Now offering late afternoon/early evening slots once a week.

Sole to Soul Wellbeing
Sole to Soul Wellbeing
  • Home
  • About
  • FAQs
  • ClientReviews
  • Contact
  • WellbeingWonderings
  • More
    • Home
    • About
    • FAQs
    • ClientReviews
    • Contact
    • WellbeingWonderings
  • Home
  • About
  • FAQs
  • ClientReviews
  • Contact
  • WellbeingWonderings

Privacy Policy: Sole to Soul Wellbeing reflexology medstead

Privacy Policy – Sole to Soul Wellbeing Reflexology, Medstead -Last updated: 4th June 2026

1. Who I Am / I am Jo Simmonds, Reflexologist and owner of Sole to Soul Wellbeing, based in Medstead, Hampshire, UK. Email: soletosoulwellbeing@hotmail.comWebsite: www.soletosoulwellbeing.co.uk

I am a qualified Reflexologist and a member of the Association of Reflexologists (AoR). I am registered with the Information Commissioner’s Office (ICO) as a Data Controller. ICO Registration Number: ZB396037
2. The Information I Collect / To provide safe and effective reflexology treatments, I may collect:

Personal details: Name · Address · Email · Phone number · Emergency contact

Health information (special category data): Medical history · Medication · Symptoms or conditions · Lifestyle information · GP details · Treatment notes and progress records · Signed consent forms

Booking and communication: Appointment details · Messages you send me · Marketing preferences (if you opt in) Website information: Cookies and analytics data (see Cookie Policy)

Payment information: If you pay using SumUp, basic payment details (amount, date, last 4 digits of card) are processed securely by SumUp. I do not store or have access to your full card details.

3. Why I Collect Your Information / I collect your information to:

  • Provide safe, personalised reflexology treatments
  • Understand your health needs
  • Keep accurate treatment records
  • Contact you about appointments
  • Send newsletters or wellbeing updates (only if you opt in)
  • Meet insurance and professional requirements
  • Maintain safety and safeguarding where necessary

My lawful basis for processing your data

Under UK GDPR, I rely on:

  • Article 6(1)(b) – to provide reflexology treatments (performance of a contract)
  • Article 6(1)(f) – legitimate interests (professional record keeping, safety)
  • Article 6(1)(a) – consent (for marketing emails)

Special category data (health information)

I rely on:

  • Article 9(2)(a) – your explicit consent     to collect and use your health information

Safeguarding: If there is a genuine concern for your safety or wellbeing, I may share relevant information with appropriate services under recognised legitimate interests (DUAA 2025).

4. How Your Information Is Used

I use your information to:

  • Provide safe, personalised reflexology treatments
  • Understand your health needs
  • Keep accurate treatment notes
  • Contact you about appointments or essential updates
  • Send newsletters or wellbeing updates (only if you opt in)
  • Meet insurance and regulatory requirements

I do not sell or share your information for marketing purposes.

5. Who Your Information Is Shared With / I only share your information when necessary and appropriate:

  • Jotform –      secure client intake forms
  • GoDaddy –      website hosting and analytics
  • Email provider – appointment messages
  • SumUp –      secure processing of card payments
  • Safeguarding or emergency services – only if there is a serious risk to life or wellbeing

International transfers:  Some services I use may store data outside the UK. When this happens, appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place to protect your information. I do not share your information with anyone else unless legally required.

6. How Long I Keep Your Information / In line with AoR and insurance requirements:

  • Adults: 7      years from the date of your last treatment
  • Children: Until      age 25
  • Marketing consent: Until you withdraw it
  • Enquiry emails: Kept for 12 months before deletion
  • Website analytics: As per cookie durations listed in the Cookie Policy

After this time, your information is securely deleted or destroyed.

7. Your Rights / You have the right to:

  • Access the information I hold about you (Subject Access Request)
  • Ask for corrections if something is inaccurate
  • Request deletion of your data (unless I must keep it for insurance      or legal reasons)
  • Withdraw consent for marketing at any time
  • Withdraw consent for me to hold your health information (although I      may still need to retain treatment records for insurance or legal reasons)
  • Restrict or object to certain types of processing
  • Data portability – to receive your data in a structured, commonly used format
  • Make a data protection complaint (see section 8)

How to make a Subject Access Request (SAR) Email: soletosoulwellbeing@hotmail.comI will respond within one month, as required by UK GDPR. If your request is complex, I may extend this by up to two further months and will let you know.

8. How to Make a Data Protection Complaint / If you ever have a concern about how your personal information has been handled, you can contact me directly. Email: soletosoulwellbeing@hotmail.comPhone: 07502 905409

I will:

  • Acknowledge your complaint
  • Investigate promptly
  • Keep you informed
  • Provide a clear outcome
  • Explain any steps taken to resolve the issue

If you are not satisfied, you may escalate your concern to the Information Commissioner’s Office (ICO):

www.ico.org.uk 0303 123 1113  Under the Data (Use and Access) Act 2025, clients are encouraged to raise their concern with me first, but you may contact the ICO at any time.

9. Cookies and Website Analytics / My website uses cookies to help it function and to understand how visitors use it. You can:

  • Accept or reject non‑essential cookies
  • Change your preferences at any time
  • Read more in my Cookie Policy

Non‑essential cookies are not set until you give consent.

10. How Your Information Is Stored and Protected / Your information is stored securely using:

  • Password‑protected devices
  • Encrypted platforms (e.g., Jotform)
  • Two‑factor authentication where available
  • Secure website hosting
  • Locked storage for any paper notes
  • Limited access (only me)

Data breach procedure / If personal data is ever lost, accessed unlawfully or compromised, I will:

  • Assess the nature and severity of the breach
  • Take immediate steps to secure your information
  • Notify the ICO within 72 hours if required
  • Notify you directly if there is a high risk to your rights
  • Keep a record of the breach
  • Review and improve security measures

11. Updates to This Policy /This Privacy Policy may be updated from time to time to reflect changes in law or practice. The latest version will always be available on my website.

Last updated: 4th June 2026

Copyright © 2017 - 2026 Sole to Soul Wellbeing - All Rights Reserved. 

Powered by GoDaddy

  • Home
  • About
  • FAQs
  • ClientReviews
  • WellbeingWonderings
  • Privacy Policy
  • Cookie Policy

This website uses cookies.

This website uses cookies to ensure it functions correctly and to help me understand how it’s used. You can accept all cookies or manage your preferences. 

DeclineAccept