Lull Reflexology | Pregnancy & Women’s Wellbeing Reflexology | East Dulwich

Privacy Policy & GDPR Notice Lull Reflexology & Dwell Skin

Quick reference policy overview. Followed by full policy detailed below.

Dwell Skin and Lull Reflexology collect and securely store personal and health-related information to provide safe, effective skincare and reflexology treatments, manage appointments, maintain treatment records and meet legal and insurance obligations. Information may include contact details, medical history, treatment notes, photographs (with consent), and marketing preferences. Data is collected through consultations, booking systems, emails, calls, texts, social media DM’s, online forms and is protected using secure storage, password protection and restricted access. Records are typically kept for at least seven years and are never sold or shared for marketing purposes. Clients have full rights under UK GDPR, including access to, and correction or deletion of, their data and can opt out of marketing communications at any time using unsubscribe options.

Full Privacy Policy & GDPR Notice

This privacy policy explains how your personal information is collected, used, stored and protected in accordance with the UK General Data Protection Regulation (UK GDPR) and the Date Protection Act 2018. It applies to all clients receiving treatments or making enquiries through Lull Reflexology and Dwell Skin.

Who We Are

Lull Reflexology and Dwell Skin provide professional skincare, facial, wellness and reflexology treatments. In order to safely and effectively provide treatments. We may need to collect personal information, including sensitive health-related information.

For the purposes of UK GDPR, Lull Reflexology and Dwell Skin are the ‘Data Controllers’ of your personal data depending on which point of access you are coming to for treatments.

Business Owner: Hannah Adams, 5 Gravel Rd, Bromley. BR2 8PE. Email: hello@dwellskin.co.uk‍ ‍info@lullreflexology.com

The Information We Collect

We may collect and process the following personal information.

Name, address, telephone number and email address.

Emergency contact details.

Medical history and health information (only) relevant to treatment.

Lifestyle information (only) relevant to treatment and treatment planning.

Treatment notes, consultation forms and aftercare records.

Photographs relating to treatment progress (only with your express consent).

Appointment history and payment information.

Marketing preferences.

Some of this information is classified as ‘special category data’ under UK GDPR because it relates to health information.

Why We Collect Your Information

We collect and use your information in order to:

Provide safe and appropriate reflexology and skincare treatments.

Assess suitability for treatment and identify contraindications.

Maintain accurate treatment records.

Contact you regarding appointments, follow-up care or treatment advice.

Meet legal, insurance and professional obligations.

Send marketing communications where you have explicitly opted in.

Your information will never be sold or shared for unrelated marketing purposes.

Lawful Basis For Processing Your Data

Under UK GDPR, the lawful bases relied up are:

Legitimate Interests. We process your information as part of running safe and effective treatment practices and maintaining appropriate treatment records.

Contractual Necessity. Processing is necessary in order to provide the services you have requested and booked.

Legal Obligation. Certain records must be retained for insurance and legal purposes, including professional liability requirements.

Special Category Health Data. Health-related information is processed under Article9(2)(h) UK GDPR for the provision of health and wellness care and treatment.

Where required, we will request your explicit consent, particularly for treatment photographs, marketing communications or sharing information with another health professional.

How Your Information Is Collected

Your information may be collected through consultation forms, online booking systems. email correspondence, telephone conversations, social media direct messages, secure online forms and in-person consultations.

We use GDPR-compliant third-party systems where necessary including secure forms.

Storage And Security Of Your Data

We are committed to keeping your personal data secure. Appropriate technical and organisational measures are in place to protect your information from unauthorised access, disclosure, alteration or destruction. These include -

Password-protected devices.

Secure digital storage systems.

Encrypted online forms where applicable.

Restricted access to records.

Secure disposal or paper records.

Any medical or sensitive information sent electronically and no longer required will be securely deleted.

How Long We Keep Your Data

Treatment records and consultation notes are retained for a minimum of 7 years after your last appointment in line with professional insurance requirements and legal obligations.

After the retention period has expired, records will be securely destroyed or deleted.

Sharing Your Information

Your information will remain confidential and will not be shared with third parties unless:

You have given explicit consent.

It is required to do so by law.

It is necessary to protect someone’s vital interests.

It is requested by professional or legal insurers in relation to a claim.

If we use third-party service providers (such as booking systems, payment processors or email marketing platforms), we ensure that they are GDPR-compliant.

International Data Transfers

Where any third-party providers store data outside the UK or EEA, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Marketing Communications

You will only receive marketing emails and newsletters, promotions or updates if you have actively opted in to receive them. You may unsubscribe at any time by clicking on the unsubscribe link in emails, or by contacting us directly.

Your Rights Under UK GDPR

You have the right to:

Be informed about how. your data is used.

Access the personal data we hold about you.

Request correction or inaccurate of incomplete data.

Request erasure of your data where legally permitted.

Restrict or object to certain processing activites.

Request transfer of your data to another provider.

Withdraw consent at any time where consent is relied upon.

Lodge a complaint with the Information Commissioner’s Office (ICO)

For more information on your rights visit:

Information Commissioner’s Office (ICO)

Contact Details

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact -

Hannah Adams. 5 Gravel Rd, Bromley. BR2 8PE.

Email: info@lullreflexology.co.uk

Email: hello@dwellskin.co.uk

Updated: May 2026