Privacy policy.

 

Sum Soma
Effective Date: February 2026

1. Who We Are

Sum Soma is operated by Laura Macdonell, a sole trader based in the United Kingdom.

Registered Address: The Cottage, Sandwick, Shetland, ZE2 9HH
Email: hello@sumsoma.com

For the purposes of data protection law, Laura Macdonell is the Data Controller.

2. What Personal Data We Collect

We may collect the following information:

Contact Form Enquiries

  • Name

  • Email address

  • Phone number

  • Information you include in your message

Bookings & Client Information

  • Full name

  • Email address

  • Phone number

  • Postal address

  • Emergency contact details

  • Health information

  • Medical history

  • Mental health information

  • Injury details

  • GP details (where relevant)

  • Session notes

Payments

Payments are processed via:

  • PayPal

  • Bank transfer

We do not store card details directly.

Newsletter & Marketing

If you sign up to receive emails, we collect:

  • Name

  • Email address

Email marketing is managed through Flodesk.

You can unsubscribe at any time by clicking the link in any marketing email.

3. Special Category Data

We may collect sensitive personal data, including health and mental health information.

Under UK GDPR, this is known as “special category data.”

We process this data under the following lawful bases:

  • Contractual necessity (to provide services)

  • Legal obligation

  • Legitimate interests

  • Explicit consent

  • Provision of health or social care

We only collect information necessary to provide safe and appropriate services.

4. How We Use Your Information

We use your data to:

  • Respond to enquiries

  • Provide therapy or movement sessions

  • Maintain professional records

  • Process payments

  • Send appointment confirmations

  • Send newsletters and updates (where consent has been given)

  • Comply with legal or professional obligations

We do not sell your data.

5. Children’s Data

We may provide services to children. In such cases:

  • Parental or guardian consent will be obtained where required

  • Only necessary information will be collected

  • Records will be handled with additional care and confidentiality

6. How We Store Your Data

We store information securely using:

  • Password-protected devices

  • Secure Google Drive storage

  • Locked paper filing systems

We take reasonable steps to protect personal data from loss, misuse, or unauthorised access.

7. How Long We Keep Your Data

We retain records for as long as necessary for professional, legal, and insurance purposes.

Typically:

  • Records may be kept for up to 7 years after the end of services

  • Children’s records may be retained longer in line with professional guidance

  • Enquiry emails may be kept for administrative purposes

  • Newsletter data is retained until you unsubscribe

8. Third-Party Services

We may use third-party providers to support our services, including:

  • PayPal (payment processing)

  • Flodesk (email marketing)

  • TidyCal (appointment scheduling)

  • Google Drive (secure storage)

  • Accountants or professional advisers

These providers have their own privacy policies and handle data in accordance with applicable laws.

9. Cookies & Website Tracking

Our website may use cookies and similar technologies.

This may include:

  • Essential website functionality

  • Scheduling tools such as TidyCal

  • Embedded content (such as YouTube videos)

Embedded content may collect data as if you had visited the external site directly.

You can manage cookie preferences through your browser settings.

10. Your Rights

Under UK data protection law, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data

  • Restrict processing

  • Object to processing

  • Request data portability

  • Withdraw consent at any time

To exercise these rights, contact: hello@sumsoma.com

11. Confidentiality & Limits

Therapy and session information is treated as confidential. However, confidentiality may be breached where:

  • There is risk of serious harm to you or others

  • There are safeguarding concerns

  • Disclosure is required by law

Where possible, we will discuss this with you first.

12. Complaints

If you have concerns about how your data is handled, please contact us directly in the first instance.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

www.ico.org.uk

13. Changes to This Policy

This policy may be updated from time to time. The latest version will always be available on this website.