top of page

PRIVACY POLICY

SymmetryHL – Oleksandr Kravchenko
Address: 12 Priory Office Park, Stillorgan Rd, Blackrock, Dublin, Ireland

Email: Symmetry.ie@gmail.com
Phone: +353852013245

Data Controller: Oleksandr Kravchenko (Owner)

Last updated: 18 February 2026

1. Who We Are

SymmetryHL is a rehabilitation and massage therapy service based in Dublin, Ireland. This Privacy Policy explains how we collect, use, store, and protect personal data in line with the GDPR and Irish data protection law.

2. What Personal Data We Collect

2.1 Identity & Contact Data

  • Full name

  • Phone number

  • Email address

  • Communication preferences (where provided)

2.2 Booking & Service Data

  • Appointment details (date/time, practitioner, service type)

  • Booking history and attendance

  • Notes relevant to service delivery (e.g., session notes, client preferences)

2.3 Health / Medical Information (Special Category Data)

  • Collected only where relevant for treatment and only to the extent necessary:

  • Injury history and symptoms

  • Pain descriptions and functional limitations

  • Diagnoses (if provided)

  • Medication information (if provided)

  • Physical assessment notes / treatment notes

  • Body photos only with explicit client consent

    Important: Clients sometimes choose to share health-related information via messaging (WhatsApp/Telegram/Facebook/Instagram). We ask clients not to send unnecessary sensitive information via messaging.

2.4 Communications Data

  • Content of emails, calls, and messages

  • Messages via WhatsApp, Telegram, Facebook/Instagram

  • Basic metadata necessary to manage communication (e.g., timestamps)

2.5 Payments & Financial Data

  • Payment confirmation information (amount, date, reference)

  • Invoices/receipts and basic accounting records

  • Bank transfer details where applicable (payer name and transaction reference)

We do not store full card numbers or CVV codes. Card payments are processed via our payment terminal/merchant services provider.

2.6 Website Data (Cookies & Similar Technologies)

  • Data collected via essential cookies required to operate the site

  • If enabled, analytics and marketing cookies (see Section 10)

3. How We Collect Data

We collect personal data through:

  • Website: contact form submissions and website interactions

  • Online booking: Treatwell (including embedded booking/calendar widget on our website)

  • Direct communications: phone calls, email, WhatsApp, Telegram, Facebook/Instagram messages

  • In person at the clinic (including any paper forms if used)

  • Legacy platform: Fresha (where historic/partial booking data may remain)

4. Why We Use Your Data (Purposes)

We use personal data to:

  • Manage appointment booking, scheduling, reminders, and client administration

  • Provide treatment and maintain appropriate treatment records

  • Communicate with clients about appointments and service-related matters

  • Issue receipts/invoices and maintain financial records

  • Respond to requests for documentation (e.g., insurance documentation) where requested by the client

  • Maintain business security and prevent misuse of systems

  • Marketing and advertising only where consent is provided (we do not use health data for marketing)

5. Legal Bases for Processing (GDPR)

We rely on the following legal bases depending on the purpose:

5.1 Contract (GDPR Art. 6(1)(b))

To provide services you request (appointments, scheduling, client administration).

5.2 Legal Obligation (GDPR Art. 6(1)(c))

To comply with tax, accounting, and other legal requirements.

5.3 Consent (GDPR Art. 6(1)(a))

For optional activities such as marketing communications and (where applicable) for certain website cookies and tracking.

5.4 Legitimate Interests (GDPR Art. 6(1)(f))

For routine business operations (e.g., service improvement, security, fraud prevention), provided these interests do not override your rights.

5.5 Health Data (Special Category Data — GDPR Art. 9)

Where we process health-related data, we do so because:

  • it is necessary to provide treatment and maintain relevant treatment records, and

  • where required, we obtain explicit consent (Art. 9(2)(a)), including for photos.

6. Where Data Is Stored

Personal data may be stored in:

  • Treatwell (primary booking records; each therapist has restricted access to their own clients/schedule)

  • Wix (website forms and site operations)

  • Business devices used for operations and client communications (work phone, work laptop, work tablet)

  • Gmail (email correspondence and attachments)

  • Google Drive (business document storage, where used)

  • iCloud (device storage/backup, where used)

  • Paper records (if used), stored securely at the clinic

  • Legacy booking records in Fresha (where applicable)

7. Who Has Access

Access is limited on a “need-to-know” basis:

  • Oleksandr Kravchenko (Owner / Data Controller) — full access for administration and compliance

  • Authorised clinic administrator (where applicable)

  • Therapists — access limited to their own schedule and their own clients in the booking system

8. Sharing of Data (Third Parties)

We do not sell personal data.

We may share data only where necessary to run the service, including:

  • Treatwell (booking and scheduling platform)

  • Wix (website platform)

  • Email and communication providers (e.g., Gmail; messaging platforms used for communications)

  • Cloud storage providers (Google Drive, iCloud) where used

  • Payment terminal/merchant services provider and Bank of Ireland for payment processing and bank transfers

  • Meta platforms (Facebook/Instagram) for advertising measurement only where applicable and permitted (see cookies section)

If you request insurance documentation, we may share relevant information with your insurer only at your request or with your explicit instruction.

9. International Transfers (Outside the EEA)

Some of our service providers (e.g., Google, Apple, Meta, and some platform providers) may process data outside the European Economic Area.

Where transfers outside the EEA occur, we rely on appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs), and/or

  • other GDPR-compliant transfer mechanisms provided by the service provider.

10. Cookies, Tracking, and Advertising

Our website may use cookies and similar technologies.

  • Essential cookies are used to operate the site and cannot be switched off in our systems.

  • Analytics / marketing cookies (including potential tools such as the Meta Pixel or similar tracking technologies) are used only where enabled and, where required, only after you provide consent via our cookie consent banner/settings.

You can manage or withdraw cookie consent at any time via the cookie settings on our website (if enabled).

11. Data Retention (How Long We Keep Data)

We keep data only for as long as necessary for the purposes described above, including:

Medical / Treatment Records

Stored for up to 7 years after the client’s last appointment, unless a longer period is required in specific circumstances.

Financial Records

Invoices/receipts and accounting records are retained for 6–7 years in line with Irish tax and accounting requirements.

Contact Data & Communications

  • Contact details are kept while you remain an active client and/or until you request deletion (unless we must keep some data for legal reasons).

  • Message and email correspondence is retained as needed for scheduling and service delivery and is periodically reviewed for deletion/archiving where appropriate.

12. Children / Minors

  • We do not provide services to clients under 16-18 (as applicable to the service context) without the presence and consent of a parent or legal guardian. We do not knowingly collect personal data from minors without appropriate parental/guardian involvement.

13. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion (where legally possible)

  • Restrict or object to processing

  • Withdraw consent at any time (where processing is based on consent)

  • Data portability (where applicable)

  • Lodge a complaint with the Irish Data Protection Commission (DPC)

14. Security Measures

We apply reasonable technical and organisational measures, including:

  • Password/PIN/biometric protection on business devices

  • Access controls in booking platforms (role-based access for therapists)

  • Secure storage of paper records (where used)

  • Limited access on a need-to-know basis

  • Use of reputable service providers for email and cloud storage

  • Where available, multi-factor authentication (2FA) for key accounts

15. Data Breach Procedure

If we suspect a personal data breach, we will:

  1. Assess the incident and identify the scope and affected data

  2. Contain and mitigate the breach

  3. Notify the Irish Data Protection Commission within 72 hours where required

  4. Inform affected individuals where there is a high risk to their rights and freedoms

  5. Review internal procedures to reduce recurrence

16. Contact Us

For any privacy requests or questions, contact:

Email: Symmetry.ie@gmail.com
Phone: +353852013245

17. Complaints

You may lodge a complaint with the Irish Data Protection Commission (DPC).

bottom of page