Privacy Notice

This Privacy Notice provides you with details of how I, Marina Chrysou, collect and process your personal data through your use of my website (, or in person at my practice.

(Marina Chrysou is referred to as “I”, “my”, “we”, “us” or “our” in this privacy notice).

I would like to assure you that your privacy is of the utmost importance. I adhere to General Data Protection Regulations (GDPR). This means that your personal information is stored securely and confidentially, and is never shared for marketing purposes by Third Parties.


Contact details


Marina Chrysou is the data controller and is responsible for your personal data.

Full name: Marina Chrysou

Email address:

Mobile telephone number: +44 7757960209


It is very important that the information I hold about you is accurate and up-to-date. Please let me know if at any time your personal information changes by emailing me at


Sections 1 – 3 apply only to my clients, prospective clients, former clients and visitors to my professional practice.
1. Personal data I collect about you, for what purpose and the legal basis for processing it

‘Personal data’ means any information capable of identifying an individual. It does not include anonymised data. ‘Processing’ means collecting, using and storing your data.

I may process the following categories of personal data about you:

Communication Data: that includes any communication that you send to me whether through a contact form on my website, through email, text, social media messaging, or any other communication that you send to me. I will process this data solely for the purposes of communicating with you for record keeping purposes. My legal basis for this processing is my legitimate interests, which in this case are to respond to enquiries and other communications sent to me concerning the services provided and keep adequate records.

Client Data: that includes personal contact details and data relating to any treatments sessions/services I supply to you; such as your name, title, home address, email address, phone number(s) and dates of treatment. I process this data to communicate with you regarding your care, supply the treatments and/or services you have purchased and keep records of such transactions. My legal basis for this processing is taking steps at your request so that you can enter into an agreement with me to receive Shiatsu treatment and/or the performance of such agreement.


I may collect Sensitive Data about you. Sensitive Data refers to information that includes details about your health and current and historic medical information. I will only collect Sensitive Data that is relevant and necessary for your care, on a strictly confidential basis and for the sole purpose of conducting a safe and appropriate Shiatsu treatment. I do not collect data about your race or ethnicity, religious or philosophical beliefs or sexual orientation. My legal basis for processing your Sensitive Data is consent.

Marketing Data: that includes data about your preferences in receiving marketing from me, and your communication preferences. I process this data to enable me to provide you with details of the services I provide. My legal basis for this processing is my legitimate interests, which in this case are to develop my marketing strategy (please also see section 3 - marketing communications).

2. How I collect your personal data

Most of the personal information I process about you is provided to me directly by you, for example by filling in forms at my practice or by sending me emails.

In order to obtain your consent to hold and process your Sensitive Data, and (when necessary) contact you by email, telephone, or post, I will ask you to sign and date a form and return it to me, usually at our first appointment.


3. Marketing communications

I may send you marketing communications from me if:

(i) you purchased a treatment session or asked for information from me about my services, or

(ii) you agreed to receive marketing communications,

and you have not opted out of receiving such communications. You can opt out of receiving marketing communications from me at any time by contacting me by email or post at the contact details provided in this Privacy Notice.

My lawful grounds for processing your data is to send you marketing communications based upon your consent.

I will never share your personal data with any Third Party for their own marketing purposes.

You can ask me to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by sending me an email.

If you opt out of receiving marketing communications, this opt-out does not apply to personal data provided as a result of other transactions such as patient treatment sessions.


Sections 4 – 7 apply only to visitors of my website


4. Personal data I collect about you, for what purpose and the legal basis for processing it


‘Personal data’ means any information capable of identifying an individual. It does not include anonymised data. ‘Processing’ means collecting, using and storing your data.

I do not process any personally identifiable data from your use of my website.

My website is hosted on the platform. provides the online platform that allows me to promote my services to you. Data about your use of my website may be stored through’s data storage, databases and the general applications. They store data on secure servers behind a firewall.

I use a third-party service, Google Analytics, to collect data about your use of my website, such as information about your browser, length of visit to pages on my website, page views and navigation paths, details about the number of times you use my website. Find our more about Google’s privacy policy. I process this data to analyse the use of my website and deliver relevant content. The information is processed in a way that does not identify anyone.

My legal basis for this processing is my legitimate interests which in this case is to enable me to properly administer my website.

If I do collect personal data through my website, I will be make it clear when I collect it and explain what I intend to do with it.

5. How I collect your personal data

I may automatically collect certain data from you as you use my website, by using cookies and similar technologies. Please see my Cookie Policy for more details about this.

I may receive data about your use of the website from third parties such as analytics providers such as Google based outside the EU, advertising networks such as Facebook based outside the EU, such as search information providers such as Google based outside the EU, providers of technical or payment services, such as data brokers or aggregators.


6. Third-party links

My website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. I do not control these third-party websites and I am not responsible for their privacy statements. When you leave my website, I encourage you to read the privacy notice of every website you visit.

7. Cookie Policy

My website may place and access certain ‘Cookies’ (small files) on your computer. These Cookies are used to improve your experience of using my website and to improve the range of services available. I have taken steps to ensure that your privacy is protected and respected at all times.

Before the website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling us to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies. You can also set your browser to refuse some or all cookies, or to alert you when websites set or access cookies. For further details, please consult the help menu in your internet browser.

If you disable or refuse cookies, please note that some parts of my website may become inaccessible or not function properly.

My website is hosted by platform. For this reason, the use of cookies by my website is under the control of the hosting company, who can change their function at any time and introduce new cookies. You can read the Privacy Policy and review sections 8, 12 and 13 for information on how Wix handles site visitors’ data here:


You can read more details about the types of cookies used by

All Cookies used by my website are used in accordance with current UK and EU Cookie Law.

It is recommended that you ensure that your internet browser is up-to-date and that you consult the guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.


8. Disclosures of your personal data

Any information you provide me, either through this website or through any other means, such as email, text or letter, will be treated as strictly confidential at all times.

I may have to share your personal data with third parties, as set out below:

  • Named third parties (for example other complementary therapists or professionals), only with your explicit consent

  • A relevant authority such as the police or a court, if necessary to comply with a legal obligation

  • Your doctor or the police if necessary to protect yours or another person’s life

  • The police or a local authority for the purpose of safeguarding children or vulnerable adults

  • My regulatory body, the Shiatsu Society UK, or my insurance company in the event of a complaint or insurance claim being brought against me

  • My solicitor in the event of any investigation or legal proceedings being brought against me


9. How I keep your data secure

I have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation.

All paper records are stored securely at my home address in London, UK. Electronic data is held securely in a password protected computer in London, UK. All records and personal data are only accessible by me.

Please note that emails and the information they contain may not be encrypted in transit. I use Gmail, an email service provided by Google. You can read information about Gmail’s encryption.

I have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if I am legally required to.

10. How long I keep your data (retention period)

I will only keep your personal data for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When deciding what the correct time is to keep the data for, I look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.

Your data will be securely deleted after the required retention period.

If you would like further information regarding the periods for which I will keep your personal information, please contact me for further details.

In some circumstances I may anonymise your personal data for research or statistical purposes in which case I may use this information indefinitely without further notice to you.

11. Children's Privacy

My service does not address anyone under the age of 18 ("Children"). I do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your children have provided us with personal data, please contact us. If I become aware that I have collected personal data from children without verification of parental consent, I take steps to remove that information.


12. Your rights

Under data protection laws you have rights in relation to your personal data that includes the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent. You can see more about these rights at Information Commissioner's Office website.

If you wish to exercise any of the rights set out above, please contact me at the addresses shown in this Privacy Notice. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive and I may refuse to comply with your request in these circumstances.

I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request to speed up my response.

I will try to respond to all legitimate requests within one month. Occasionally it may take me longer than a month if your request is particularly complex or you have made a number of requests. In this case, I will notify you.

If you are not happy with any aspect of how I collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( I would be grateful if you could contact me first if you do have a complaint so that I can try to resolve it for you.

13. Changes to this Privacy Notice

We may update this Privacy Notice at any time, so please review it frequently. I will not explicitly inform my clients or website users of these changes. Changes and clarifications will take effect immediately upon their posting on this website. In that case, the ‘last updated’ date at the bottom of this page will also change.

This Privacy Notice was last updated on 14 October 2018.