Privacy Policy

Effective Date: 24 July 2025
Website: rosaguilfoyle.com
Owner: Rosa Guilfoyle
Jurisdiction: United Kingdom

Introduction
This Privacy Policy outlines how we collect, use, and protect any personal data that you provide when using this website or when booking services with Rosa Guilfoyle. We are committed to ensuring your privacy is protected in accordance with UK data protection law (UK GDPR and the Data Protection Act 2018).

What Information We Collect
We may collect and process the following personal data:
• Name and contact information (e.g. email, phone number)
• Information relevant to bookings (e.g. service type, session notes)
• Health information (only where necessary for treatment and with your consent)
• Technical data (e.g. IP address, browser type, cookies)

How We Use Your Data
We use your personal data to:
• Provide and manage wellness services
• Respond to enquiries
• Send booking confirmations or service updates
• Maintain client records in line with professional practice standards
• Comply with legal or regulatory obligations
We will never sell or share your data for marketing purposes without your explicit consent.

Lawful Basis for Processing
We rely on the following legal bases to process your data:
• Consent: For sending updates or health information.
• Contract: To deliver agreed services.
• Legal obligation: To comply with applicable laws.
• Legitimate interest: To operate and improve the website and services.

Data Retention
Client records and health information are retained securely for up to 7 years (or as legally required) after your last appointment. Non-client enquiries are typically deleted after 12 months.

Your Rights
You have the right to:
• Access your personal data
• Request correction or deletion
• Withdraw consent (where applicable)
• Lodge a complaint with the ICO (Information Commissioner’s Office)
To exercise your rights, contact: hello@rosaguilfoyle.com

Security
We are committed to keeping your data secure. Appropriate technical and organisational measures are in place to protect your information from unauthorised access, loss, or disclosure.

Third-Party Services
This website may use trusted third-party tools (e.g. booking platforms, email systems). These providers are GDPR-compliant and only process your data as necessary to provide their services.