Privacy Policy

The Tarporley Wellness & Rejuvenation Clinic

Mandy Laing

My Commitment to Your Privacy

At The Tarporley Wellness & Rejuvenation Clinic, your trust and wellbeing are at the heart of everything I do.

I’m committed to protecting your privacy, treating your information with respect, and being transparent about how your data is collected, used, and stored.

This Privacy Notice explains how I handle your personal data in line with UK data protection laws and the ethical standards of the Association of Acupuncture Clinicians (AAC).

If you have any questions, I’ll always be happy to explain things clearly and simply.

1. INTRODUCTION — How I Protect Your Data

This privacy notice provides you with details of how I collect and process your personal data through your use of my site [Mandy Laing].

By providing me with your data, you warrant to me that you are over 13 years of age.

Data Controller:

Mandy Laing is the data controller and is responsible for your personal data.

Contact Details:

Full name of legal entity: Mandy Laing, The Tarporley Wellness and Rejuvenation Clinic, Tarporley

Email: mandy.laing@icloud.com

Postal address: as above

It’s important that the information I hold about you is accurate and up to date.

Please let me know if your personal information changes by emailing me at mandy.laing@icloud.com.

2. WHAT DATA I COLLECT AND WHY

Personal data means any information capable of identifying an individual. It does not include anonymised data.

I may process the following categories of personal data about you:

  • Communication Data – includes any communication that you send to me, whether through the contact form on my website, by email, text, social media, or any other method. I process this data to communicate with you, keep records, and for the establishment or defence of legal claims.
    Lawful ground: legitimate interests (to reply, keep records, and manage claims).

  • Customer Data – includes data relating to purchases of goods and/or services such as your name, title, billing address, delivery address, email, phone number, and payment details.
    Lawful ground: performance of a contract between you and me.

  • User Data – includes data about how you use my website and any online services, plus anything you post for publication.

  • Lawful ground: legitimate interests (to manage and administer my website and business).

  • Technical Data – includes data such as your IP address, browser type, time zone, and device information collected through cookies or analytics systems.

    Lawful ground: legitimate interests (to maintain and grow my business and website).

  • Marketing Data – includes your marketing and communication preferences.

    Lawful ground: legitimate interests or consent (to grow my business and communicate with clients).

I may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant content and advertisements to you and measure their effectiveness.

Lawful ground: legitimate interests (to grow my business).

Sensitive Data

I collect certain health information — such as your medical history, current health issues, and details of your symptoms — to provide safe and effective treatment tailored to your needs.

I will only use your personal data for the purpose for which it was collected, or a reasonably compatible purpose if necessary.

If I ever need to use your details for an unrelated purpose, I’ll let you know and explain the legal grounds for doing so.

I may process your data without your consent where required or permitted by law.

3. HOW I COLLECT YOUR DATA

I may collect data directly from you — for example, when you fill in forms on my website, send information via WhatsApp, or communicate by email.

Some data may be collected automatically through cookies and similar technologies when you use my website.

4. MARKETING COMMUNICATIONS

My lawful ground for processing personal data for marketing purposes is either your consent or legitimate interest (to grow my business).

Under the Privacy and Electronic Communications Regulations, I may send you marketing communications if:

  • You made a purchase or requested information from me, or

  • You opted in to receive marketing and haven’t opted out since.

Before sharing your data with third parties for their own marketing, I will always seek your express consent.

5. DISCLOSURES OF YOUR PERSONAL DATA

I may share your data with:

  • Service providers who support my IT and administration systems.

  • Professional advisers (lawyers, bankers, insurers, auditors).

  • Government bodies that require me to report certain activities.

6. DATA SECURITY — How I Keep Your Information Safe

I have security measures in place to prevent your personal data from being accidentally lost, used, altered, or accessed without authorisation.

Only individuals with a legitimate business need can access your data, and they are required to keep it confidential.

If a personal data breach is ever suspected, I will notify you and any relevant authorities where legally required.

7. DATA RETENTION — How Long I Keep Your Data

I retain your personal data only as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements.

For tax purposes, I must keep basic customer information (contact, identity, financial, and transaction data) for seven years after you stop being a client.

In some cases, I may anonymise your data for research or statistical purposes, allowing me to use it indefinitely without further notice.

8. YOUR LEGAL RIGHTS — You’re Always in Control

Under data protection laws, you have rights regarding your personal data, including access, correction, erasure, restriction, transfer, and the right to withdraw consent.

More information is available here:

🔗 ICO: Individual Rights Guide

If you wish to exercise these rights, please email me at mandy.laing@icloud.com.

You will not have to pay a fee unless your request is unfounded, repetitive, or excessive. I may ask for information to confirm your identity and ensure data is disclosed only to the correct person.

I aim to respond within one month of receiving a valid request.

If you are unhappy with how your data has been handled, you have the right to contact the Information Commissioner’s Office (ICO) at www.ico.org.uk.

However, I’d always appreciate the chance to resolve your concern first.

9. THIRD-PARTY LINKS

This website may include links to third-party websites, plug-ins, or applications. Clicking on them may allow third parties to collect or share data about you.

I do not control these external websites and am not responsible for their privacy practices.

I encourage you to read the privacy notice of every website you visit.

Inclusivity and Equality

My clinic is an inclusive and welcoming space.

I provide care and support to all clients equally — regardless of background, beliefs, gender, identity, age, or ability.

Your privacy and dignity are always respected in every interaction and every treatment.

Thank You

Thank you for taking the time to read this Privacy Notice.

I understand that privacy policies can feel formal, but please know that every measure described here exists to protect you, your trust, and your wellbeing — both inside and outside the treatment room.

Warm wishes,

Mandy Laing

The Tarporley Wellness & Rejuvenation Clinic