Privacy policy

Who We Are

Sloth Massage ("we", "us") is a massage therapy business based in Odense, Denmark. It is owned and operated by a sole practitioner, Dominik Kovacik. We are committed to protecting your privacy and handling your personal data in compliance with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act. This Privacy Policy explains what information we collect, how we use and protect it, and your rights regarding your personal data.

If you have any questions about this policy or your data, you can contact us at sloth.massagedk@gmail.com.

Personal Data We Collect

We collect personal information from you when you use our services or interact with our website. This includes:

  • Contact Information: Your name, email address, and phone number, which you provide when booking a session or contacting us.

  • Booking Details: Information related to your appointment booking, such as the type of massage or session you prefer, and scheduling preferences (date and time of appointments).

  • Health Information: Any health-related information you choose to share with us. For example, our online booking form (powered by Planway) allows you to optionally provide comments about your health or specific concerns. Additionally, during or after your sessions, we may record session notes that include relevant health information (e.g., injuries, allergies, areas of tension) to ensure you receive safe and appropriate treatment. This health information is treated as sensitive and kept confidential.

  • Communications: Any information you voluntarily provide when you communicate with us (for instance, details you share via email or through a contact form on our website).

  • Website Usage Data: When you visit our website, we automatically collect certain technical data through cookies and Google Analytics. This may include your IP address, browser type, device information, and browsing actions on our site (such as pages viewed and links clicked). While we do not use this to identify you personally, it is considered personal data under GDPR (for example, IP addresses are classified as personal data)​ europa.eu. Please see our Cookies Policy below for more detail on what data is collected via cookies.

We do not collect any more data than necessary. We do not collect or process any special identifiers like CPR numbers or payment card details via our website. All personal data we collect is provided directly by you or generated during the provision of our services.

How We Use Your Data

We only use your personal information for specific purposes in relation to our massage services and website. These purposes include:

  • To Provide Services: We use your information to schedule and conduct your massage appointments and to tailor the session to your needs. For instance, health information you provide helps us ensure your massage is safe and customized for any conditions you’ve mentioned​. Without certain data (like your name and appointment details), we cannot provide the service.

  • To Communicate with You: We use your phone number and email to send appointment confirmations, reminders, or to contact you about any changes or questions regarding your booking. If you reach out to us with inquiries, we will use your contact information to respond. We will not use your contact details to send you newsletters or marketing emails unless you have explicitly opted in to such communications. (Currently, we do not send any newsletter or mass marketing emails at all, so you will only hear from us regarding your appointments or direct inquiries.)

  • To Maintain Records: We keep internal records of your sessions, including any notes on your preferences or health concerns, so that we can provide continuity of care in future sessions. These records enable us to track your progress and ensure each massage is appropriate for you based on past sessions.

  • To Improve Our Website and Services: We analyze aggregate website usage data through Google Analytics to understand how our site is performing and to improve user experience. For example, we may look at which pages are most visited or how users find our site. This helps us optimize our content and site navigation. The data collected for analytics is statistical in nature and does not directly identify you as an individual.

  • To Ensure Legal Compliance and Security: In some cases, we may process personal data to fulfill our legal obligations or resolve disputes. For instance, we might retain invoice information for accounting purposes or use data to comply with Danish laws. We also may use data as necessary to protect our rights or the rights of our clients (for example, information might be used to prevent misuse of our services or in the rare event of handling any legal claims).

We do not use your personal data for any kind of automated decision-making or profiling that has legal or significant effects on you. All usage of personal data is aligned with the purposes stated above and we will not process it for unrelated purposes without your consent.

Legal Bases for Processing

Under GDPR, we must have a valid legal basis to process your personal data. Depending on the type of data and the context, we rely on the following legal grounds:

  • Performance of a Contract (GDPR Article 6(1)(b)): When you book a massage with us, a contract (even if informal) is formed for us to provide that service. We need to process your name, contact details, and booking information in order to schedule and fulfill your appointment​. This also covers communications directly related to your appointments (e.g., sending reminders or discussing your treatment plan).

  • Consent (GDPR Article 6(1)(a) and Article 9(2)(a)): We ask for your consent in certain situations. Providing health-related information on our booking form or during sessions is completely optional and done with your consent — we will use that information only to enhance your treatment with your explicit permission, since it is considered sensitive health data​. By choosing to give us health details, you consent to our processing of that special category data for the purpose of providing you with a safe, personalized service. Similarly, our website’s analytics cookies are only activated with your consent (you will be prompted to allow these). You have the right to withdraw consent at any time (for example, you can request us to delete health information you provided, or you can disable cookies as described in our Cookies Policy).

  • Legitimate Interests (GDPR Article 6(1)(f)): We may process some data for our legitimate business interests, provided these are not overridden by your rights. For example, if you email us with a question but haven’t yet made a booking, we have a legitimate interest in processing your contact information and message so we can reply to you and provide information. We may also rely on legitimate interests to keep basic records or improve our services (such as analyzing trends in how appointments are booked) in ways that do not infringe on your privacy​. When we use this basis, we always consider and balance any potential impact on you and your rights.

  • Legal Obligation (GDPR Article 6(1)(c)): In some cases, we are required by law to process or retain certain data. For instance, Danish law may require us to keep transaction records (invoices, etc.) for a certain number of years for tax and accounting purposes​. If we are under a legal obligation to retain or disclose some of your information, we will do so to comply with the law.

If we ever need to process your personal data for a new purpose that is not covered by the above legal bases, we will inform you and, if necessary, obtain your consent before proceeding.

How We Share and Disclose Data

We treat your personal data with care and confidentiality. We do not sell your information to third parties, and we only share it in a few limited scenarios, such as the following:

  • Service Providers (Processors): We use trusted third-party services to help run our business. These providers process data on our behalf and are bound by contracts to protect your information and use it only for the agreed purpose.

    • Planway (Booking System): We use Planway as our online booking system. When you book a session, the details you enter (name, contact, appointment info, and any comments) are stored securely in Planway’s system. Planway acts as a data processor for us, which means they handle your data under our instructions and in compliance with GDPR. We have a data processing agreement in place with Planway to ensure your data is safeguarded​planway.com. Planway is a Danish company, and your data is stored on their secure servers. They are not allowed to access or use your information for their own purposes. We also log session notes in Planway, so your health information (if provided) and treatment notes reside on this secure platform.

    • Email and Hosting Providers: When you email us at sloth.massagedk@gmail.com, your message is handled by Google's email service (Gmail). Thus, your communications and email address are stored on Google's systems. We trust Google as an email provider that has robust security and is compliant with data protection regulations through measures like Standard Contractual Clauses for data transfers​. Similarly, our website hosting provider (if applicable) may incidentally process technical data (like server logs of IP addresses) simply by hosting the site. All such providers are required to protect your data and only process it for providing their service to us.

    • Analytics (Google Analytics): We use Google Analytics to collect anonymized statistics about website usage. Google Analytics is provided by Google (Google Ireland Limited for EU services). Google acts as a processor for website analytics data. The information generated by the Google Analytics cookies (about your use of our site, including truncated IP address and activity data) may be transmitted to and stored by Google. Google may process this data on servers outside the EU (for example, in the United States). We have taken steps to ensure compliance with GDPR when using Google Analytics, such as enabling IP anonymization so that Google truncates IP addresses within the EU, and accepting Google's data processing terms which include Standard Contractual Clauses to safeguard any international data transfer​. Google is prohibited from using this analytics data for their own purposes or sharing it, other than as needed to provide us with analytics reports.

  • Other Disclosures with Your Consent: Apart from our service providers, we will not share your personal data with others unless you ask us to or give us your permission. For example, if in the course of your treatment you need a referral or we discuss coordinating with another healthcare provider (such as your physiotherapist or doctor), we would only share your information with them if you explicitly agree to it​. You are in control of that decision.

  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (for example, to comply with a court order or government investigation). If this happens, we will only provide the minimum necessary information and, if allowed, we'll inform you of such disclosures.

  • Business Transfers: (At present, as a sole proprietorship, there are no corporate transactions.) If in the future the business is transferred or merged, we would ensure the new owner continues to uphold your privacy rights as outlined in this policy, or we would seek your consent where required.

Rest assured, outside of the scenarios above, no one else receives access to your personal data. We do not share client information with other businesses for marketing or any other purposes.

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements. The retention periods can vary based on the type of data:

  • Client Records (Contact, Booking, and Health Data): If you become a client (i.e., you book a massage session), we will retain your information for as long as you continue to use our services. After your last appointment, we typically keep your records for up to 7 years. This retention period is based on common professional recommendations for massage therapy records and potential legal requirements (for example, some insurance or liability considerations suggest keeping client treatment records for several years). Keeping records for this duration allows us to have your history available in case you return for another session, and to comply with any obligations. After this period, or if we no longer need the data, we will delete or anonymize it. We review client records periodically (at least once a year) and securely dispose of information that is no longer needed​.

  • Inquiry Communications: If you contacted us but never booked a session, we will generally not keep your personal information indefinitely. We will retain the conversation and your contact details just long enough to address your inquiry and a short period thereafter in case you have follow-up questions. After that, we may delete the correspondence and any personal data associated with it, typically within one year of our last communication, unless there is another legitimate reason to keep it longer (for example, if you ask us to notify you of future availability).

  • Analytics Data: Data collected via Google Analytics is retained within Google’s systems for a limited time (we have set Google Analytics to retain user-level data for ~14 months before automatic deletion, which is a common default). We do not personally identify users in analytics. Any aggregated analytics reports we download or keep will not contain personally identifiable information.

  • Legal and Transaction Records: If there are records we must keep to comply with laws (e.g., financial records for tax purposes), those may be kept for the period required by law. For instance, under Danish accounting rules, basic transaction information might be kept for 5 years​. Such data would typically be minimal (perhaps your name on an invoice or payment record) and kept only in our financial files, not in our active client database.

After the applicable retention period ends, we will securely erase or anonymize your personal data. For digital records, this means removing data from our systems or archives such that it cannot be reconstructed. For any physical notes (if any ever printed), this would mean shredding or incineration.

If you exercise your right to deletion, we will also delete data as applicable (see "Your Rights" below), provided we are not required to keep it for a legal reason.

Data Security

We take the security of your personal information seriously. We implement a variety of technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Secure Platforms: All client data (contact details, bookings, and notes) are stored in Planway’s secure system and in our protected email account. Planway employs security protocols such as encryption and secure authentication to keep data safe, and our access to Planway is password-protected. According to Planway’s policies, they handle your data confidentially and in compliance with data protection regulations​ planway.com.

  • Access Control: Only Dominik Kovacik (the practitioner and owner of Sloth Massage) and authorized IT administrators (if any, supporting our systems) have access to your personal data. There are no additional employees in the business, which limits exposure of your information. Dominik is committed to confidentiality and has taken steps to ensure that client data is not shared or accessed improperly.

  • Device and Network Security: Our computers and devices that access client data are secured with strong passwords/passcodes and regularly updated software. We use reputable security software to protect against viruses or malware. Whenever possible, we enable encryption (for example, our email is accessed via secure, encrypted connections). We avoid storing sensitive data on portable devices, but if it were necessary, those devices would be encrypted.

  • Website Security: Our website uses standard security measures (such as HTTPS encryption) to protect data transmitted between your browser and the site. This means that any information you enter on our site (for example, through a contact form or the booking form embedded from Planway) is encrypted in transit. We also keep our website platform and plugins updated to patch any security vulnerabilities.

  • Third-Party Security: We choose service providers who prioritize data security. As mentioned, Google and Planway are established providers with robust security in place. We have agreements in place to ensure they protect your data. We do not share data with any service that we believe does not have proper security controls.

  • Payment Security: (Note: Currently, we do not process payments through our website; payments for sessions are handled in person or Planway's portal, so we are not collecting financial data online. If this changes, we will update our policy to reflect how payment data is protected.)

Despite all our efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. However, we follow industry best practices to minimize risks. In the unlikely event of a data breach that affects your personal data, we have a procedure to promptly notify affected individuals and the relevant authorities (such as Datatilsynet in Denmark) as required by GDPR​ europa.eu.

Your Rights

As a user of our services or site, and as a "data subject" under GDPR, you have several rights regarding your personal data. You can exercise these rights at any time by contacting us (see "Contact Us" section below). These rights include​ europa.eu:

  • Right of Access: You have the right to request a copy of the personal data we hold about you, as well as information about how we process it. We will provide you with a summary of your data upon request, free of charge (for additional copies or manifestly unfounded requests, a fee or refusal may apply as allowed by law).

  • Right of Rectification: If any of your information is incorrect or outdated (for example, you change your phone number), you have the right to have it corrected or updated. We encourage you to keep us informed of any changes so we can update our records.

  • Right to Erasure: You have the right to request deletion of your personal data ("right to be forgotten"). If you no longer want us to have your information, we will erase the data we hold about you upon your request, provided that we do not have an overriding legal obligation or legitimate reason to keep it. For instance, if you withdraw your consent for us to hold optional health information, we will remove those details. Note that for records we are required to keep (e.g., for legal compliance), we may not be able to delete them immediately but will do so as soon as legally permissible.

  • Right to Restrict Processing: You can ask us to restrict or pause the processing of your data in certain circumstances. For example, if you contest the accuracy of the data or if you want us to retain data but not use it (perhaps while you pursue a legal claim), we will mark that data to ensure it is not processed for anything other than storage.

  • Right to Object: You have the right to object to certain types of processing. For example, you can object to any processing we do based on legitimate interests. In such cases, we will stop that processing unless we have a compelling legitimate ground to continue or it is needed for legal claims. You can also object to receiving any direct marketing, but as noted, we do not send marketing communications without consent.

  • Right to Data Portability: For data you provided to us and which we process by automated means based on your consent or our contract, you have the right to request that we provide it to you or directly transfer it to another service provider in a commonly used, machine-readable format. In practice, this might apply if you wanted a copy of the basic information you gave us on the booking form, so you could reuse it elsewhere.

  • Right to Withdraw Consent: If we are processing any of your data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before your withdrawal. For example, if you no longer want us to keep your health information, you can let us know and we will delete it. Similarly, you can revoke consent for analytics cookies through the methods described in our Cookies Policy.

  • Right Not to Be Subject to Automated Decisions: We do not use your data for any automated decision-making or profiling that would produce legal effects or similarly significant effects. If that ever changes, you would have the right to object and request human intervention.

  • Right to Complain: If you believe your data has been handled improperly or your rights have not been respected, you have the right to file a complaint with the relevant supervisory authority. In Denmark, this is the Danish Data Protection Agency (Datatilsynet). You can contact Datatilsynet at: Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Denmark, telephone +45 33 19 32 00, email dt@datatilsynet.dk​. We kindly ask that you contact us first so we can address your concerns directly, but you are free to contact the authorities at any time.

We will do our best to accommodate any request or inquiry regarding your rights as soon as possible, and at most within one month as required by law (this timeframe can be extended by two further months for especially complex requests, but we will inform you if that is the case).

Contact Us

If you have any questions about this Privacy Policy or wish to exercise any of your rights, please contact Dominik Kovacik at Sloth Massage:

  • Email: sloth.massagedk@gmail.com

  • Phone: +45 50 32 95 58

  • Postal Address: Vestergade 39, 4.th, 5000 Odense C

Email is our primary contact method for privacy inquiries. We may take steps to verify your identity before fulfilling requests to ensure we protect your data from unauthorized access.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will notify clients via email or by posting a prominent notice on our website. The "last updated" date below indicates when this Policy was last revised.

We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

Last updated: April 5, 2025

Cookies Policy

Introduction

This Cookies Policy explains how Sloth Massage uses cookies and similar technologies on our website. By using our site, you can choose which cookies you allow. We strive to be transparent about what data is collected via cookies and how it is used, in accordance with the Danish "Cookie Order" and GDPR requirements for consent and transparency​.

Our website uses cookies to ensure basic functionality, remember your preferences, and help us understand how visitors use our site. We do not use cookies to personally identify you, but simply to provide a better experience and to analyze our website performance. Below we describe what cookies are, what types we use, and how you can manage your cookie choices.

What Are Cookies?

Cookies are small text files that are placed on your computer or mobile device when you visit websites. These files contain information that the website uses to enhance your experience, such as remembering that you are logged in or keeping track of your settings. Cookies can also collect information about your browsing behavior. In short, they are “small data files that gather information on website users” and help websites function or gather analytics information.

Cookies can be "first-party" (set by our website) or "third-party" (set by another domain, such as an analytics or social media service). Cookies may last only for your session (session cookies, which are deleted when you close your browser) or remain on your device for a longer period (persistent cookies, which stay until they expire or you delete them).

How We Use Cookies

We use cookies on the Sloth Massage website for the following purposes:

  • Essential Functionality: Some cookies are strictly necessary for our site to work correctly. For example, if our booking system (Planway) is embedded on the site, it may use cookies to enable the booking process (such as keeping track of your appointment selection as you fill in the form). These essential cookies also include those that help with basic security and network management. The site cannot function properly without these cookies, so they are always active. (Under the Danish Cookie Order, such technically necessary cookies can be set without prior consent​, but we still want you to know about them.)

  • Preferences: We use cookies to remember any preferences you set on our site to make your experience better. For instance, if our site offers an option to remember your details for next time or to keep certain settings (like language selection or a cookie consent choice), cookies will store that information so you don’t have to re-enter it. These cookies are not strictly necessary, but they enhance your experience by personalizing the site for you.

  • Analytics: With your permission, we use analytics cookies (specifically Google Analytics cookies) to collect information about how visitors use our website. This includes data such as which pages are visited, how long people stay on each page, what site referred the visitor, and general information about visitors’ devices (e.g., whether they're on a phone or computer). We use this information to generate reports and statistics that help us understand website traffic and improve our site’s design and content. The analytics cookies we use come from Google Analytics, which is a widely used analytics tool. These cookies may have names like _ga, _gid, etc., and they typically remain on your device for a set period (for example, the main Google Analytics cookie _ga can persist for 2 years if you don’t delete it). All data collected through these cookies is aggregated and anonymized; we do not see personal identifiers. We have also configured Google Analytics to anonymize IP addresses, so that your full IP is not stored. These analytics cookies will only be set if you explicitly allow them when you first visit our site or if you later opt-in. If you decline, we will not set them and your visit will not be tracked in our analytics.

Importantly, we do not use any advertising or targeting cookies on our site. We do not display third-party ads, so we have no cookies for advertising purposes. Similarly, we do not use social media tracking cookies or any other cookies beyond the categories listed above.

Your Cookie Choices and Consent

When you first visit our website, you will see a cookies notice or banner that asks for your consent for us to use certain cookies (like analytics). You can choose to accept all cookies or decline the non-essential ones. Essential cookies (those required for site functionality) are used regardless of consent, as the site cannot run without them, but they do not store personally identifiable information.

If you choose to accept analytics cookies, you are helping us improve our service, but it’s entirely your choice. If you decline, your browsing experience on our site will remain unaffected; you will still be able to navigate and use all features (including booking appointments). We respect your decision and will not activate any optional cookies without your consent.

Managing and Disabling Cookies

You have the right to control and manage your cookies at any time:

  • Using Our Site's Tools: If our site provides a “Cookie Settings” option or if you want to change your choice after initially accepting/declining, you can use that feature (for example, clicking a link like "Change Cookie Preferences") to update your consent. We will then act on your preferences immediately.

  • Browser Settings: Most web browsers allow you to control cookies through their settings. You can usually find options to block all cookies, accept only certain types, or delete cookies when you close your browser. For instance, in Chrome you can go to Settings > Privacy and Security > Cookies and other site data; in Safari, you can go to Preferences > Privacy; in Firefox, go to Options > Privacy & Security. Using these settings, you can delete cookies that have already been set and prevent new ones from being stored. You can also typically use “private” or “incognito” browsing modes, which do not save cookies long-term.

  • Opt-Out for Google Analytics: Google provides an opt-out browser add-on if you want to prevent data from being used by Google Analytics on any website. You can download and install it from Google's site. (This is an extra step only if you wish to universally opt-out of Google Analytics beyond our website.)

Be aware that if you disable all cookies (especially essential ones) via your browser, some features of our site (and other sites) may not function correctly. For example, you might not be able to complete an online booking if the necessary cookie to remember your appointment selection is blocked. We recommend allowing at least the essential cookies for a smooth experience.

On the other hand, refusing or deleting analytics and preference cookies will not significantly affect the basic functioning of our site; it will mainly just mean we have less data to improve our services, and you might need to re-enter some preferences each time.

Remember, you can also withdraw your consent for cookies at any time. If you previously gave consent and have changed your mind, simply adjust your settings as described above. We will respect your new preferences going forward​.

Changes to This Cookies Policy

We may update this Cookies Policy from time to time to reflect changes in the cookies we use or to ensure compliance with new legal requirements or user experience improvements. If there are significant changes (for example, if we begin using a new type of cookie), we will update the information here and, if necessary, prompt you again for consent.

We encourage you to review this policy periodically to stay informed about our use of cookies. The date of the latest revision is indicated below.

Contact Information

If you have any questions or concerns about our use of cookies, you can contact us via email at sloth.massagedk@gmail.com. We will be happy to explain anything that may not be clear in this policy.

By continuing to use our website, you acknowledge that you have been informed about our use of cookies (and have given consent for non-essential cookies, if applicable). Thank you for taking the time to read our Cookies Policy.

Last updated: April 5, 2025