Privacy Policy

Last updated: 26 January 2026

This Privacy Policy explains how [Business Name] ("we", "us", or "our") collects, uses, stores, and protects personal data when you use this website or engage with our services.

We are committed to protecting your privacy and handling personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable national laws in Luxembourg and the Netherlands.

1. Who We Are (Data Controller)

Ground Health
[Registered address]
[Country of establishment]
Email: [Email address]

For the purposes of GDPR, we are the data controller of your personal data.

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

a) Information You Provide Directly

  • Name and contact details (such as email address)

  • Information submitted through contact forms, booking forms, or intake questionnaires

  • Information shared during exploratory conversations or sessions

b) Booking and Payment Information

  • Booking details (date, service type, location)

  • Payment status and transaction references

Payment card details are processed securely by third-party payment providers (such as Stripe or Squarespace Payments). We do not store full payment card information.

c) Health-Related Information (Limited)

Where relevant and voluntarily provided, we may process limited information relating to your physical or mental wellbeing for the sole purpose of screening, suitability, and safe delivery of services.

We do not collect health data unless it is necessary and you choose to provide it.

d) Website Usage Data

  • IP address

  • Browser type and device information

  • Pages visited and interaction data

This data is collected through cookies and similar technologies (see Section 9).

3. How We Use Your Data

We use personal data only where there is a lawful basis to do so, including:

  • To respond to enquiries and communications

  • To manage bookings, scheduling, and service delivery

  • To carry out screening and assess suitability

  • To comply with legal and regulatory obligations

  • To improve the website and services

We do not sell personal data or use it for unrelated marketing purposes.

4. Lawful Bases for Processing

Under GDPR, we rely on one or more of the following lawful bases:

  • Performance of a contract (e.g. providing booked services)

  • Consent (e.g. optional intake information or marketing communications)

  • Legal obligation (e.g. accounting or regulatory requirements)

  • Legitimate interests, where these are not overridden by your rights

Where consent is required, you may withdraw it at any time.

5. How We Share Data

We only share personal data where necessary, including with:

  • Scheduling and booking providers (e.g. Squarespace Scheduling / Acuity)

  • Payment processors (e.g. Stripe)

  • Email and communication providers

All such providers act as data processors and are contractually required to protect your data in accordance with GDPR.

We do not transfer personal data outside the European Economic Area (EEA) unless appropriate safeguards are in place.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including:

  • The duration of our relationship with you

  • Any legally required retention periods

When data is no longer required, it is securely deleted or anonymised.

7. Your Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure of your data (where applicable)

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent at any time

To exercise your rights, please contact us using the details above.

You also have the right to lodge a complaint with your local data protection authority.

8. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse.

However, no online system can be guaranteed to be completely secure. You acknowledge that data transmission over the internet carries inherent risks.

9. Cookies and Analytics

This website uses cookies and similar technologies to ensure basic functionality and to understand how the site is used.

You may manage or disable cookies through your browser settings. Where required by law, consent for non-essential cookies will be requested.

Details of cookies used may be provided in a separate cookie notice.

10. Communications

We may send you administrative or service-related communications (such as booking confirmations or policy updates).

We will only send marketing communications where you have given explicit consent, and you may unsubscribe at any time.

11. Third-Party Links

This website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be published on this website, with the effective date indicated above.

13. Contact and Complaints

If you have questions or concerns about this Privacy Policy or the handling of your personal data, please contact:

Ground Health
[Registered address]
[Email address]

If you believe your data protection rights have been infringed, you may lodge a complaint with the relevant supervisory authority in Luxembourg or the Netherlands.

By using this website or engaging with our services, you acknowledge that you have read and understood this Privacy Policy.