privacy policy

In the spirit and ethos of Shiatsu, protecting your privacy is matters to the Society. When communicating with us, we will only ask for information that is relevant to our engagement with you. While we support and encourage the health and wellbeing of individuals, we do not encourage people to provide us with health information (special category data).

We assure you any personal data you share with us when communicating with us will be used in accordance with this Privacy Notice. If we ever make significant changes to the process or location of processing, we will give you the opportunity to amend your communication preference.

Privacy Notice and Cookies Policy  

Compliant with the UK General Data Protection Regulation (UK GDPR) 

The Shiatsu Society UK (SSUK) is committed to safeguarding your personal data in compliance with UK GDPR and the Data Protection Act 2018. This policy outlines how we collect, use, and protect your information when you interact with us through our membership website, communications, and services. 

1. Data Collection and Use  

We collect personal data you provide during registration, including: 

  • Name, address, email, and contact details 
  • Membership preferences and location 
  • Insurance details 
  • Marketing preferences 
  • Website and app user journey information 
  • IP addresses 
  • Personal information used for administration of the research 
  • Personal information used for the purpose of research 
  • Records of consent, where appropriate 
  • Payment details 
  • Account information 
  • Purchase or service history 
  • Financial transaction information 
  • Correspondence. 

Purpose of Collection: 

  • To provide membership services and site functionality (e.g. search features). 
  • To develop and improve features based on anonymised data. 
  • To send newsletters, updates, and promotional materials relevant to our services. 
  • We might process health information (special category data) only with your explicit consent or for archiving, research or statistical purposes.

 

2. Legal Basis for Processing 

We process your personal data under these legal bases: 

  • Contractual Necessity:  We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object. 
  • Consent:  We have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time. 
  • Legitimate Interests: We’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:  
  • For feature development and service improvement while ensuring minimal impact on your privacy. 
  • Legal obligation: We have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability. 

 

3. Your Rights 

As a data subject, you have the right to: 

  • Access, correct, or delete your personal data 
  • Restrict or object to data processing 
  • Data portability 
  • Withdraw consent for marketing at any time 
  • Lodge complaints with the Information Commissioner’s Office (ICO). 

 

4. Data Sharing and Retention 

Sharing: 

  • We do not share your data with third parties for marketing. 
  • Data may be shared with trusted service providers under strict confidentiality agreements for hosting, functionality, or payment processing (e.g., Stripe, GoCardless). 

Sharing information outside the UK: 

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place. 

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided below. 

 

Organisation name: Platform.sh 

Category of recipient: Hosting provider, server management 

Country the personal information is sent to: France 

How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs) 

 

Where necessary, our data processors may share personal information outside the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place. 

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided below. 

 

Organisation name: various 

Category of recipient: web developer 

Countries the personal information is sent to: India, Pakistan 

How the transfer complies with UK data protection law: It’s a restricted transfer of data. 

 

Retention: 

Personal data is retained only as long as necessary to fulfil its purpose or meet legal obligations. For information on how long we keep personal information, see our Data Retention Schedule

 

5. Security Measures 

We implement industry-standard measures to protect your data. While we strive for robust security, no system is entirely immune to breaches. You are responsible for safeguarding your account credentials. 

 

6. Updates to This Policy 

We may update this policy periodically to reflect regulatory or operational changes. Significant updates will be communicated via email or prominently on our website. 

 

Cookies and Website Use 

Our website uses cookies to enhance functionality and user experience: 

Essential Cookies: For core website functionality. 

Performance Cookies: To analyse site usage anonymously. 

Functionality Cookies: To remember preferences. 

Marketing Cookies: For relevant ads and campaign tracking. 

You can manage cookie preferences via browser settings. We do not deploy non-essential cookies without your consent. 

  

Communication and Consent 

By registering as a member, you consent to data processing as outlined in this policy. You can manage your communication preferences, unsubscribe, or contact our support team for assistance at any time. 

  

Service Partners 

To ensure the smooth running of the Society we engage with the following organisations. Our partners only process personal data in accordance with our instruction: - 

Organisation: Complementary & Natural Healthcare Council (CNHC) 

Organisation: Due Diligence Checking (DDC) 

Organisation: Platform.sh 

Organisation: Cloudflare 

Organisation: Gitlab 

Organisation: Stripe 

Organisation: Gandi.net 

  

Organisation: GoCardless 

  

Other Organisations: 

We also utilise the following cloud-based technologies. Please refer to the organisations’ individual Privacy Notices for access and storage of data: - 

  • Microsoft 365 – Office management 
  • Facebook – Community engagement 
  • LinkedIn – Community engagement 
  • Mailchimp – Newsletters 
  • Instagram – Community engagement 
  • Type Form – Surveys 
  • X – Community engagement 

 

Contact Details 

For any questions or concerns, contact us: 

  • Email: [email protected] 
  • Phone: +44 (0) 204 5512147 
  • Address: 20–22 Wenlock Road, London, N1 7GU 
  • You can also contact the ICO at www.ico.org.uk for unresolved concerns. 

  

Commitment to Privacy 

SSUK is dedicated to protecting your data. We encourage transparency and lawful practices to ensure your privacy is respected while fostering community engagement. 

 

Last updated: 

17th March 2025 

 

 

 

Find out more about our Service Provider GoCardless

GoGardless Payment Policy