Privacy Policy

Last Updated: [April 3, 2026] 

1. Introduction

At Soma (“we,” “us,” or “our”), we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website or visit our studio for treatment, in accordance with the General Data Protection Regulation (GDPR) and the laws of the Republic of Cyprus.

2. The Data We Collect

We may collect and process the following types of personal data:

  • Identity Data: First name, last name, and date of birth.
  • Contact Data: Email address, phone number, and billing address.
  • Health Data (Special Category): Medical history, allergies, current injuries, surgeries, and pregnancy status. We collect this strictly for the purpose of ensuring your safety during treatment.
  • Transaction Data: Details of payments and services you have purchased from us.
  • Technical Data: IP address, browser type, and cookies when you visit our website.

3. How We Use Your Data

We only use your personal data when the law allows us to. Most commonly, we use your data for the following reasons:

  • To fulfill a contract: To book your appointment, process payments, and send appointment reminders.
  • Vital Interests & Safety: To assess your suitability for massage therapy and adapt treatments to your health needs (e.g., avoiding injured areas).
  • Legal Obligation: To maintain financial records for tax purposes as required by Cyprus law.

4. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Generally, medical consultation forms are kept securely for a minimum of 5 years following your last visit.

5. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. Access to your personal and health data is limited to employees and therapists who have a business need to know and are subject to a duty of confidentiality.

6. Third-Party Services

We do not sell your data to third parties. However, we may share data with trusted service providers who assist our business operations, such as:

  • Booking Systems: To manage your appointments and schedule.
  • Payment Processors: To securely process credit card transactions.
  • Accountants: For tax and financial reporting.

7. Your Legal Rights

Under the GDPR, you have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”).
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data (the “right to be forgotten”), subject to legal retention requirements (e.g., tax records).
  • Withdraw consent at any time where we are relying on consent to process your data.

8. Cookies

Our website uses cookies to improve your browsing experience and analyze website traffic. You can choose to disable cookies through your browser settings, though this may affect the functionality of the site.

9. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your legal rights, please contact us:

  • Email: msg.cyprus@gmail.com
  • Phone: +357 9688 2634