Privacy Policy
Last Updated:24/04/2026
At Sports Therapy Marbella, we are committed to protecting your privacy and ensuring your personal data is handled in a safe and transparent manner. This Privacy Policy explains how we collect, use, and protect your information in accordance with the EU General Data Protection Regulation (GDPR) and the Spanish Organic Law 3/2018 (LOPDGDD).
1. Data Controller
The entity responsible for your personal data is:
Name: Grant Foster Sports Therpay
Address: urbanisation lorcirmar, fase4, blq5, apmt B-G, Marbella Spain
NIF/CIF: [Your Spanish Tax ID Number]
Email: [email protected]
Website: https://sportstherapymarbella.com/
2. Information We Collect
We may collect and process the following categories of data:
Contact Information: Name, email address, phone number.
Health Data: As a sports therapy provider, we may collect information regarding your physical condition, injury history, and treatment notes. Note: Under GDPR, this is "Special Category Data" and is handled with the highest level of confidentiality.
Technical Data: IP address, browser type, and usage patterns via cookies when you visit our website.
Communications: Any information you provide when contacting us via forms, WhatsApp, or email.
3. Purpose of Processing
We use your data for the following purposes:
Clinical Management: To provide sports therapy treatments and maintain your clinical history.
Appointment Scheduling: To manage bookings and send reminders via our CRM provider, Follow Up Spark.
Invoicing: To process payments and comply with Spanish tax obligations.
Communication: To respond to inquiries and, if you give explicit consent, send newsletters or wellness tips.
4. Legal Basis for Processing
We process your data based on:
Contractual Necessity: To provide the therapy services you have requested.
Explicit Consent: For the processing of health-related data and marketing communications.
Legal Obligation: To comply with Spanish accounting and health record retention laws.
5. Data Processors & Third Parties
Your data is never sold to third parties. However, we use trusted service providers to run our business:
Follow Up Spark: We use this platform for CRM, marketing automation, and lead management. Your data may be stored on their secure servers (refer to Follow Up Spark’s Privacy Policy).
Cloud Hosting: Our website and email providers may process technical data.
Legal Authorities: If required by Spanish law or tax authorities.
6. International Data Transfers
Follow Up Spark is based in the United States. When your data is transferred outside the European Economic Area (EEA), we ensure it is protected through Standard Contractual Clauses (SCCs) or other legal frameworks approved by the European Commission to ensure a level of protection equivalent to the GDPR.
7. Data Retention
We retain your health records for a minimum of 5 years, as required by Spanish Law 41/2002 regarding patient autonomy and clinical documentation. Contact data for marketing is kept until you withdraw your consent.
8. Your Rights
Under the GDPR, you have the following rights:
Access: Request a copy of the data we hold about you.
Rectification: Request correction of inaccurate data.
Erasure (Right to be Forgotten): Request deletion of your data (subject to legal retention requirements for health records).
Portability: Request your data in a structured, digital format.
Withdraw Consent: Withdraw your consent for marketing at any time.
To exercise these rights, please email us at [email protected] with the subject "Data Protection." You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.
9. Cookies
Our website uses cookies to improve your experience. You can manage your preferences through your browser settings.
