Privacy policy

Privacy Policy

Effective Date: 12th September 2025

Who we are
We are a small in‑home physiotherapy service specialising in long‑term and neurological conditions. We’re committed to treating your personal and clinical data with confidentiality and care.

1. What Data We Collect & When

  • Contact Form: When you complete our form, we collect your name, contact details, and message content.

  • Initial Assessment: We gather personal and health-related information needed to assess your needs and provide safe care.

  • Treatment Records (SOAP Notes): We document each session using SOAP (Subjective, Objective, Assessment, Plan) notes to track progress and guide further treatment.

2. Why We Process Your Data (Legal Bases)

  • Contractual Necessity: Processing is essential to deliver physiotherapy services you’ve requested.

  • Legal & Professional Obligations: As HCPC-registered physiotherapists, we must maintain accurate records for professional standards and auditability.

  • Legitimate Interests: For record-keeping, care continuity, and operational management—ensuring all processing respects your rights and freedoms.

3. How We Protect Your Data

  • Stored securely—we use an electronic system to store your medical records, which is fully compliant with General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

  • Any paper notes are stored in a locked filing cabinet, although these are kept to a minimum.

  • Identifiable data will not be carried outside of our office premises.

  • Only accessible to authorised staff involved in your care.

4. Data Sharing

We do not share your data unless:

  • Required by law, such as safeguarding concerns or public health obligations.

  • With your explicit consent, for example, if we're sending reports to insurers or coordinating with other healthcare professionals (GPs, consultants).

5. Data Retention

  • We retain your treatment records while you’re under our care.

  • After your care ends, records are kept for a minimum of 8 years

  • After this retention period, records will be securely and permanently deleted or anonymised.

6. Your Rights (Under GDPR / UK Data Protection Law)

You have the right to:

  • Access the personal data we hold about you.

  • Request correction of inaccuracies.

  • Request deletion in certain circumstances.

  • Restrict or object to processing where relevant.

  • Receive your data in a portable format.

To exercise these rights, please contact us and we will respond promptly.

7. Complaints & Concerns

If you have concerns about our handling of your data:

  • Contact us at beth@fivewaysphysio.co.uk

  • If unresolved, you may lodge a complaint with the Information Commissioner’s Office (ICO).

8. Updates to This Policy

We may update this policy to reflect changes in law, best practices, or service delivery - this policy’s “Effective Date” will highlight the current version.