Privacy Policy

Privacy Policy for Ashcroft Physiotherapy Clinic

Last Updated: August 2025

This privacy policy explains how we at Ashcroft Physiotherapy Clinic, a private physiotherapy clinic, collect, use, and protect your personal data. We are committed to protecting your privacy and complying with our legal obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are applied to be registered with the Information Commissioner's Office (ICO) as a data controller. Our registration number is [Pending].

1. The Data We Collect

To provide safe and effective physiotherapy care, we must collect and process certain personal data. This includes:

• Personal Identification Data: Your name, address, date of birth, contact details (phone number, email address), and emergency contact details.

• Special Category Data (Health Data): Your medical history, details of your current physical and mental health, clinical notes, treatment plans, assessment results, and any other health-related information you provide. This information is highly sensitive and requires a higher level of protection.

• Administrative and Financial Data: Details of your appointments, billing information, and insurance details (if applicable).

2. Our Lawful Basis for Processing Your Data

Under the UK GDPR, we must have a lawful basis for processing your personal data. For the special category data we collect (your health information), our lawful basis is that the processing is necessary for the provision of health or social care or treatment.

For other personal data, such as your contact information, our lawful basis is typically for the performance of a contract (to provide you with a physiotherapy service) or for our legitimate interests (to manage and run our business effectively).

3. How We Use Your Data

We use your data for the following purposes:

• To provide safe and effective physiotherapy care.

• To communicate with you regarding your appointments, treatment plans, and general care.

• To share relevant information with other healthcare professionals involved in your care, such as your GP or a consultant, but only with your explicit consent.

• To manage our practice, including billing and appointment scheduling.

• To comply with our professional and legal obligations, such as record-keeping and data protection.

4. How We Store and Protect Your Data

Your personal and clinical data is stored securely in our practice management software and, if necessary, in a locked manual filing system. Our digital systems are password-protected, encrypted, and backed up routinely. Access to your data is strictly limited to authorised staff members who need it to provide you with care.

In line with guidance from the Chartered Society of Physiotherapy (CSP), all staff adhere to strict confidentiality and data protection protocols. We make every effort to prevent unauthorised access, use, or loss of your information.

5. Data Retention

We will only keep your personal information for as long as is necessary to fulfil the purposes we collected it for, including for our legal, accounting, and professional obligations.

As per professional guidance (e.g., from the CSP), we are required to retain patient records for a minimum of 8 years after the last treatment session. For a child, records must be kept until the age of 25. After this period, your data will be securely destroyed.

6. Your Rights Under GDPR

The UK GDPR gives you several rights regarding your personal data. You have the right to:

• Be Informed: To know how and why your data is being used. This privacy policy serves this purpose.

• Access: To request a copy of the personal data we hold about you. This is also known as a Subject Access Request (SAR). We will provide this information within one month of receiving your request.

• Rectification: To have inaccurate or incomplete data corrected.

• Erasure: To request the deletion of your data (also known as the 'right to be forgotten'). Please note that this right is not absolute and we may be unable to comply with this request due to our legal and professional record-keeping obligations.

• Restrict Processing: To request a temporary stop to the processing of your data.

• Data Portability: To request a copy of your electronically held data in a structured, commonly used format.

• Object: To object to the processing of your data in certain circumstances.

7. Who to Contact

If you have any questions about this privacy policy or wish to exercise any of your rights, please contact us at:

Ashcroft Physiotherapy Clinic, 1a Highfield Road, Dartford, Kent, DA1 2JH. 

Phone Number- 01322918278, Email: info@ashcroftphysioclinic.com

If you are not satisfied with our response or believe we are not handling your data in accordance with the law, you can complain to the Information Commissioner's Office (ICO).