Privacy Policy

1. Who We Are

Harris Physiotherapy is a sole trader business trading as Harris Physiotherapy.

We are the data controller responsible for your personal data.

Address:
Harris Physiotherapy
3125 Health Club
Mannin Way
Lancaster
LA1 3PE

Email: info@harrisphysiotherapy.com

All personal data is processed within the UK only.

2. What Data We Collect

We may collect and process the following personal data:

a) Personal & Contact Information

Name
Email address
Telephone number
Date of birth
Address (where relevant)
Emergency contact details

b) Booking & Administrative Data

Appointment details
Attendance records
Payment status (no card details stored by us)

c) Health & Clinical Data (Special Category Data)

Medical history relevant to the treatment provided
Health questionnaires
Assessment findings
Treatment notes and progress records

Clinical notes are primarily stored in paper format and kept securely.

3. How We Collect Your Data

We collect data through:

Online booking via Wix Bookings
Email and telephone communication
In-person completion of paper forms

4. Lawful Basis for Processing

Under UK GDPR, we process your data on the following lawful bases:

Contract – to provide physiotherapy services you book with us
Legal obligation – professional, regulatory, and insurance requirements
Vital interests – where relevant to your health or safety
Consent – particularly for health data and information sharing
Legitimate interests – running and improving our clinic

Health data is processed under Article 9(2)(h) of UK GDPR (healthcare provision).

5. Payments

Card payments are processed securely via SumUp.

We do not store card details
Payment processors handle data in accordance with their own privacy policies

6. Marketing Communications

We may send occasional, relevant communications (e.g. service updates).

Marketing emails are sent only where appropriate
You can opt out at any time by contacting us or using unsubscribe links
We do not use SMS marketing

7. Cookies & Website Analytics

Our website uses:

Essential cookies (required for site functionality)
Analytics cookies (e.g. Google Analytics)
Meta/Facebook Pixel for website performance and advertising insights

These tools help us understand website usage and improve services.
Cookie preferences can be managed via your browser or cookie banner.

8. Data Sharing

We do not sell or share your data for marketing purposes.

We may share relevant information:

With healthcare professionals (e.g. GP, consultant, insurer)
Only with your explicit consent
Where legally required (e.g. safeguarding, court order)

9. Data Retention

We retain data in line with CSP and HCPC professional guidance, including:

Adult clinical records: typically 8 years
Records relating to minors: retained longer where required

Data is securely destroyed once it is no longer legally or professionally required.

10. Your Rights

You have the right to:

Access your personal data
Request correction of inaccurate data
Request deletion (where legally permissible)
Restrict or object to processing
Withdraw consent (where consent is the basis)
Lodge a complaint with the Information Commissioner’s Office (ICO)

Requests can be made by emailing: info@harrisphysiotherapy.com

11. Data Security

We take appropriate technical and organisational measures to protect your data, including:

Secure storage of paper records
Restricted access to personal information
Secure digital systems for bookings and communication

12. Legal & Safeguarding Disclosure

We may disclose personal data where required by law or where necessary to protect:

Your vital interests
The safety of others
Professional or legal obligations

13. Changes to This Policy

This Privacy Policy may be updated from time to time.
The most recent version will always be published on our website.