Privacy Policy

Privacy Policy

Ellie Physiotherapy & Wellness

Website: https://elliephysiotherapy.co.uk

Data Controller: Elena Blagoeva

Contact: info@elliephysiotherapy.co.uk

Ellie Physiotherapy & Wellness is committed to protecting your privacy and ensuring that your personal information is handled safely, securely, and in accordance with UK GDPR and the Data Protection Act 2018. This Privacy Policy explains what information we collect, how we use it, and your rights.

We may update this policy from time to time. Please check this page periodically to ensure you are happy with any changes.

 

1. Information We Collect

We collect personal information necessary to provide our services, including:

Personal details

  • Name

  • Address

  • Postcode

  • Email address

  • Telephone number

  • Date of birth

Health and wellbeing information (special category data)

We collect relevant information to safely deliver:

  • Physiotherapy

  • Massage therapy

  • Yoga sessions

  • Pilates sessions

This may include:

  • Medical history

  • Details of symptoms, injuries, or conditions

  • Lifestyle or wellbeing information

  • Clinical assessment findings (physiotherapy)

  • Treatment notes and progress updates

  • Exercise or movement programmes

Appointment and payment information

  • Booking history

  • Session type (physiotherapy, massage, yoga, pilates, online, telephone triage)

  • Preโ€‘paid plan usage and expiry dates

  • Payment records (processed securely through Zettle or via bank transfer)

Online and telephone consultations

  • Information you provide during remote sessions

  • We do not record video calls

Systems we use

We use secure, GDPRโ€‘compliant systems including:

  • Booking software (for scheduling and reminders)

  • WriteUpp (for secure clinical notes and patient records)

  • Zettle (for card payments)

  • Bank transfer (if you choose to pay this way)

These systems store your data safely and are accessible only to authorised staff.

 

2. How We Use Your Information

We use your information to:

  • Provide physiotherapy, massage, yoga, and pilates services

  • Maintain accurate clinical and wellbeing records

  • Manage bookings, payments, and appointment reminders

  • Track preโ€‘paid plan usage and expiry

  • Provide receipts for insurance claims (physiotherapy only, if requested)

  • Ensure safe, effective, and continuous care

  • Respond to enquiries and communicate essential service information

We do not send promotional or marketing emails unless you have explicitly opted in.

 

3. Lawful Basis for Processing

Under UK GDPR, we process your personal data under the following lawful bases:

Personal data

  • Performance of a contract โ€“ to provide treatment or wellbeing services and manage your appointments

  • Legitimate interests โ€“ to maintain records, ensure safety, and improve service quality

  • Legal obligation โ€“ to meet professional healthcare recordโ€‘keeping requirements (physiotherapy)

  • Consent โ€“ only for optional communications (if you choose to opt in)

Special category data (health information)

Processed under:

  • Article 9(2)(h) โ€“ provision of health or social care, or management of health/wellbeing services

 

4. Preโ€‘Paid Plans and Expiry

If you purchase a preโ€‘paid plan:

  • Plans must be paid in full at the time of purchase

  • Plans are valid for 6 months from the date of purchase

  • Any unused sessions after 6 months expire automatically

  • Plans are nonโ€‘refundable

  • Plans are nonโ€‘transferable unless stated otherwise at the time of purchase

We record plan usage, remaining sessions, and expiry dates to administer your plan correctly.

 

5. Data Retention

We retain your information only for as long as necessary:

  • Physiotherapy records: kept for 8 years after your last appointment

  • Massage, yoga, and pilates records: kept for up to 7 years in line with industry standards

  • Childrenโ€™s records: kept until age 25 (or 26 if treated at age 17)

  • Financial records: kept for accounting and audit purposes

  • Marketing consent: kept only if you have opted in and can be withdrawn at any time

 

6. How We Store and Protect Your Data

We are committed to ensuring your information is secure. We use:

  • Encrypted clinical notes software (WriteUpp)

  • Secure booking and payment systems

  • Passwordโ€‘protected devices

  • Restricted staff access

  • Secure data backups

We take appropriate physical, electronic, and managerial measures to safeguard your data.

 

7. Sharing Your Information

We only share your information when necessary and lawful. This may include:

  • Clinical software providers (e.g., WriteUpp)

  • Booking and payment processors (including Zettle)

  • Insurance companies (physiotherapy only, if you request a receipt)

  • Regulatory or legal authorities if required by law

We do not sell your data or share it for advertising.

 

8. International Transfers

Some of our thirdโ€‘party service providers may store data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as:

  • UK Addendum to Standard Contractual Clauses

  • Adequacy decisions

  • Secure, GDPRโ€‘compliant cloud storage

 

9. Your Rights

You have certain rights over your personal information under UK GDPR. These include the right to:

Access your information

You can request a copy of the personal data we hold about you.

Request corrections

If any of your personal details are incorrect (such as your name, address, or date of birth), you can ask us to correct them. Clinical notes and professional opinions cannot be changed.

Request restriction of processing

You can ask us to temporarily limit how we use your information in certain situations, for example if you believe something is inaccurate. This does not apply to clinical records we are legally required to keep.

Object to certain uses of your data

You can object to your data being used for nonโ€‘essential purposes, such as marketing (we only send marketing if you have opted in). You cannot object to the storage of clinical records, as we must keep these by law.

Request deletion (where legally allowed)

We cannot delete clinical records before the legal retention period, but we can delete optional information such as marketing preferences.

Withdraw consent

If you have given consent for optional communications, you can withdraw it at any time.

If you are unhappy with how your data is handled

Please contact us at info@elliephysiotherapy.co.uk and we will do our best to resolve your concern. If you remain dissatisfied, you have the right to raise your concern with the Information Commissionerโ€™s Office (ICO), the UK authority for data protection.

10. Childrenโ€™s Data

If we provide services to children or young people:

  • We require parental or guardian consent

  • Records are stored securely and retained according to legal requirements

 

11. Cookies and Website Use

Our website may use cookies for:

  • Security

  • Website performance

  • Analytics (if enabled)

You can control cookies through your browser settings.

 

12. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.