At Origo Mobile Massage Therapy we respect your privacy and protect your personal information.
This statement explains when and why we collect personal information from those who visit our website, how we use it and keep it safe.
We can update this statement from time to time, so please read it regularly to be happy with our privacy policy.
If you have any questions about this statement, please contact us at info@origotherapy.com.
Our privacy promise
We make transparent what information we collect and for what purpose.
We use the data as described in our Privacy Statement.
We use the information to provide you with the best service.
We respect your rights.
Origo Mobile Massage Therapy is the data controller during any management of data.
Personal information we collect and use
Personal Information is the information that is used to identify you, such as your name and contact details.
If you make a booking with Origo Mobile Massage Therapy, we may need the following information:
– Name, address, email address, telephone number, payment details.
Using your personal information
We may use your personal data in order to
– complete your order,
– send you information about your order,
– fulfill our administrative responsibilities.
Information you must provide
Entering your name, address, phone number, email address, and payment details is essential for the booking process.
Origo Mobile Massage Therapy will only use the data you provide if it has a legal basis. Based on EU data protection regulations, legal basis can be:
– the need to complete your order,
– the legal obligation of Origo Mobile Massage Therapy,
– your consent to Origo Mobile Massage Therapy use your data.
Duration of personal data storage
We will use your personal information as long as we need it for the purpose of organizing and completing your order. We may need the data during the accounting processes, so we need to keep them for the time specified by the UK tax laws.
Once there is no law or business need for the data, they will be deleted under secure conditions.
Publication of your personal data outside the EEA
We will not disclose your personal information outside the European Economic Area (EEA).
Your rights
Under the Privacy Policy currently in force in Great Britain, you are entitled to several important, free rights. You can learn more about these in the UK Information Commissioner’s Office (ICO).
If you want to live with any of these, you can email us at info@origotherapy.com.
Safe storage of your personal information
We store the information you provide securely to prevent any unauthorized access and use. Only those authorized to access your data. All data we request will be handled in accordance with the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulation (GDPR).
General Data Protection Regulation (GDPR)
The General Data Protection Regulation is a European data protection legislation designed to replace and strengthen the ‘1995 EU Data Protection Directive’ as well as unify these standards across the European Union.
This regulation aims to give consumers greater control over their personal data. It does this by increasing fines for companies that do not take the security of their customers’ data seriously, up to 20 million Euros or 4% of turnover, and by increasing consumers rights to access the data companies hold on them.
The General Data Protection Regulation became law on 25th May, 2018 and applies to any company who stores or processes the personal data of an EU citizen.
When you use our service, we store your personal data on our servers. This allows us to operate our website, issue you documentation for your journey and ensure your travel runs smoothly. This classes us, Airport Transfer Edinburgh, as a ‘data controller’ and a ‘data processor’, you as a customer or passenger of Airport Transfer Edinburgh are a ‘data subject’, although you may also be acting as a ‘data controller’ especially if you are booking on behalf of someone else. As a data controller, you may need to take steps yourself in order to comply with General Data Protection Regulation requirements.
As a data controller, you should ensure you’re compliant with the GDPR. We recommend you contact a legal professional to find out how the GDPR legislation will affect your organization. The ICO recommends taking the 12 steps below:
1. Awareness. You should make sure that decision makers and key people in your organization are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.
2. Information you hold. You should document what personal data you hold, where it came from and who you share it with. You may need to organize and information audit.
3. Communicating privacy information. You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementations.
4. Individuals’ rights. You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
5. Subject access requests. You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
6. Lawful basis for processing personal data. You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.
7. Consent. You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
8. Children. You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.
9. Data breaches. You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
10. Data protection by Design and Data Protection Impact Assessments. You should familiarize yourself now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organization.
11. Data protection officers. You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organization’s structure and governance arrangements. You should consider whether you are required to formally designate a Data Protection Officer.
12. International. If your organization operates in more than one EU member state (i.e. you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you do this.
What we are doing to be GDPR compliant: Origo Mobile Massage Therapy takes data protection seriously. We practice many guidelines to protect your data.
We regularly review our Data Protection Policies and make sure that everyone is familiar with the protocol.
Please review our Terms and Conditions, our Privacy Policy and our Cookie Policy to get a better picture about how we use your data.
The GDPR has expanded consumers’ right of access to their data, as well as the removal/deletion of records. There are however some legal limitations placed on us that could limit our ability to comply with your request. these may include our licensing authority’s requirement that we store 1 year of full journey records or our obligation to store transaction records for 6 years from the end of the last financial year they relate to.
Origo Mobile Massage Therapy is committed to be fully compliant with these regulations.
Complaints
We look forward to hearing your opinion, helping you and finding a solution together. In case of any request or concern, please contact us at the email address below.
Email: info@origotherapy.com
This Privacy Statement was updated on the 12th of December, 2023.