Privacy Policy
Last Updated: 12th January 2026
1. Introduction
Functional Rehab Clinic ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller: Functional Rehab Clinic [Full Registered Business Name] [Registered Address] Email: [contact email] Phone: [phone number]
Hope [Surname], the clinic's founder, is registered with the Chartered Society of Physiotherapy (CSP) and adheres to their professional standards and code of conduct.
2. Information We Collect
We collect and process the following types of personal data:
Contact Information:
Name
Email address
Phone number
Postal address
Health Information:
Medical history
Current symptoms and conditions
Treatment records
Assessment notes
Progress reports
Information about medications or allergies
Payment Information:
Bank transfer details (BACS)
Payment records
Appointment history
Website Usage:
IP address
Browser type
Pages visited
Time spent on site
Referral source
3. Legal Basis for Processing
We process your personal data under the following legal bases:
Consent: You provide explicit consent for us to process your health data for treatment purposes
Contract: Processing is necessary to fulfil our contract with you (providing physiotherapy services)
Legal Obligation: We are required to maintain clinical records under professional and legal obligations
Legitimate Interests: We have a legitimate interest in managing our business, improving our services, and communicating with clients
4. How We Use Your Information
We use your personal data to:
Provide physiotherapy assessment and treatment
Maintain accurate clinical records
Communicate with you about appointments and treatment
Process payments
Respond to enquiries
Send marketing communications (only with your consent)
Improve our services
Comply with legal and professional obligations
5. Data Retention
We retain your personal data in accordance with professional guidelines and legal requirements:
Clinical records: Retained for a minimum of 8 years from the date of last contact (or until age 25 for patients under 17)
Financial records: Retained for 6 years for tax purposes
Marketing consent: Until you withdraw consent or we no longer use your data for this purpose
6. Data Sharing
We do not sell your personal data. We may share your information with:
Other healthcare professionals involved in your care (with your consent)
Insurance companies (with your consent, if claiming)
Legal or regulatory authorities when required by law
Third-party service providers who assist in running our website and business operations
All third parties are required to keep your data secure and confidential.
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
Secure storage systems
Password protection
Encrypted communications where appropriate
Regular security reviews
Staff training on data protection
8. Your Rights
Under UK GDPR, you have the following rights:
Right to Access: Request copies of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your data (subject to legal obligations)
Right to Restrict Processing: Request limitation on how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, please contact us using the details above.
9. Complaints
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: www.ico.org.uk Phone: 0303 123 1113
10. Changes to This Policy
We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated revision date.