top of page

Amaya Healing customer privacy notice

Registered name: Realm Consilium Limited

​

We are the controller of your personal data. For more information on controllers and their responsibilities please see our guidance on data protection principles, definitions, and key terms.

This privacy notice tells you what to expect us to do with your personal information.

  • Contact details

  • What information we collect, use, and why

  • Lawful bases and data protection rights

  • Where we get personal information from

  • How long we keep information

  • How to complain

 

Contact details

 

Telephone: 07852765998

Email: nilam@amayahealing.co.uk

​

What information we collect, use, and why

 

We collect or use the following information to provide therapy/therapies to patients:

  • Name, address and contact details

  • Date of birth

  • Next of Kin details including any support networks

  • Emergency contact details

  • Health information (including medical conditions, allergies, medical requirements and medical history)
     

We also collect the following special category information to provide patient therapy / therapies.

This information is subject to additional protection due to its sensitive nature:

  • Health information
     

Lawful bases and data protection rights

Our lawful bases for the collection and use of your data

​

Our lawful bases for collecting or using personal information to provide patient care, services, pharmaceutical products and other goods are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
     

Where we get personal information from

  • Directly from you
     

How long we keep information

Your information is held for seven years.
 

For more information on how long we store your personal information or the criteria we use to determine this please contact us using the details provided above.
 

Duty of confidentiality

We are subject to a common law duty of confidentiality. However, there are circumstances where we will share relevant health and care information. These are where:
 

  • you’ve provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses);

  • we have a legal requirement (including court orders) to collect, share or use the data;

  • on a case-by-case basis, the public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime);

  • If in England or Wales – the requirements of The Health Service (Control of Patient Information) Regulations 2002 are satisfied; or

  • If in Scotland – we have the authority to share provided by the Chief Medical Officer for Scotland, the Chief Executive of NHS Scotland, the Public Benefit and Privacy Panel for Health and Social Care or other similar governance and scrutiny process.

 

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
 

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:      
    

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
 

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

GDPR & Privacy Policy

​

Amaya Healing
Website: www.amayahealing.co.uk
Last updated: February 2026

​

1. Introduction
 

Amaya Healing is committed to protecting your personal data and respecting your privacy. This policy explains how we collect, use, store, and protect your personal information in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)

  • The Data Protection Act 2018

  • Guidance from the Information Commissioner’s Office (ICO)

  • Professional standards and ethical requirements of the Federation of Holistic Therapists (FHT) and the Association of Reflexologists (AoR)

This policy applies to personal data collected via our website, email, phone, online booking systems, and during treatments or consultations.

​

2. Data Controller

​

Amaya Healing is the data controller responsible for your personal data.

If you have any questions about this policy or how your data is handled, you can contact us via the details provided on our website.

​

3. Personal Data We Collect

We may collect and process the following types of personal data:

​

a) Identity and Contact Information

  • Name

  • Email address

  • Telephone number

  • Postal address (if required for invoicing or records)
     

b) Health and Special Category Data

As a complementary therapy practice, we may collect sensitive health information, including:

  • Medical history

  • Current health conditions

  • Treatment notes and progress records

  • Consent forms
     

This data is classified as special category data under UK GDPR and is handled with enhanced confidentiality and security.

​

c) Website and Technical Data

  • IP address

  • Browser type and version

  • Pages visited and time spent on the website

  • Cookies (see Section 10)
     

4. Lawful Basis for Processing

We process personal data only where we have a lawful basis under UK GDPR:

  • Consent – for health data, treatment records, and marketing communications

  • Contract – to provide therapy services you have requested

  • Legal obligation – for insurance, tax, and professional record-keeping requirements

  • Legitimate interests – for basic administration and service improvement (without overriding your rights)
     

Health data is processed under Article 9(2)(a) UK GDPR with your explicit consent and in line with FHT and AoR ethical guidelines.

​

5. How We Use Your Data

We use your personal data to:

  • Provide safe and effective treatments

  • Maintain accurate client records

  • Communicate with you about appointments and services

  • Process payments and maintain accounts

  • Meet legal, insurance, and professional obligations

  • Improve our services and website
     

We do not sell, rent, or trade your personal data to third parties.
 

6. Data Storage and Security

Amaya Healing takes appropriate technical and organisational measures to protect your data, including:

  • Secure password-protected digital records

  • Locked storage for any paper records

  • Access restricted to authorised persons only

  • Secure devices and encrypted backups where applicable
     

Data is stored within the UK or in systems compliant with UK GDPR.

​

7. Data Retention

We retain personal data only for as long as necessary:

  • Client records are typically retained for 7 years after the last appointment (or until age 25 for children), in line with insurance and professional body guidance

  • Financial records are retained for 6 years as required by HMRC

  • Marketing data is retained until consent is withdrawn
     

After the retention period, data is securely deleted or destroyed.

​

8. Sharing Your Data

Your data may only be shared when necessary:

  • With professional insurers

  • If legally required by law enforcement or regulatory authorities

  • With professional bodies (FHT or AoR) in the event of a complaint or investigation
     

All third parties are required to respect data confidentiality and comply with UK GDPR.

​

9. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure of your data (where applicable)

  • Restrict or object to processing

  • Withdraw consent at any time

  • Data portability

  • Lodge a complaint with the ICO
     

Requests can be made in writing and will be responded to within one month.

​

ICO contact details:
Information Commissioner’s Office, www.ico.org.uk
 

10. Cookies

Our website may use cookies to enhance user experience and analyse website traffic.

You can control or disable cookies through your browser settings. For more information, please refer to our Cookie Policy (if applicable).
 

11. Third-Party Links

Our website may contain links to external websites. Amaya Healing is not responsible for the privacy practices or content of third-party sites.

​

12. Updates to This Policy

We may update this policy from time to time to reflect changes in law, guidance, or our practices. The latest version will always be available on our website.

​

13. Contact

If you have any questions about this GDPR & Privacy Policy or how your data is handled, please contact Amaya Healing via the contact details on our website.

​

This policy is written in accordance with UK GDPR, ICO guidance, and the ethical and professional standards of the Federation of Holistic Therapists (FHT) and the Association of Reflexologists (AoR).

bottom of page