Privacy Policy

Privacy Policy (GDPR)

Business Name: Staff Health
Contact Email: staffs.health@gmail.com

What information we collect

We may collect and store the following information:
● Name, phone number, and email address
● Medical history and injury information
● Appointment and treatment records
● Relevant health information required for physiotherapy treatment

Why we collect this information

Your information is collected to:
● Provide safe and effective physiotherapy treatment
● Manage appointments and communication
● Maintain accurate clinical records
● Meet legal, regulatory, and professional obligations

Lawful basis for processing

We process your personal and health data under the lawful basis of:
● Provision of healthcare services
● Legitimate interests
● Compliance with legal and professional obligations
Health information is treated as special category data under UK GDPR and handled
confidentially.

How your data is store

● Records are stored securely using password-protected systems
● Access is restricted to the practitioner only

● Reasonable measures are taken to protect your information from loss,
misuse, or unauthorised access

Data retention

Clinical records are retained for a minimum of 8 years in line with UK healthcare record
retention guidelines.

Data sharing

Your information will not be shared without your consent unless:
● Required by law
● Necessary for your care
● Required for safeguarding or insurance purposes
We may use trusted third-party services for appointment booking, payment processing, or
secure record storage.

Your rights

Under UK GDPR, you have the right to:
● Request access to your personal data
● Request correction of inaccurate information
● Request restriction of processing where applicable
● Request deletion of your data where legally permitted
● Lodge a complaint with the Information Commissioner’s Office (ICO)

Contact

For any privacy or data-related queries, please contact: staffs.health@gmail.com