Privacy policy

Privacy Policy

Relax Massage (whose registered office is located at 4 Princes Street, W1B 2LE London), as the data controller, attaches great importance to the protection and respect of your privacy. This policy aims to inform you, in accordance with Regulation (EU) 2016-679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "Regulation"), of our practices regarding the collection, use and sharing of information that you may provide to us through our website https://www.relax-massage.com/.

This policy aims to inform you about the categories of personal data we may collect or hold about you, how we use them, with whom we share them, how we protect them, and the rights you have over your personal data.

1. The data we collect

By using the Site you may provide us with information, some of which may identify you and therefore constitute personal data (hereinafter referred to as "Data"). This is notably the case when you book a treatment, apply for a position or send us a message via the contact form on our Site.

This information includes in particular the following data:

Account data: designates the data you provide when creating an account by completing the registration form (name, first name, email address, password).
Identification data: Personal information entered when placing an order or making a reservation (name, first name, postal address, telephone number, email address, date of birth, gender, residential address, billing address, criminal record extract for service providers).
Transaction data: where applicable, designates the data you provide when making purchases through the Site such as in particular information relating to your payment method. Bank data collected is transmitted to third parties who help process and fulfill your requests.
Navigation data: designates the data we collect during your navigation on the Site such as in particular the date, time of connection and/or navigation, browser type, browser language, its IP address.

We collect only the data strictly necessary for the management of services, and we do not collect sensitive data without explicit consent.

2. How do we use the data we collect?

We use the Data we collect in order to:

Purposes	Legal basis
Create and manage your customer account	Contract performance or execution of pre-contractual measures
Provide massage services	Contract performance or execution of pre-contractual measures
Manage the commercial relationship (booking, invoices and customer follow-up)	Contract performance or execution of pre-contractual measures
Manage job applications	Consent
Improve our services and your user experience	Legitimate interests pursued by the data controller unless the interests or fundamental rights and freedoms of the data subject prevail

When collecting Data, you will be informed if certain Data must be completed compulsorily or if it is optional. Data identified by an asterisk in the collection form is mandatory. If not provided, the execution of your request may be restricted.

3. Who are the recipients of the data we collect and why do we transfer it to them?

3.1. Data processed by Relax Massage

The Data collected is intended for us in our capacity as data controller.

Purposes	Service or recipient responsibility
Create and manage your customer account	Our internal teams
Provide massage services	Our internal teams
Manage the commercial relationship (booking, invoices and customer follow-up)	Our internal teams<br/>Partner hotels<br/>Service providers
Manage job applications	Our internal teams
Improve our services and your user experience	Our internal teams

3.2 Data transferred to authorities and/or public bodies

In accordance with applicable regulations, Data may be transmitted to competent authorities on request and in particular to public bodies, judicial auxiliaries, ministerial officers, organizations responsible for debt collection, exclusively to comply with legal obligations, as well as in the case of investigating perpetrators of offenses committed on the internet.

3.3 Data transferred to third parties

We work closely with third-party companies that may have access to your Data, and in particular with our sub-processors and service providers to whom we resort for the purpose of managing the commercial relationship (booking, invoices and customer follow-up) whose legal basis is the performance of a contract or execution of pre-contractual measures.

We only transfer to these third parties the Data they need to perform their services, and we require that they do not use your Data for other purposes. These third parties will act only in accordance with our instructions and will be contractually required to ensure a level of security and confidentiality of your Data identical to ours and to comply with applicable regulations on the protection of personal data.

4. How long do we keep your data?

Your Data will not be retained beyond the time strictly necessary for the purposes pursued as set out in the Policy and in accordance with the Regulation and applicable laws.

In this regard, Data used for the purpose of managing your applications is retained for 24 months from the last interaction, unless you expressly object.

Purposes	Retention period
Create and manage your customer account	For the duration of the contractual relationship, then archived in accordance with prescription periods.
Provide massage services	For the duration of the contractual relationship, then archived in accordance with prescription periods.
Manage the commercial relationship (booking, invoices and customer follow-up)	For the duration of the contractual relationship, then archived in accordance with prescription periods.
Manage job applications	Applicant data will be retained for 2 years from the last interaction, unless you expressly object.
Improve our services and your user experience	Up to 3 years if attached to a user account and used for usage analysis.

When retention periods expire, your Data is deleted or anonymized in such a way that it can be exploited without infringing your rights. Nevertheless, your Data may be archived beyond the planned periods for the purposes of research, investigation and prosecution of criminal offenses solely to enable, where necessary, the provision of your Data to the judicial authority.

Archiving means that your Data will no longer be searchable online but will be extracted and stored on an independent and secure medium.

5. Are your data transferred, how and where?

We do not transfer your personal data outside the United Kingdom and the European Union. All data is hosted on secure servers located in the European Union and/or the United Kingdom (recognized as offering adequate protection, adequacy decision of 28 June 2021, currently under evaluation).

If we transfer your Data outside the European Union, we will always do so securely and in accordance with applicable regulations, in particular on personal data protection:

Either by transferring the Data to a recipient located in a country that has received an adequacy decision from the European Commission certifying that it has an adequate level of protection;
Or by executing or having executed the European Standard Contractual Clauses which have been approved by the European Commission as ensuring an adequate level of protection for your Data;
Or by using Binding Corporate Rules validated by competent data protection authorities;
Or by resorting to any appropriate safeguards referred to in Article 46 of the Regulation.

You can access all these documents by contacting us at the address mentioned in our Legal Notice.

6. How is your data protected?

We take appropriate technical and organizational measures to prevent unauthorized access to, or modification, disclosure, loss or destruction of your Data. In this context, we invite you to consult our Computer Charter detailing the technical and organizational measures implemented for this purpose. It is important that you preserve the confidentiality of your login credentials to prevent unlawful use of your account.

7. What are your rights over your data?

In accordance with applicable laws and regulations on personal data protection, you have a number of rights relating to your Data, namely:

A right of access and information: you have the right to be informed in a concise, transparent, intelligible and easily accessible manner of how your Data is being processed. You also have the right to (i) obtain confirmation that Data concerning you is being processed and, where appropriate (ii) access such Data and obtain a copy of it.
A right to rectification: you have the right to obtain rectification of inaccurate Data concerning you. You also have the right to complete incomplete Data concerning you by providing a supplementary statement. In the event of exercise of this right, we undertake to communicate any rectification to all recipients of your Data.
A right to erasure: in certain cases, you have the right to obtain the erasure of your Data. However, this is not an absolute right and we may for legal or legitimate reasons retain this Data.
A right to restrict processing: in certain cases, you have the right to obtain a restriction on the processing of your Data.
A right to data portability: you have the right to receive your Data that you provided to us, in a structured, commonly used and machine-readable format, for your personal use or to transmit it to a third party of your choice. This right only applies when the processing of your Data is based on your consent, on a contract or when such processing is carried out by automated means.
A right to object to processing: you have the right to object at any time to the processing of your Data for processing based on our legitimate interest, a task of public interest and those for commercial prospecting purposes. This is not an absolute right and we may for legal or legitimate reasons refuse your request to object.
The right to withdraw your consent at any time: you can withdraw your consent to the processing of your Data when the processing is based on your consent. Withdrawal of consent does not affect the lawfulness of processing based on consent before such withdrawal.
The right to lodge a complaint with a supervisory authority: you have the right to contact your data protection authority to complain about our personal data protection practices.
The right to give instructions regarding the fate of your data after your death: you have the right to give us instructions on how your Data will be used after your death.

Any request will be examined in compliance with applicable legal and regulatory obligations.

You can exercise your rights by contacting us by one of the following means:

By email: by sending a request to the dedicated address rgpd@relax-massage.com
Via our online form: accessible in the "Contact" section of our website

We commit to processing any request within a maximum of 30 days from its receipt, in accordance with the provisions of the GDPR. Identity verification may be required to prevent fraudulent requests (for example, by providing an official identity document).

8. Notification in case of personal data breach

In the event of a personal data breach (unauthorized access, loss, disclosure), we implement an incident management protocol to limit the impact on you and comply with our legal obligations.

Incident management procedure

Notification to the CNIL: Any data breach that poses a risk to your privacy will be reported to the National Commission for Computing and Freedoms (CNIL) within a maximum of 72 hours following discovery of the incident.

Information of affected individuals: If the breach is likely to result in a high risk to your rights and freedoms, you will be informed without delay via email or notification on the website.

Corrective measures: We will analyze the causes of the incident and implement necessary corrective actions to strengthen data security and prevent any recurrence.

We remain at your disposal for any questions relating to the security and protection of your personal data.

9. Modification of our privacy policy

We may occasionally modify this policy, in particular to comply with any regulatory, case law, editorial or technical developments. If necessary, we will change the "last update" date and indicate the date when the modifications were made. Where necessary, we will inform you and/or seek your agreement. We recommend that you consult this page regularly to be aware of any modifications or updates made to our policy.

10. Contact

For any questions relating to this policy or any request relating to your Data, you can contact us by:

Sending an email to the following address: rgpd@relax-massage.com; or
Sending a letter to the following address: 4 Princes Street, W1B 2LE London.

Version updated 12/03/2025.