Privacy Policy
Last updated: May 2026
This Privacy Policy explains how Kirsty Harris Physiotherapy Limited (“we”, “us”, “our”) collects, uses, stores and protects your personal information when you use our website or attend our physiotherapy clinic.
We are committed to protecting your privacy and handling your personal data lawfully, fairly and transparently in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are (Data Controller)
Kirsty Harris Physiotherapy Limited
23 The Row, Welford, Newbury, RG20 8HR
Email: [email protected]
Phone: 01488 440121
Website: https://kirstyharrisphysiotherapy.co.uk
We are the data controller responsible for your personal data.
2. What Information We Collect
We may collect the following types of personal data:
a) Contact and identity information
- Name
- Address
- Email address
- Phone number
- Date of birth (where relevant)
b) Appointment and service information
- Appointment dates and times
- Communications about bookings
- Information you provide through our booking system
c) Health / medical information (special category data)
As part of physiotherapy care, we may collect information such as:
- Presenting symptoms and injury history
- Medical history and relevant conditions
- Current medications (where relevant)
- Assessment findings, clinical notes and treatment plans
- Progress notes and outcomes
d) Website information
If you use our website, we may collect limited technical data such as:
- IP address
- Browser type
- Device information
- Pages viewed (via analytics tools, if enabled)
3. How We Collect Your Information
We may collect data from you when you:
- Book an appointment (including via Cliniko)
- Contact us by email, phone, or website contact form
- Attend an appointment and provide information during assessment/treatment
- Use our website
4. How We Use Your Information
We use your personal data to:
- Provide physiotherapy assessment and treatment
- Manage bookings, cancellations, and appointment reminders
- Maintain accurate clinical records
- Communicate with you about your care
- Process payments and invoices (if applicable)
- Meet our legal, regulatory, and professional obligations
We will only use your data for the purposes it was collected for, unless we have a lawful reason to use it differently.
5. Our Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis for using your data. These include:
a) For appointments and general enquiries
Contract – to provide the service you book.
b) For clinical records and healthcare information
We process health information because it is necessary for:
- Healthcare purposes, including assessment, diagnosis and treatment.
c) For legal and regulatory compliance
Legal obligation – for example, maintaining records and compliance.
6. Mailing List and Marketing Communications
If you choose to join our mailing list, we may use your name and email address to send you helpful information such as physiotherapy updates, clinic news, health education, and occasional promotional content.
We will only add you to our mailing list if you have explicitly opted in, for example by signing up through our website or selecting a consent box on a form.
You can unsubscribe at any time by using the unsubscribe link included in our emails, or by contacting us at [email protected].
We will never sell your personal data or share it with third parties for their own marketing purposes.
7. Who We Share Your Information With
We treat your information as confidential. We do not sell your data to third parties.
We may share your data only when necessary, including with:
- Cliniko (our online booking and practice management system)
- Professional or legal advisers (if required)
- Insurers (only where relevant and necessary for claim administration)
- Healthcare providers involved in your care (only with appropriate consent, where required)
We only share what is necessary and ensure data is handled securely.
8. How We Store and Protect Your Data
We take appropriate security measures to protect your information, including:
- Secure digital storage systems
- Access controls and password protection
- Limiting access to authorised individuals only
We take reasonable steps to protect your data, however no system can be guaranteed 100% secure.
9. How Long We Keep Your Data
We keep your personal data only for as long as necessary to provide services and meet legal, professional, and regulatory obligations.
We retain adult clinical records for 8 years following the date of your last treatment. For children and young people, records are retained until their 25th birthday (or 26th if the young person was 17 when treatment ended), in line with UK Department of Health requirements and professional standards.
10. Your Rights Under UK GDPR
You have rights over your personal data, including:
- The right to access your personal data
- The right to request correction of inaccurate data
- The right to request deletion (where applicable)
- The right to restrict processing
- The right to object to processing in certain situations
- The right to data portability (in some cases)
- The right to withdraw consent (where consent is used)
To exercise any of these rights, contact us using the details above.
11. Cookies
Our website uses a consent management platform that allows you to accept or reject non-essential cookies (such as those used for Meta and Google tracking).
Non-essential tracking technologies are only activated once you have provided consent through our cookie banner.
12. Third-Party Links
Our website may include links to external websites. We are not responsible for the privacy practices of third-party sites. Please check their privacy policies before providing any personal information.
13. Complaints
If you have concerns about how we handle your personal data, please contact us first so we can resolve the issue.
You also have the right to raise a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection regulator.
14. Updates to This Privacy Policy
We may update this Privacy Policy from time to time. The latest version will always be published on our website.