Sum Soma
Effective Date: February 2026
1. Who We Are
Sum Soma is operated by Laura Macdonell, a sole trader based in the United Kingdom.
Registered Address: The Cottage, Sandwick, Shetland, ZE2 9HH
Email: [email protected]
For the purposes of data protection law, Laura Macdonell is the Data Controller.
2. What Personal Data We Collect
We may collect the following information:
Contact Form Enquiries
Name
Email address
Phone number
Information you include in your message
Bookings & Client Information
Full name
Email address
Phone number
Postal address
Emergency contact details
Health information
Medical history
Mental health information
Injury details
GP details (where relevant)
Session notes
Payments
Payments are processed via:
PayPal
Bank transfer
We do not store card details directly.
Newsletter & Marketing
If you sign up to receive emails, we collect:
Name
Email address
Email marketing is managed through Flodesk.
You can unsubscribe at any time by clicking the link in any marketing email.
3. Special Category Data
We may collect sensitive personal data, including health and mental health information.
Under UK GDPR, this is known as “special category data.”
We process this data under the following lawful bases:
Contractual necessity (to provide services)
Legal obligation
Legitimate interests
Explicit consent
Provision of health or social care
We only collect information necessary to provide safe and appropriate services.
4. How We Use Your Information
We use your data to:
Respond to enquiries
Provide therapy or movement sessions
Maintain professional records
Process payments
Send appointment confirmations
Send newsletters and updates (where consent has been given)
Comply with legal or professional obligations
We do not sell your data.
5. Children’s Data
We may provide services to children. In such cases:
Parental or guardian consent will be obtained where required
Only necessary information will be collected
Records will be handled with additional care and confidentiality
6. How We Store Your Data
We store information securely using:
Password-protected devices
Secure Google Drive storage
Locked paper filing systems
We take reasonable steps to protect personal data from loss, misuse, or unauthorised access.
7. How Long We Keep Your Data
We retain records for as long as necessary for professional, legal, and insurance purposes.
Typically:
Records may be kept for up to 7 years after the end of services
Children’s records may be retained longer in line with professional guidance
Enquiry emails may be kept for administrative purposes
Newsletter data is retained until you unsubscribe
8. Third-Party Services
We may use third-party providers to support our services, including:
PayPal (payment processing)
Flodesk (email marketing)
TidyCal (appointment scheduling)
Google Drive (secure storage)
Accountants or professional advisers
These providers have their own privacy policies and handle data in accordance with applicable laws.
9. Cookies & Website Tracking
Our website may use cookies and similar technologies.
This may include:
Essential website functionality
Scheduling tools such as TidyCal
Embedded content (such as YouTube videos)
Embedded content may collect data as if you had visited the external site directly.
You can manage cookie preferences through your browser settings.
10. Your Rights
Under UK data protection law, you have the right to:
Access your personal data
Request correction of inaccurate data
Request deletion of your data
Restrict processing
Object to processing
Request data portability
Withdraw consent at any time
To exercise these rights, contact: [email protected]
11. Confidentiality & Limits
Therapy and session information is treated as confidential. However, confidentiality may be breached where:
There is risk of serious harm to you or others
There are safeguarding concerns
Disclosure is required by law
Where possible, we will discuss this with you first.
12. Complaints
If you have concerns about how your data is handled, please contact us directly in the first instance.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
www.ico.org.uk
13. Changes to This Policy
This policy may be updated from time to time. The latest version will always be available on this website.