Introduction

This Privacy Notice sets out how D.C Physiotherapy handles personal data in line with the General Data Protection Regulation (GDPR). It explains what data we collect, how it is used, how it is stored, and your rights regarding your information.

The person responsible for data protection is Dan Curran, who can be contacted at [your correct email address].

What is Personal Data?

Personal data is defined under GDPR as any information relating to an identifiable person who can be directly or indirectly identified.

In simple terms, this includes any information that can identify you, such as your name or contact details.

What Personal Data do we collect?

To provide safe and effective healthcare, we may collect and store information about you, your health, and your treatment. This may include:

• Name, address, email, and telephone number
• Date of birth and gender
• GP details
• Employment details where relevant
• Appointment and clinic attendance records
• Clinical notes, reports, and correspondence
• Treatment and rehabilitation information
• Imaging and test results (e.g. X-rays)
• Information provided in health questionnaires
• Information from other healthcare professionals involved in your care
• Payment information (processed securely via third-party providers)

How do we collect your Personal Data?

We collect personal data in several ways, including:

• When you book online via our booking system (managed by a third-party provider)
• During appointments, over the phone, or via email
• From parents or guardians, if you are under 18
• From healthcare professionals such as GPs or consultants when a referral is made

Payments are processed securely by third-party providers such as Stripe. We do not store your payment card details.

Legal bases for processing

We process personal data under the following lawful bases:

• To fulfil a contract with you
• With your consent
• To comply with legal and regulatory obligations
• For legitimate interests, such as maintaining clinical records and improving services

How we use your Personal Data

We use your data to:

• Provide safe and effective treatment
• Communicate with you about your care
• Support clinical decision-making
• Work with other healthcare providers where necessary
• Manage administrative and accounting processes
• Investigate concerns or complaints
• Comply with legal obligations

We may also anonymise data to improve services and monitor treatment outcomes.

Do we share your Personal Data?

We only share personal data when necessary for your care or where required by law. This may include:

• GPs, hospitals, and other healthcare providers
• Community healthcare services
• Social care services (where relevant)
• Private healthcare providers involved in your care

We will never share your data without a legitimate clinical or legal reason.

Your rights

You have the following rights under data protection law:

• The right to access your personal data
• The right to correct inaccurate information
• The right to request deletion of your data (where applicable)
• The right to restrict or object to processing
• The right to withdraw consent
• The right to data portability (in certain cases)
• The right to lodge a complaint with the Information Commissioner’s Office (ICO)

We encourage you to contact us first if you have any concerns.

How long we keep your data

We retain personal data only for as long as necessary.

• Adult clinical records: typically 8 years after treatment ends
• Children’s records: retained until age 25
• Longer retention may apply where legally required or in relation to ongoing legal matters

Confidentiality

We are legally required to keep your information confidential and ensure all records are:

• Accurate
• Secure
• Up to date

Changes to this policy

We may update this Privacy Notice from time to time. Any updates will be published on our website.

Contact details

For any further information, contact Dan Curran at d.c.ffisiotherapi@gmail.com.