Privacy Notice

This is Lee Thornhill Massage Therapies, and my website address is:

Trading address: 63 Harbour Road, Bournemouth BH6 4NE.
Tel: 07729 492295. Email:

Website cookies

 My website uses no cookies of any kind


The GDPR (General Data Protection Regulation) of 25 May 2018 is the legal regulation that has been put in place to safeguard an individual’s personal information. The GDPR is an EU-wide directive that all UK businesses are required to comply with.

The following privacy notice details the lawful basis for Lee Thornhill Massage Therapist (I/me) to collect, store and use client’s personal data, the type of personal data that I hold about my clients, why that information is required, who it is shared with, and how that data is used and protected. You will also find information about the rights an individual has in terms of access to that data and about any requests for data held to be amended or deleted.

Why I collect personal data

The lawful basis by which I collect, store and use personal data is under Special Category Data: Health.

If you become a client I will require information about your current health and your medical history in order to provide you with the best possible course of treatment and advice.

I will also collect and store your contact details in order to liaise with you in relation to your treatment and appointments.

The personal data I collect will include but may not be limited to your:

  • name, home address, email address and telephone number
  • date of birth
  • occupation
  • emergency contact or next of kin details
  • health conditions including allergies, medication and doses, history of past and current injuries, operations and illnesses
  • GP surgery details and other body treatments currently and previously received
  • lifestyle information covering an overview of exercise, diet, sleep patterns and stress levels
  • information describing your current physical state, such as aches, pains and tension
  • treatment details and assessment notes which will be recorded after each treatment
  • diarised records of appointment times

If you object to the collection and use of such personal data in this way I may be unable to provide yiou with a service.

I am a registered Manual Lymphatic Drainage (MLD) therapist with MLDuk and trained in Holistic Massage therapy at the Devon Academy certified by ITEC, and I abide by these associations’ codes of conduct and confidentiality requirements.

How I collect personal data

I will collect personal data when you first contact me to enquire about my services or to arrange an appointment for a consultation (whether by telephone, email or through the website enquiry form) and upon your first visit for a treatment or consultation when you complete the client intake form. 

By signing the client intake form you consent to my storing and using your personal data in order to communicate with you by telephone, text or email regarding your appointments and treatments with me. This communication may also include the occasional marketing/promotional update on my services and availability.

I am a registered Manual Lymphatic Drainage (MLD) therapist with MLDuk and trained in Holistic Massage therapy at the Devon Academy certified by ITEC, and I abide by these associations’ codes of conduct and confidentiality requirements.

How long I store personal data

For insurance purposes I am required to keep your personal data for a period of 7 years after your last treatment. Your data will not be transferred without your consent.

Once every two years, I will review all client records and destroy any that are no longer bound by the regulated legal timescale for such records to be held.

Secure storage of personal data

I am committed to ensuring that your information is secure.

In order to prevent unauthorised access or disclosure, suitable physical, electronic and managerial procedures have been put in place to safeguard and secure the personal data that is collected both online and on paper.

The health and personal data gathered is held on paper Client Intake forms and paper treatment notes and is stored securely in a locked filing cabinet in a locked therapy studio. Due to the nature of my business I retain paper based personal data and as such, have a duty to ensure that it is disposed of in a secure, confidential and compliant manner.

Only your name, phone number and/or email address is held electronically, on a password-protected smartphone and password-protected personal computer.

In the event of a data breach

In the event of a data breach which consists of a breach of security leading to destruction, loss, alteration, unauthorised disclosure of or access to personal data, and which is likely to result in a risk to the rights and freedoms of individuals, I will notify both the UK Information Commissioner’s Office (ICO) and  those concerned directly and without delay.

Your individual rights

Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data is held relating to them, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.

These rights are known as Individual Rights under the Data Protection Act 2018 and comprise of the following:

  • The right to be informed about the personal data being processed;
  • The right of access to your personal data;
  • The right to rectification if there is something incorrect or incomplete;
  • The right to erasure of your personal data;
  • The right to limit how the information is used or shared;
  • The right to portability; under certain circumstances a copy of electronically held information can be requested so it can be reused in other systems;
  • The right to object if there are certain parts of an individual’s information that they do not want used or to be used only for certain purposes;
  • Rights in relation to automated decision-making and profiling;
  • The right to lodge a complaint with the Information Commissioner’s Office (ICO). An individual can complain to the ICO if the individual feels the information held is incorrect, is not being used in the way permission was granted for, or if information is being held unnecessarily.

Full details of Individual rights can be found at the ICO website:


If you are dissatisfied with any aspect of the way in which I process your personal data please contact me, Lee Thornhill, at the above address.

You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO).  The ICO many be contacted via its website at or by calling their helpline on 0303 123 1113.

Additional notes

If an individual does not agree to my processing your personal data as described above, or to records about an individual and treatment provided, then it may not be possible for me to provide a service.

Additionally, massage therapists are obliged to keep records of treatment for a specific period of time as described above which may mean that I might be bound to keep a client’s personal data until the time period has elapsed, even if an individual should request it be erased.

Privacy notice published 26th November 2020