I collect
When you book an appointment I collect personal details such as your name, email and telephone number. This information is used to identify you and contact you about the appointments and services you have booked.
To provide a safe and effective treatment I also need to collect information such as your medical background and lifestyle choices. I do this via a consultation form, hosted and stored by Google, which can be accessed here. The information collected in this form is only used to make sure your treatment is appropriate for you .
Whilst you use the website I also receive information about your computer such as your IP address, operating system and browser details. This information helps me provide a better website experience for you.
When you buy a gift voucher I collect personal details such as your name, email, recipient’s name and their email address. This information is used to identify you and provide the service you have requested.
If you are contacting me through Meta or any of its companies (such as Instagram) to book an appointment, I collect your name, email and phone number in order to get in touch with you to arrange that appointment.
When signing up/opting in to my newsletter via my website I collect your name and email in order to send you a newsletter for marketing purposes.
After your treatment, I will keep minimal, succinct and factual notes about your treatment and health which I review before each appointment in order to provide you with the best service possible.
2. Consent
When you provide me with your personal information in the course of booking an appointment, completing your consultation form, making a payment or contacting me about my services, you are giving your consent to me collecting that information and using it for that specific reason.
I will not use your personal information for any secondary reason, like marketing, unless you’ve given us consent to do so when opting in to my newsletter.
How do I withdraw my consent?
For the purpose of legal protection I am required to hold the personal information you have given to me in the consultation form, as well as notes about treatments provided to you for a period of five years.
Five years after your last treatment I will permanently delete all your personal information that I hold.
If you withdraw your consent during the five year retention period, I will archive your data until the five year period expires.
Whilst your information is archived, I will not access or process it in any way except if needed for legal protection or if I'm required to do so by law.
Should you wish to withdraw your consent at any time please email olivetreetherapies@gmail.com with your request.
How can I access, update or amend my personal information?
You have the right to review the personal information I store about you and your massage sessions at any time. These will be sent by email, in a Microsoft Word password protected document attachment. You also have the right to request I update or amend your data if it is incorrect.
To action any of these rights at any time please email olivetreetherapies@gmail.com with your request.
3. Disclosure
Unless required to do so by law, I will not otherwise share, sell or distribute any of the information you provide to me without your consent.
4. Data handling and storage
Your data is stored through Google, Trello and Facebook using their data storage facilities and databases, on secure servers which are always encrypted when in storage and whilst being transmitted across the internet. Two-step verification is enabled on all platforms to ensure the information held there is as secure as possible. Covid-19 disclosure forms are kept in a secure locked cabinet in the premises.
5. Payment
If you choose to pay for your massage with a debit or credit card your information will be passed to my payment processor iZettle or Stripe for card payments in person. I never store your credit card details, it is always processed by third-parties. It is encrypted through the Payment Card Industry Security Standard (PCI-DSS).
iZettle and Stripe adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
In general, the third-party providers I use will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information I am required to provide to them for your purchase-related transactions. For these providers, I recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in the UK and your transaction is processed by a payment gateway located in the United States, then your personal information used to complete that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
​
All direct payment gateways offered by Wix.com and used by their company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Once you leave my website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms & Conditions.
6. Third-party services
When you click links on my website, they may direct you away from our website. I am not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
7. Links
To protect your personal information, I take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, I follow all PCI-DSS requirements and implement additional generally accepted industry standards.
​
8. CCTV
The primary use of CCTV is to protect myself and clients who come for a treatment at Olive Tree Therapies. A single camera is installed in the hall for the purpose of detecting and preventing crime and harassment of any type. Your privacy is maintained in the therapy room where treatments take place. Signs will be displayed in the hall to inform clients that CCTV is in use. No images and information will be stored beyond those which are strictly required for the stated purpose of a surveillance camera system. ï‚· Access to retained images and information will be restricted to André Duarte only. Footage is not kept for more than 24 hours unless an incident takes place in which case it can be held indefinitly until passed on to Police Scotland. Audio and video recordings are triggered by motion sensors only which means recordings only happen when someone passes through the hall.
​
9. Security
I reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If I make material changes to this policy, I will notify you here that it has been updated, so that you are aware of what information I collect, how I use it, and under what circumstances, if any, I disclose it.
If this business is acquired or merged with another business, your information may be transferred to the new owners so that they may continue to provide you with the massage services you have requested.
10. Changes to this privacy policy
To request your information, or if you have any questions about how your information is collected, stored and used, please email olivetreetherapies@gmail.com
11. Questions and contact information
If, for any reason, you are unhappy with how I am handling your data, please raise your concerns with me first, so that we can seek a resolution. If you are still not satisfied, then you have the right to complain to the Information Commissioner’s Office (ICO).
12. Complaints
This information is collected by me in accordance with the guidelines set out in the General Data Protection Regulation (GDPR), Articles 6.1(b), 9.2(h) and 9.3.
Olive Tree Therapies is registered with the Information Commissioner's Office. Registration Reference: ZA76997.
I will never lease, distribute or sell your personal information to any third parties.
Legal basis for storing data
Contact
Olive Tree Therapies
20/2 North Junction Street
Edinburgh
EH6 6HN
Last updated: 8 April 2024
Previous updates: 31 October 2023