Privacy Policy for Salisbury Physiotherapy Clinic Ltd

Last Updated: June 17, 2025

Salisbury Physiotherapy Clinic Ltd (“we,” “us,” or “our”), Company No. 12374917, is committed to protecting the privacy and personal data of our Clients and website visitors (“you”). This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and other applicable UK data protection laws. Our registered office is Crown Chambers, Bridge Street, Salisbury, United Kingdom, SP1 2LZ.

1. Data Controller and ICO Registration

We are the data controller for personal data processed through our website (neurophysiotherapy.co.uk) and Services. We are registered with the Information Commissioner’s Office (ICO):

  • Registration Number: ZB107938
  • Expiry Date: June 28, 2026


Verify at: https://ico.org.uk/about-the-ico/what-we-do/register-of-fee-payers/For inquiries, contact:

2. Information We Collect

We collect only the data necessary to provide our mobile physiotherapy Services and operate our website effectively. The types of personal data we may collect include:

  • Contact Information: Name, email address, phone number, and postal address when you book appointments, contact us, or request a Non-Disclosure Agreement (NDA).
  • Medical Information: Health and medical history provided during consultations to create tailored treatment plans (e.g., neurological physiotherapy needs).
  • Website Usage Data: IP address, browser type, device information, and pages visited, collected automatically via cookies or analytics tools (see Section 7).
  • Payment Information: Billing details (e.g., bank account details for BACS transfers) for invoicing purposes, though we do not store payment card information.
  • Correspondence: Records of communications (e.g., emails, phone calls) related to inquiries or Services.

For high-profile or VVIP Clients, additional data may be processed under an NDA (see Section 6).

3. How We Collect Information

We collect your data through:

  • Direct Interactions: When you contact us via phone (07595285732), email (info@neurophysiotherapy.co.uk), website forms, or in-person consultations.
  • Service Provision: During physiotherapy sessions, including medical assessments and treatment plans.
  • Website Usage: Automatically via cookies, Google Analytics, or similar tools to improve user experience (with your consent where required).
  • Third Parties: Only with your explicit consent (e.g., referrals from medical professionals) or as required by law.

4. How We Use Your Information

We use your data to:

  • Provide Services: Deliver mobile physiotherapy, create treatment plans, and schedule appointments.
  • Communicate: Respond to inquiries, send appointment confirmations, and issue invoices.
  • Comply with Legal Obligations: Meet GDPR, HCPC, and tax requirements (e.g., record retention).
  • Improve Our Website: Analyze usage data to enhance functionality and user experience.
  • Ensure Security: Protect against fraud, unauthorized access, or data breaches.
  • Offer NDAs: Process requests for Non-Disclosure Agreements for VVIP Clients.

We process data based on the following legal grounds:

  • Consent: For medical information, website cookies, or marketing (where applicable).
  • Contract: To fulfill service agreements (e.g., appointments, invoicing).
  • Legal Obligation: For compliance with GDPR, ICO, or HMRC.
  • Legitimate Interests: For website analytics, security, or service improvements, balanced against your privacy rights.

5. Data Sharing and Disclosure

We do not share your personal data with third parties except:

  • With Your Consent: E.g., sharing medical reports with your doctor or processing NDAs.
  • Service Providers: Trusted partners (e.g., IT providers, accountants) under strict data processing agreements, ensuring GDPR compliance.
  • Legal Requirements: When required by law (e.g., court orders, HMRC audits).
  • Emergency Situations: To protect your safety or others (e.g., medical emergencies).

For VVIP Clients, NDAs ensure additional confidentiality (see Section 6).

6. Non-Disclosure Agreements (NDAs)

High-profile or VVIP Clients may request an NDA to enhance confidentiality beyond this policy. A customizable NDA template is available, tailored to your specific privacy needs. To request an NDA, email info@neurophysiotherapy.co.uk with your requirements. See our Terms and Conditions at neurophysiotherapy.co.uk/terms-of-service for the full NDA process. NDAs are governed by English law (UK Clients) or mutually agreed jurisdictions (international Clients).

7. Cookies and Website Analytics

Our website uses cookies and similar technologies to enhance functionality and analyze usage. Types of cookies include:

  • Essential Cookies: Enable core features (e.g., navigation, form submissions).
  • Analytics Cookies: Track usage (e.g., Google Analytics) to improve the site, anonymizing data where possible. We use Google Analytics for anonymized usage data. No other third-party analytics tools are currently employed.
  • Preference Cookies: Store user settings (e.g., language preferences).

You can manage cookie preferences via our website’s cookie banner or browser settings. For details, contact info@neurophysiotherapy.co.uk. Refusing non-essential cookies may limit functionality.

8. Data Storage and Security

  • Storage: Personal data is stored securely in encrypted electronic systems or locked physical cabinets. Medical records (written, audio, visual) are protected with access controls.
  • Retention:
    • Adult Clients: Retained for 8 years from the last treatment, per the Limitation Act 1980.
    • Underage Clients: Retained for 8 years from their 18th birthday or last treatment if post-18.
    • After retention periods, data is securely deleted or destroyed per GDPR.
  • Security Measures: Encryption, firewalls, access restrictions, and regular staff training ensure data protection.
  • International Transfers: For non-UK Clients, data transfers (if any) use GDPR-approved Standard Contractual Clauses or other safeguards, ensuring equivalent protection.

9. Your Data Protection Rights

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data.
  • Rectify: Correct inaccurate or incomplete data.
  • Erase: Request deletion of data (subject to legal retention requirements).
  • Restrict: Limit data processing in certain cases.
  • Portability: Receive your data in a structured, machine-readable format.
  • Object: Oppose processing based on legitimate interests (e.g., analytics).
  • Withdraw Consent: Revoke consent for specific processing (e.g., cookies, marketing).

To exercise these rights, contact info@neurophysiotherapy.co.uk. We will respond within one month, free of charge, unless requests are complex or repetitive. You may also lodge a complaint with the ICO (https://ico.org.uk/make-a-complaint/).

10. Data Breaches

In the unlikely event of a data breach, we will:

  • Notify the ICO within 72 hours if required by GDPR.
  • Inform affected Clients promptly if the breach poses a high risk to your rights.
  • Take immediate steps to mitigate harm and prevent recurrence.

11. Third-Party Links

Our website may contain links to third-party sites (e.g., payment gateways, professional bodies). We are not responsible for their privacy practices. Review their policies before sharing data.

12. Children’s Privacy

Our Services are not intended for children under 16 without parental consent. For underage Clients, we retain data per Section 8, with parental or guardian consent for processing.

13. Changes to This Privacy Policy

We may update this policy to reflect legal or operational changes. Updates will be posted on neurophysiotherapy.co.uk with the revised date. Significant changes will be communicated via email or website notices.

14. Contact Us

For questions, concerns, or to exercise your data protection rights, contact: