Privacy Policy
Transformational Bodywork
Dr. Phillip Nash
Last updated: 15 June 2026
Who I am
I am Dr. Phillip Nash, sole proprietor of Transformational Bodywork, a deep-tissue meditative bodywork practice. My website is transformationalbodywork.co.uk.
You can contact me at:
Email: Phill@transformationalbodywork.co.uk
Phone: +44 07343070301
Address: c/o 31 Albemarle Avenue, Hartford, Cheshire, CW81HU
What this policy covers
This privacy policy explains what personal information I collect when you use my website, enquire about my services, or receive treatment, how I use that information, and what rights you have in relation to it.
What personal data I collect and why
When you enquire about my services
I collect your name, email address, and phone number so that I can respond to your enquiry and arrange appointments. The lawful basis for this processing is legitimate interests -- you have contacted me and would reasonably expect a response.
When you book and attend sessions
I collect:
Contact details -- name, email address, phone number, and postal address. I use these to manage appointments, send appointment confirmations and reminders, and follow up after sessions.
Health and medical information -- details about your current health, medical history, injuries, medications, and any conditions that may affect treatment. This is special category data under UK GDPR. I collect it because I need it to provide safe and effective treatment. I will ask for your explicit consent before collecting this information, and you can withdraw that consent at any time.
Session notes -- records of what was covered in each session, areas of the body worked on, and your responses. I keep these to ensure continuity between sessions and to track your progress.
Emergency contact details -- in case of a medical emergency during a session.
Payment information -- records of payments made for services. I do not store card numbers or bank account details.
The lawful basis for processing your contact details and payment information is legitimate interests -- it is necessary for the normal running of the practice, and you would reasonably expect me to keep these records.
The lawful basis for processing your health and medical information is explicit consent (UK GDPR Article 6(1)(a) and Article 9(2)(a)). I will ask you to sign a consent form before your first session. You may withdraw your consent at any time by contacting me, though this may mean I am unable to continue providing treatment.
When you visit my website
My website may use cookies to help it function properly and to understand how visitors use the site. [If you use analytics, add: I use [e.g. Google Analytics / no analytics] to understand how people find and use my website. This data is anonymised and cannot be used to identify you personally.]
When you provide a testimonial
If you give me a testimonial, I will only publish it with your explicit permission. I will use only your first name unless you agree otherwise. You can ask me to remove your testimonial at any time.
Who I share your data with
I do not sell or share your personal data with third parties for marketing purposes.
I may share your information with:
HMRC -- financial records as required by tax law.
My insurance provider -- if a claim or complaint arises relating to your treatment, I may need to share relevant information with my professional indemnity insurer.
Other health professionals -- only with your explicit consent and only where it would benefit your care (for example, if you ask me to liaise with your GP or another therapist).
How I store and protect your data
I take the security of your personal data seriously. Measures I use include:
Electronic records are stored on password-protected devices with up-to-date security software.
Paper records (if any) are kept in locked storage.
Session notes are stored securely and access is restricted to me alone.
I use a separate business email account for client communications.
How long I keep your data
Client health and session records: 8 years after your last appointment, in line with professional body guidance for clinical records.
Contact details for enquiries that do not lead to treatment: 12 months, then securely deleted.
Financial and payment records: 6 years, as required by HMRC for tax purposes.
Testimonials: Until you ask me to remove them.
I review retained data periodically and securely delete information that is no longer needed.
Your rights
Under UK GDPR, you have the right to:
Access your personal data -- you can ask me for a copy of the information I hold about you.
Rectification -- you can ask me to correct any information that is inaccurate or incomplete.
Erasure -- you can ask me to delete your personal data, subject to any legal obligations I have to retain it (such as tax records).
Restrict processing -- you can ask me to limit how I use your data in certain circumstances.
Data portability -- you can ask for a copy of your data in a commonly used, machine-readable format.
Object -- you can object to my processing of your data where I am relying on legitimate interests as my lawful basis.
Withdraw consent -- where I am relying on your consent (for health data), you can withdraw it at any time. This does not affect the lawfulness of any processing carried out before you withdrew consent.
To exercise any of these rights, contact me using the details at the top of this policy. I will respond within one month.
Complaints
If you are unhappy with how I have handled your personal data, please contact me first so I can try to resolve the issue.
If you remain dissatisfied, you have the right to complain to the Information Commissioner's Office (ICO):
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Changes to this policy
I may update this privacy policy from time to time. Any changes will be posted on this page with an updated date. I encourage you to review this policy periodically.