top of page
BOOK APPOINTMENT
Box End Physio

Box End Physiotherapy

Privacy Notice

1. Who we are

We are a physiotherapy clinic providing assessment and treatment services. We are the data controller for the personal data we hold about you.

​

We are registered with the Information Commissioner’s Office.

2. What information we collect

We may collect and process the following personal data:

  • Name, date of birth, address, and contact details

  • Medical history and health information relevant to your treatment

  • Clinical notes from assessments and treatment sessions

  • Referral information from other healthcare professionals

  • Payment or billing information

3. How we collect your information

We collect personal information in the following ways:

  • When you attend the clinic for assessment or treatment

  • When you contact us by phone, email, or in person

  • When you complete patient intake or registration forms

  • When you book appointments (online or in person)

From other healthcare professionals involved in your care (e.g. GP referrals)

4. How we use your information

We use your personal data to:

  • Provide safe and effective physiotherapy treatment

  • Maintain accurate clinical records

  • Manage appointments and communicate with you

  • Meet legal and professional obligations

  • Ensure continuity of care

5. How we contact you

We may contact you about:

  • Appointment reminders and clinic administration (necessary for your care)

  • Information related to your treatment or appointments

We will only send optional updates about new services, classes (e.g. Pilates), or clinic initiatives if you have chosen to receive them.

6. Lawful basis for processing

We use your personal data under UK data protection law to provide safe and effective care and to run our clinic properly. We process your personal data under UK GDPR law on the following lawful bases:

This includes:

  • Providing healthcare or treatment (including your medical records and clinical notes)

  • Running our clinic and managing appointments and communications

  • Meeting legal requirements, such as accounting and record keeping

We do not ask for consent to store or use your clinical records, as we are legally required to keep accurate health records in order to provide safe and effective treatment.

7. How we store your data

We store your information securely in both digital and paper formats:

  • Electronic records are stored securely using our clinical management system, Cliniko

  • Paper records are stored in locked, secure cabinets with restricted access

Access to patient records is restricted to clinic directors and authorised staff or clinicians involved in your care.

8. Sharing your information

We keep your information confidential. We may share it only when necessary with:

  • Your GP or other healthcare professionals involved in your care

  • Insurance providers (if applicable)

  • Approved IT and clinical record system providers (e.g. Cliniko), who act as data processors on our behalf

We do not sell or use your data for unrelated marketing purposes.

9. How long we keep your data

We retain adult patient records for 8 years after last treatment, in line with professional healthcare guidance.

Children’s records are retained until the patient’s 25th birthday, or 26th birthday if they were 17 at the time treatment ended, in line with professional healthcare guidance.

10. Your rights

You have the right to:

  • Access your personal data

  • Request correction of inaccurate or incomplete information

  • Request restriction (temporary suspension) of processing

  • Object to certain types of processing

  • Request erasure of your data, where we are not legally required to retain it

  • Request data portability, where applicable

11. Data security

We take appropriate technical and organisational measures to protect your data, including:

  • Password-protected systems and encrypted cloud storage

  • Secure, locked storage for paper records

Access is restricted to clinic directors and authorised staff or clinicians involved in your care.

12. Data breaches

We have procedures in place to identify and respond to data breaches.

Where legally required, we will report notifiable breaches to the Information Commissioner's Office within 72 hours.

13. Complaints

If you are unhappy with how we handle your data, please contact us first so we can resolve the issue.

You also have the right to complain to the: Information Commissioner's Office
https://ico.org.uk

14. Contact us

Box End Physiotherapy, Vicarage Farm, Box End, Kempston, MK43 8RN.

Email: admin@boxendphysio.com

Tel: 01234 924914

bottom of page