UK GDPR Compliance

This page explains how Coastal Sensations Massage complies with the UK General Data Protection Regulation (UK GDPR), which governs the protection of personal data in the United Kingdom.

Scope and Applicability

Coastal Sensations Massage is an informational website providing details about our massage services. We do not collect personal data through user registration, accounts, or forms. Any personal data processed is limited to information automatically collected via website analytics, cookies, and server logs — such as IP addresses, browser type, and browsing behaviour — solely for operational and security purposes.

Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

• Right of access: You may request confirmation of whether we process your personal data and receive a copy of it.
• Right to rectification: You may request correction of inaccurate or incomplete personal data.
• Right to erasure: You may request deletion of your personal data where there is no compelling reason for its continued processing.
• Right to restriction of processing: You may request we limit how we use your data under certain conditions.
• Right to data portability: You may request your data in a structured, commonly used, and machine-readable format.
• Right to object: You may object to processing based on legitimate interests, including profiling.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

How We Comply

We do not store personal data in databases or user profiles. Any data collected automatically is retained only for as long as necessary for website functionality and security. We use anonymised analytics tools where possible. We do not sell or share personal data with third parties for commercial purposes.

Data We Process

The only personal data we may process includes:

• IP addresses (anonymised where possible)
• Browser and device information
• Pages visited and time spent on site
• Cookies and similar technologies for site functionality

This data is not linked to any identifiable individual unless voluntarily provided through a contact form.

Legal Basis for Processing

Our legal basis for processing limited personal data is legitimate interest — specifically, to ensure website security, improve user experience, and maintain operational integrity. We do not rely on consent for this limited processing.

How to Exercise Your Rights

To exercise any of your rights under UK GDPR, please contact us at:

[email protected]

Include your full name, the right you wish to exercise, and any relevant details (e.g., IP address or date of visit if known). We will respond without undue delay.

Response Timeframes

We aim to respond to all requests within one calendar month. If your request is complex or numerous, we may extend this by up to two additional months and will inform you within one month of receipt.

No Discrimination Policy

You will not be denied services, charged different prices, or receive a different level of service because you exercised your rights under UK GDPR.

Updates and Changes

This page will be reviewed annually and updated as required by law. Any material changes will be posted here with an updated effective date.

Contact Information

For questions, requests, or complaints regarding your data rights under UK GDPR, please contact:

Dante Lovelace
Level 35, Tower One - International Towers Sydney
100 Barangaroo Avenue, Sydney NSW 2000, Australia
[email protected]

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK’s supervisory authority for data protection: ico.org.uk.