Privacy & GDPR Notice

Last updated: June 2026

Stroud Complementary Therapies is committed to protecting your privacy. This notice explains what personal data we collect when you use this website and book treatments, how it is used, and your rights under UK data protection law.

Who is responsible for your data

The data controller is Jennifer Kate Donovan, a sole trader trading as Stroud Complementary Therapies. You can contact us about your data on 07884 497073 or at Stroudct@outlook.com. Our business address is available on request.

What we collect

If you register an account you provide your name, email address, date of birth and a password (stored hashed — never in clear text). If you make a booking, we store your name, email, phone number, date of birth and the treatment, date and time you booked, together with a booking reference and the status of any deposit payment. We ask for a phone number so we can contact you about your appointment if needed (for example, if a time needs to change). The booking form also includes two optional free-text fields — “any medical history including allergies or recent surgery” and “any additional info” — which you may leave blank; anything you enter is stored with your booking so we can prepare for your treatment. We ask for your date of birth solely to confirm you are 18 or over, as our treatments are only available to adults; it is not used for marketing or any other purpose. The contact form collects your first name, email, an optional phone number, an optional free-text field for any medical history including allergies or recent surgery, and your message. During your treatment, relevant health information is also recorded on a confidential consultation form to keep your treatment safe and appropriate. Like most websites, our hosting also processes basic technical data (such as your IP address and browser type) in server logs for security and reliability, and we use a single essential cookie to keep you signed in — we do not use advertising or tracking cookies.

Health information (special category data)

The health details you give on a consultation form are “special category” data and are treated with extra care. We collect them only to provide a safe and suitable treatment, on the basis of your explicit consent and because the processing is necessary for the provision of health treatment by a health professional. These records are kept confidential and are not shared except where we are required to by law.

Why we collect it and our lawful basis

We use your data to manage your bookings, to contact you about your appointments, to provide safe and suitable treatments, and to respond to your enquiries. Our lawful bases are: contract (to take and fulfil your booking), consent (for the contact form and for recording health information), and legitimate interests (to run and protect the business and keep proper records). Your data is not sold, and is not used for marketing or profiling.

How long we keep it

Booking and treatment records are kept for 7 years after the appointment, in line with professional and insurance record-keeping standards, after which they are securely deleted. If you delete your account, your account is removed and your bookings are unlinked from it, but the booking and treatment records themselves are retained for the 7-year period above to meet those obligations. Short-lived items such as email verification codes expire and are cleared automatically.

Who we share it with

We use a small number of trusted providers who process data on our behalf: a managed Postgres database for account and booking records, Brevo for transactional emails (such as booking confirmations and reminders), and Stripe for online deposit payments (Stripe handles all card details securely — we never see or store your card number). These providers act under our instructions and are not permitted to use your data for their own purposes.

Your rights

Under the UK GDPR you have the right to access, correct or erase your personal data, to restrict or object to processing, to withdraw consent at any time, and to data portability. The easiest way to erase your account data is the “Delete account” button on your account page. For anything else, please get in touch on 07884 497073 or Stroudct@outlook.com.

If you are not satisfied with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113.

Cookies

Only strictly necessary cookies are used: one to keep you signed in to your account, and cookies set by Stripe for secure checkout. There is no advertising or analytics tracking.

Contact

Questions about this notice? Call or text 07884 497073, email Stroudct@outlook.com, or use the contact form on this site.