Privacy Policy

Privacy Policy

1. About This Policy

Stride Sports Physiotherapy Ltd ("we", "us", "our") is committed to protecting your personal information and being transparent about how we use it. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights in relation to it.

This policy applies to all personal data collected through our website (www.stridesportsphysio.com), by telephone, by email, via WhatsApp, and during the course of providing physiotherapy treatment.

We are registered as a data controller with the Information Commissioner's Office (ICO).

2. Who We Are

Data Controller: Stride Sports Physiotherapy Ltd Practitioner: Melissa Reynolds, BSc (Hons) Physiotherapy, MSc Sports and Exercise Physiotherapy Clinic address: RepStudio, 37-38 Margaret Street, Marylebone, London W1G 0JF Email: mel@stridesportsphysio.com Telephone: 07826 923 555

Melissa Reynolds is registered with the Health and Care Professions Council (HCPC) and is a member of the Chartered Society of Physiotherapy (CSP).

3. What Personal Data We Collect

3.1 Personal data

We may collect the following categories of personal data:

  • Full name, date of birth, and contact details (address, telephone number, email address)

  • GP details and emergency contact information

  • Insurance policy details (where applicable), including insurer name and authorisation codes

  • Payment information (we do not store card details; payments are processed securely through third-party providers)

  • Booking and appointment history

  • Communications with us, including emails, WhatsApp messages, and telephone records

3.2 Special Category (health) data

As a physiotherapy practice, we process health data, which is classified as Special Category data under UK GDPR. This includes:

  • Medical history, diagnosis, and clinical notes

  • Details of your injury, condition, or symptoms

  • Treatment records, progress notes, and outcome measures

  • Information about medications or other healthcare providers involved in your care

  • Details of any surgical or medical procedures relevant to your treatment

We will only process Special Category data where you have given your explicit consent, or where we are legally or professionally required to do so.

3.3 Website data

When you visit our website, we may automatically collect technical data including your IP address, browser type, pages visited, and time spent on the site. This is used for website analytics and security purposes only.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To provide physiotherapy assessment and treatment

  • To maintain accurate clinical records as required by the HCPC and CSP

  • To communicate with you about appointments, treatment plans, and your care

  • To process insurance claims on your behalf with your authorisation

  • To communicate with your GP, consultant, or other healthcare professionals involved in your care (with your consent)

  • To process payments for services rendered

  • To send appointment reminders and follow-up communications

  • To comply with our legal and regulatory obligations

  • To respond to Subject Access Requests and other data rights requests

5. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

Consent - For processing your health data and for any optional marketing communications. You may withdraw your consent at any time by contacting us.

Contract - To fulfil our agreement with you to provide physiotherapy services, including processing bookings and payments.

Legal obligation - We are required by the HCPC and CSP to maintain clinical records. These records cannot be deleted upon request, as our regulatory bodies may require access to clinical data in certain circumstances.

Legitimate interests - For internal administration, improving our services, and ensuring the security of our systems.

6. Who We Share Your Data With

We will never sell your personal data. We may share your information only in the following circumstances:

  • Healthcare professionals - your GP, consultant, surgeon, or other clinicians involved in your care, where clinically necessary and with your knowledge.

  • Insurance companies - your insurer (e.g. Bupa, AXA Health, Vitality, WPA, Aviva, Cigna) where you are claiming for treatment under a policy, and where you have authorised us to do so.

  • Practice management software - we use Splose to manage appointments and clinical records. Splose processes data in accordance with UK GDPR. Please refer to Splose's privacy policy for further details.

  • Legal and regulatory bodies - the HCPC, CSP, ICO, or other regulatory authorities where we are legally required to disclose information.

  • Law enforcement - the police or other authorities, where required by law or court order.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

7. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purpose for which it was collected, and in line with our regulatory obligations:

  • Adult clinical records: 8 years from the date of last treatment

  • Children's records: until the patient's 26th birthday (8 years after their 18th birthday)

  • Financial and billing records: 6 years, in line with HMRC requirements

  • Website enquiry data and general correspondence: 2 years

Please note that clinical records cannot be deleted on request alone. Our regulatory bodies (HCPC and CSP) may require access to clinical data, and we are legally obliged to retain records for the minimum periods set out above.

8. Data Security

We take the security of your personal data seriously. Our security measures include:

  • Clinical records are stored within Splose, a GDPR-compliant, encrypted practice management system

  • All electronic communications containing personal data are sent via secure, encrypted channels where possible

  • Access to clinical records is restricted to Melissa Reynolds

  • We use strong passwords and two-factor authentication for all systems

Please note that communications via WhatsApp and standard email are not fully encrypted in a clinical sense. We recommend you do not share sensitive health information through these channels if you have concerns, and we will use secure alternatives where possible.

In the event of a data breach, we will notify the ICO within 72 hours and will inform affected individuals where required.

9. Your Rights

Under UK GDPR, you have the following rights:

Right of access - You may request a copy of the personal data we hold about you. We will respond within one month at no charge.

Right to rectification - If any information we hold about you is inaccurate or incomplete, you may ask us to correct it.

Right to erasure - In certain circumstances, you may request that we delete your data. Please note this right is limited in respect of clinical records, which we are legally required to retain.

Right to restrict processing - You may ask us to pause the processing of your data in certain circumstances.

Right to data portability - You may request a copy of your data in a commonly used format.

Right to object - You may object to our processing of your data where we rely on legitimate interests as our lawful basis.

Rights related to automated decision-making - We do not use automated decision-making or profiling.

To exercise any of these rights, please contact us at mel@stridesportsphysio.com. We may need to verify your identity before processing your request.

10. Cookies and Website Analytics

Our website may use cookies and similar tracking technologies to improve your browsing experience and to analyse website traffic. You can control your cookie preferences through your browser settings. For more information, please refer to our Cookie Policy on the website.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies before providing any personal information.

12. Complaints

If you have any concerns about how we handle your personal data, please contact us in the first instance at mel@stridesportsphysio.com.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: www.ico.org.uk

  • Telephone: 0303 123 1113

  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

13. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be available on our website. Material changes will be communicated to active patients directly. The version date at the top of this document indicates when it was last reviewed.

Stride Sports Physiotherapy Ltd RepStudio, 37-38 Margaret Street, Marylebone, London W1G 0JF mel@stridesportsphysio.com | 07826 923 555 | www.stridesportsphysio.com