Privacy Policy

Last Updated: 2 May 2026

​

1. Introduction
This privacy notice outlines how personal and medical data is collected, processed, stored, and protected. All data operations are conducted in strict accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a registered entity with the Information Commissioner's Office (ICO), the clinic is committed to maintaining the highest standards of data security and patient confidentiality.

2. The Data Collected
The following information may be collected via website forms, telephone inquiries, or initial clinical consultations:

Personal Identifiers: Full name, date of birth, and contact details (including phone number and email address).

Health Insurance Credentials: Insurance provider name, policy or membership numbers, and pre-authorisation or claim codes.

Clinical Information: Relevant medical history, presenting symptoms, and case notes necessary for safe and effective physiotherapy assessment and treatment.

3. How Data is Collected and Used
Data is collected directly from individuals when filling out online intake forms, booking appointments, or corresponding with the team. This information is processed strictly for the following purposes:

To verify health insurance eligibility and process pre-authorisation codes directly with insurance providers.

To manage clinical schedules, appointment invitations, and booking confirmations.

To deliver high-quality, professional physiotherapy and rehabilitative care.

To comply with legal, professional, and clinical record-keeping obligations.

4. Legal Basis for Processing
Under the UK GDPR, the lawful bases relied upon for processing this information are:

Contractual Obligation: Processing is necessary to take steps at your request prior to entering into a contract (e.g., verifying insurance before booking) and to fulfill the terms of your clinical care.

Legal Obligation: To maintain accurate medical records in compliance with UK healthcare regulations.

Consent: Explicit consent is obtained via affirmative actions (such as checking verification boxes) to contact insurance providers on your behalf.

Special Category Data (Health Data): Health data is processed under Article 9(2)(h) of the UK GDPR, relating to the provision of health or social care and treatment.

5. Data Sharing and Third Parties
Patient data is kept strictly confidential. It is never sold, rented, or shared with third parties for marketing purposes. Data is only shared with trusted entities directly involved in your care and administration:

Your Health Insurance Provider: To verify credentials, check policy excesses, and submit invoices for treatment.

Secure Clinical Platforms: For digital charting, diary management, and secure medical billing (e.g., via Healthcode).

Medical Professionals: Where explicit consent is provided to update a referring GP or consultant regarding clinical progress.

6. Data Storage and Security
Data security is taken incredibly seriously. All online form submissions, personal details, and clinical notes are transmitted securely and stored within encrypted, GDPR-compliant healthcare management systems. Data is retained only for as long as legally mandated by UK health records retention policies (typically 8 years following the conclusion of treatment for adults).

7. Your Data Protection Rights
Under UK data protection law, individuals have specific rights regarding their personal information, including:

The right of access: The right to ask for copies of personal information.

The right to rectification: The right to ask to rectify inaccurate or incomplete information.

The right to erasure: The right to ask for personal data to be erased, subject to statutory retention exemptions for medical records.

The right to restrict or object to processing: The right to object to or limit how data is handled.

To exercise any of these rights, please contact the clinic administration team directly.

8. How to Complain
Any concerns regarding data usage can be raised directly with the clinic team. If a response is unsatisfactory, a formal complaint can be lodged with the Information Commissioner’s Office (ICO) at ico.org.uk.