top of page

Privacy Policy – Durham City Physio Ltd

Last updated: 24 April 2026

 

1. Who we are

Durham City Physio Ltd provides physiotherapy, podiatry and sports injury services.

Contact details:
Email: durhamcityphysio@gmail.com
Address: Suite 1, Third Floor, 7 Old Elvet, Durham DH1 3HL

We are the data controller responsible for your personal data under the UK GDPR and Data Protection Act 2018.

 

2. Our commitment to confidentiality

We are committed to maintaining the confidentiality and security of your personal and health information in line with professional standards set by the Chartered Society of Physiotherapy (CSP) and UK data protection law.

All patient records are treated as strictly confidential and accessed only by authorised personnel involved in your care.

3. What information we collect

We may collect and process:

  • Personal details (name, address, date of birth, contact details)

  • Health and clinical information (medical history, assessment findings, treatment notes)

  • Appointment and attendance records

  • Payment information (processed securely via third parties)

  • Communications between you and the clinic

  • Website usage data (e.g. cookies, analytics)

4. How we collect your data

We collect data when you:

  • Book or attend an appointment

  • Complete forms (online or in clinic)

  • Contact us by phone, email or social media

  • Use our website

We may use secure systems such as Cliniko to manage patient records.

5. How we use your information

We use your data to:

  • Provide safe, effective and appropriate healthcare

  • Maintain accurate clinical records (a professional and legal requirement)

  • Communicate with you about appointments and care

  • Process payments

  • Meet legal, regulatory, and insurance requirements

  • Improve our services

 

6. Legal basis for processing

We process your data under the following lawful bases:

  • Article 6(1)(b) – performance of a contract (providing treatment)

  • Article 6(1)(c) – legal obligation (e.g. healthcare record keeping)

  • Article 6(1)(f) – legitimate interests (running our clinic safely and effectively)

For health data (special category data):

  • Article 9(2)(h) – provision of health or social care and treatment

We may also rely on explicit consent where required.

 

7. Data sharing

We may share your data, where appropriate, with:

  • Other healthcare professionals involved in your care

  • Your GP (with your consent where appropriate)

  • Insurers or referrers (where applicable)

  • Service providers (e.g. practice management systems, payment processors)

  • Regulatory or legal authorities if required

We only share the minimum necessary information.

 

8. Data storage and security

Your data is stored securely using appropriate technical and organisational measures, including:

  • Secure, password-protected systems

  • Restricted access to authorised staff only

  • Encrypted or secure cloud-based systems where applicable

We take all reasonable steps to protect your data from loss, misuse or unauthorised access.

 

9. Data retention

We retain clinical records in line with CSP guidance and legal requirements:

  • Adult records: minimum of 8 years after last treatment

  • Children’s records: retained until age 25 (or longer if required)

Data is securely destroyed when no longer required.

10. Marketing communications

We may occasionally send emails with updates, clinic information, or health advice.

We will only do so where:

  • You have provided consent, or

  • You are an existing patient and the information relates to similar services (soft opt-in)

You can opt out at any time via the unsubscribe link or by contacting us.

We do not share your data with third parties for marketing purposes.

 

11. Cookies and website data

Our website may use cookies and analytics tools such as Google Analytics to improve user experience.

You can manage cookies through your browser settings.

 

12. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure (where applicable)

  • Restrict or object to processing

  • Data portability (where applicable)

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

 

13. Complaints

If you have concerns about how your data is handled, please contact us in the first instance.

You also have the right to complain to the Information Commissioner’s Office (ICO).

 

14. Changes to this policy

We may update this policy periodically. The latest version will always be available on our website.

 

15. Contact

For any data protection queries, please contact:
durhamcityphysio@gmail.com

Durham City Physio 2026

bottom of page