Privacy and Data Policy

Last updated: 7 November 2025

At Anna Willans Physiotherapy, your privacy is important to us. We are committed to protecting your personal information and handling it safely, lawfully, and responsibly in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Data Controller:
Anna Willans Physiotherapy
TN15 0ET
Email: Anna@annawillansphysiotherapy.co.uk
ICO Registration Number: ZC032062

If you have any questions about how your data is handled, please contact us using the details above.

2. Information We Collect

We collect and store personal and health information when you contact us, book an appointment, or receive treatment.
This may include:

  • Basic details: name, address, telephone number, email

  • Personal information: date of birth, gender, emergency contact

  • Medical information: medical history, health conditions, medications, lifestyle, clinical findings, treatment notes

  • Administrative information: appointment details, payments, feedback, or communications via phone, email, or our website

3. Why We Collect This Information

We collect your data to:

  • Provide safe, effective physiotherapy care

  • Keep accurate clinical records (as required by law and professional regulation)

  • Contact you regarding appointments or treatment plans

  • Liaise with other healthcare professionals involved in your care (with your consent)

  • Process payments and manage our records

  • Improve our services and gather anonymous feedback

  • Send information about services or classes only if you’ve given explicit consent

4. Lawful Basis for Processing

Our lawful bases for using your data are:

  • Contract: to provide physiotherapy services you have requested

  • Legal obligation: to meet our professional and regulatory requirements

  • Legitimate interests: to maintain accurate records and improve services

For health information (special category data), the additional lawful basis under Article 9(2)(h) UK GDPR applies:

Processing necessary for the provision of health or social care.

5. Sharing Your Information

We only share your information when necessary for your care or when required by law.
This may include sharing (with your consent) with your GP, consultant, or other healthcare professionals involved in your treatment.

We use secure systems and trusted service providers to store and process data, all under written agreements that meet UK GDPR standards.
Some providers may process data outside the UK; where this occurs, appropriate safeguards are in place.

We never sell or share your data for marketing purposes.

6. How Long We Keep Your Information

We retain records in line with legal and professional guidance:

  • Adults: 8 years after your last treatment

  • Children: until age 25 (or 8 years after death, if sooner)

Records may be kept securely for longer when necessary (e.g. to support continuity of care or meet legal requirements).
When no longer needed, data is securely deleted or anonymised.

If you wish your records to be deleted after the standard retention period, please contact us in writing.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access a copy of your personal data

  • Request correction of inaccurate information

  • Request erasure (where legally permissible)

  • Restrict or object to processing

  • Request data transfer (portability)

  • Withdraw consent for marketing at any time

  • Complain to the Information Commissioner’s Office (ICO) if you believe your data has been mishandled

You can exercise any of these rights by contacting us at the address above.

8. Marketing Communications

We will only send you updates or information about services if you have opted in.
You can withdraw consent at any time by emailing AnnaWillansPhysio@gmail.com.

9. How We Keep Your Data Secure

We take data security seriously and use appropriate measures, including:

  • Encrypted and password-protected electronic systems

  • Locked, secure storage for paper records

  • Encrypted data transfers

  • Regular security reviews and staff confidentiality training

Access to personal data is limited to authorised personnel only.

10. Cookies and Website Use

Our website uses cookies to enhance performance and improve your experience.
When you visit, you’ll be asked for consent to use non-essential cookies.
You can change your cookie preferences or disable cookies in your browser at any time.
For more details, visit www.aboutcookies.org.

11. Links to Other Websites

Our site may link to other websites. We are not responsible for the privacy practices of other sites, so please check their privacy policies before sharing personal information.

12. Updates to This Policy

We may update this policy from time to time. The latest version will always be published on this page with the updated date shown at the top.

13. How to Complain

If you have concerns about our use of your personal data, please contact us first so we can resolve the issue.

If you’re not satisfied, you can contact the Information Commissioner’s Office (ICO):

Address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Helpline: 0303 123 1113
Website: www.ico.org.uk/make-a-complaint