Privacy Policy – May 2018

Ann Waite (referred to as “I / me”), is a self-employed, mobile clinical aromatherapist and holistic massage therapist. I can be contacted by email at, by phone or text on 07866604168, or through my Facebook page at

The General Data Protection Regulation (GDPR) came into force on 25th May 2018.  Under GDPR, personal data is defined as:-

“any information relating to an identified or identifiable natural person (‘data subject’).  An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, or identification number, location date, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person.”

This Privacy Policy Notice tells you how Ann Waite (referred to as “I / me”) collects, processes and stores your personal data so that it is GDPR compliant.


I have a contract with all my clients.  When you book an appointment with me and I carry out your initial assessment, I need to collect personal information about you.  This includes your name, address, telephone number, medical history, lifestyle etc., in order that I can carry out the best possible treatment.  The fact that you have requested a treatment, and I have agreed to provide the treatment, constitutes a contract. You may of course refuse to provide me with this information, but failure to do this means that I am not able to provide you with a treatment.

I shall continue to process the information you provide to me until the contract between us ends, or is terminated by either party, or the date of the last treatment is over 8 years ago.

Legitimate Interest

Any personal data and information that I collect from you regarding your lifestyle and health is classed as legitimate interest.  I may process this information for the purpose of record keeping and I do not require your consent to retain this information, as it is required in order that I can provide you with a personalised, safe and effective treatment.  Also, the fact that I may contact you in order to confirm your appointment with me constitutes legitimate interest, but this time it is your legitimate interest.

Legal Obligation

The processing of your information is necessary in order that I comply with GDPR.  I have a legal obligation to retain your information/client records for the period of our relationship, and for the period required to comply with legal and professional obligations.  This is for a period of 8 years from the date of your last appointment.  After this period has expired, you may request that your records are deleted.  You can do this by contacting me by email.  If you do not make a request for your details to be deleted, I may choose to retain them so I can offer you the best possible treatment should you choose to book again in the future.

How is your Personal Information Stored?

It is important that your information is kept safe and secure in order to protect your confidentiality.  All your personal information is held in the strictest confidence.

Your consent forms are stored:-

  • Written paper records are kept in a locked cupboard in my house. The house is always locked when occupied and it is locked and alarmed when unoccupied.
  • Clients’ contact phone numbers are stored on my iPhone mobile device which is password protected, fingerprint i.d. protected and face i.d. protected. All reasonable steps are taken to prevent unauthorised access to my mobile device.

Your Rights as a Data Subject

At any point while I am in possession of, or processing your personal data, you, the data subject, have the following rights:-

  • Right of Access – you have the right to request a copy of the information that I hold about you. Please contact me if you wish to access your information.
  • Right of Rectification – you have a right to correct any data that I hold about you that may be inaccurate or incomplete.

Your Right to Complain

In the event that you wish to make a complaint about how I process your personal data, or you are not happy with my privacy policy, you have the right to complain.  Initial complaints should be addressed to me by email at

If you are not happy with my response / how I have handled your complaint, you have the right to lodge a complaint with the Information Commissioner’s Office (the ICO).  Their details are

Who Your Information is Shared With

Please be assured that I will not disclose, give, sell or transfer your information to anyone who does not need access without your written consent, unless required by law enforcement or statute.

I do not sent out marketing information such as offers, updates on treatments etc. directly to my clients.  Any information about these are posted on my Facebook page at

Use of Cookies on My Website

My website uses cookies.

Cookies are small text files that websites save locally to your computer, which allow sites to store and use information during your visit. They can improve your experience when using a website by:

  • Remembering preferences, so you don’t have to keep re-entering your choices when you visit again
  • Measuring how you use a site, so that changes can be made to ensure it meets your needs

None of our cookies used for our sites can be used to identify you personally. They are just used to help make the site better for you. To learn more about cookies and how to manage them, visit Read on to find out more about how we use cookies.

You can set your browser to refuse all cookies or to indicate when a cookie is being sent, however some website features or services may not function properly without cookies.


Thank you for reading my Privacy Policy and please rest assured that I am committed to ensuring your privacy is protected so as to comply with GDPR.  This Policy may be updated from time to time to ensure it is always accurate and up-to-date, and any changes made will be posted on this page.