top of page

GDPR Notice

Origin Wellbeing

Privacy Notice – How We Use Your Personal Information Origin Wellbeing The Pod, Spencer Street, Burton Latimer, Northamptonshire, United Kingdom Email: michael@originwellbeing.co.uk

Effective date: April 2026

At Origin Wellbeing, your privacy and trust are very important to us. This Privacy Notice explains how we collect, use, and protect your personal data when you become a client or enquire about our services.

We are the data controller for the personal information we hold about you. This means we decide why and how your data is processed.

What personal information do we collect?

When you contact us, book a session, or attend appointments for therapeutic massage, hypnotherapy, guided meditation, or other wellbeing services, we may collect:

  • Contact details: Your name, email address, phone number, and postal address.

  • Appointment and service information: Details of the sessions you book, dates, times, and any preferences.

  • Health and wellbeing information: Any information you voluntarily share with us about your physical or mental health, medical history, or reasons for seeking therapy/massage/hypnotherapy. This is considered special category (sensitive) personal data under GDPR.

  • Payment information: Details needed to process payments (handled securely via our payment provider – we do not usually store full card details).

  • Other information: Any notes we make during or after sessions to provide safe and effective care, and any communication between us.

We only collect the information that is necessary to provide our services safely and professionally.

Why do we collect and use your personal data? (Purposes)

We use your personal data for the following purposes:

  • To respond to your enquiries and manage bookings.

  • To provide our personalised wellbeing services (massage, hypnotherapy, meditation, etc.).

  • To keep records of sessions for continuity of care and your safety.

  • To communicate with you about appointments, changes, or important updates.

  • To process payments and maintain our business records.

  • To comply with legal or regulatory obligations (e.g. health & safety or insurance requirements).

Lawful basis for processing your data

Under the UK GDPR we rely on the following lawful bases:

  • Performance of a contract — to provide the wellbeing services you have requested and booked.

  • Legitimate interests — to manage our business efficiently and communicate with you effectively.

  • Explicit consent — for processing special category data (health information) where required. You can withdraw your consent at any time by contacting us (this will not affect the lawfulness of processing before withdrawal).

  • Legal obligation — where we are required by law to process your data.

For health-related data (special category), we also rely on the basis that processing is necessary for the provision of health or social care services.

Who do we share your information with?

We do not sell your personal data. We may share it only where necessary:

  • With trusted service providers (e.g. our booking system, payment processor, or cloud storage provider) who help us deliver our services and are bound by strict data protection agreements.

  • With professional advisors or insurers if required.

  • Where we are legally obliged to do so (e.g. to comply with a court order).

All third parties are required to keep your data secure and to use it only for the purposes we specify.

How long do we keep your information?

We keep your personal data only for as long as necessary for the purposes outlined above, or as required by law. Session notes and health-related records are typically kept for up to 7 years after your last contact with us (or longer if needed for legal reasons). Contact details may be kept longer if you remain on our mailing list with your consent.

Your rights under GDPR

You have the following rights regarding your personal data:

  • The right to access a copy of your data.

  • The right to rectification (correct inaccurate data).

  • The right to erasure (“right to be forgotten”) in certain circumstances.

  • The right to restrict processing.

  • The right to data portability.

  • The right to object to processing.

  • The right to withdraw consent at any time (where consent is the lawful basis).

To exercise any of these rights, please contact us at michael@originwellbeing.co.uk. We will respond within one month.

You also have the right to complain to the Information Commissioner’s Office (ICO) if you believe we have not handled your data correctly. You can contact the ICO at www.ico.org.uk.

Security of your information

We take the security of your personal data seriously and use appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure.

Changes to this notice

We may update this Privacy Notice from time to time. The latest version will always be available on our website: www.originwellbeing.co.uk/privacy-policy

If you have any questions about this notice or how we handle your data, please do not hesitate to contact us:

Michael Origin Wellbeing michael@originwellbeing.co.uk

Thank you for trusting us with your wellbeing.

bottom of page