Privacy Policy

Privacy Notice: 

 

Last updated: April 2026

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our physiotherapy website and services. We are committed to safeguarding your privacy and complying with the General Data Protection Regulation (GDPR).

 

1. Who We Are

James Clayton Physiotherapy provides physiotherapy services. For the purposes of data protection law, we are the “data controller” of your personal information.

Contact details:

James Clayton Physiotherapy, CrossFit Fixus, Greengate Middleton, M24 1RU

james@jamesclaytonphysio.co.uk

07345 589 167

 

2. Information We Collect

We may collect and process the following types of personal data:

Personal details: Name, date of birth, address, email, phone number

Health information: Medical history, treatment notes, referral/GP details

Appointment data: Booking details, attendance records

Technical data: IP address, browser type, and website usage data

Payment information: Billing details (where applicable)

 

3. How We Collect Your Data

We collect data in the following ways:

When you complete forms on our website

When you contact us via email, phone, text or online booking systems

During consultations and treatment sessions

Automatically through cookies and analytics tools

 

4. How We Use Your Data

We use your personal data to:

Provide physiotherapy assessment and treatment

Manage appointments and communicate with you

Maintain accurate medical records

Process payments

Improve our website and services

Comply with legal and regulatory obligations

 

5. Legal Basis for Processing

Under GDPR and the Data Protection Act 2018, we rely on the following legal bases:

We process health data under Article 9(2)(h) UK GDPR (provision of healthcare) and Article 6(1)(b) (contract). Consent may be relied upon where required.

Contractual necessity: To provide our services

Legal obligation: For record-keeping and compliance

Legitimate interests: For managing and improving our services

 

6. Storage and Security of Data

Your personal data is stored securely on password protected electronic databases. We implement appropriate technical and organisational measures to protect your data from unauthorised access, loss, or misuse.

We retain your data only for as long as necessary, in line with legal, medical, and professional requirements.

In accordance with the Records management Code of Practice for Health and Social Care 2016, we are required to retain your personal data for a minimum of 8 years from your last contact with us or until you are 25 (or 26 if you are aged 17 when treatment ends)

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

 

7. Sharing Your Data

We will not sell your personal data. We may share your information with:

Other healthcare professionals involved in your care (with your consent)

IT and hosting service providers

Payment processors

Legal or regulatory authorities where required

All third parties are required to respect the security and confidentiality of your data.

 

8. International Data Transfers

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

 

9. Your Rights

Under GDPR, you have the right to:

Access your personal data

Request correction of inaccurate data

Request deletion of your data

Restrict or object to processing

Withdraw consent at any time

Request transfer of your data (data portability)

To exercise your rights, please contact us using the details above.

 

10. Cookies

Our website may use cookies to enhance user experience and analyse website traffic. You can control cookie preferences through your browser settings.

 

11. Children’s Privacy

Our services are not directed at children under 16 without parental or guardian consent. We take steps to ensure appropriate consent is obtained where required.

 

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

 

13. Contact Us

If you have any questions about this Privacy Policy or how your data is handled, please contact us at:

james@jamesclaytonphysio.co.uk

07345 589 167

 

14. Right to complain

 

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you are unhappy with how we handle your personal data.

By using our website and services, you acknowledge that you have read and understood this Privacy Policy.