Privacy Policy
Privacy Policy – Stockton Heath Physiotherapy & Wellness
Effective Date: 1st September 2025
1. Who We Are
Stockton Heath Physiotherapy & Wellness (“we”, “our”, “the clinic”) is committed to protecting your personal information and respecting your privacy.
Clinic Address: 16 & 1 Dundonald Avenue, Stockton Heath, WA4 6JT
Telephone: 01925 266 881
Email: admin@masseyphysiotherapy.co.uk
Data Controller: Daniel Massey (Clinic Director)
2. What Data We Collect
We collect and process the following types of personal data:
- Identification Data: Name, address, contact details, date of birth.
- Health Data (Special Category): Medical history, treatment notes, rehabilitation plans, diagnostic information.
- Financial Data: Payment details, insurance authorisations, billing records.
- Staff Data (for employees): Payroll records, contact details, HR files.
3. How We Use Your Dat
We use your information to:
- Provide safe, effective physiotherapy and rehabilitation services.
- Manage bookings, payments, and insurance claims.
- Communicate with you about appointments, treatment, or clinic updates.
- Refer you to GPs, consultants, or NHS services only with you consent.
- Meet our legal, regulatory, and professional obligations.
We will not collect more information than necessary for these purposes.
4. How We Store & Protect Your Data
JaneApp: Our practice management system securely stores your medical and billing data (encrypted, cloud-based).
- Clinic Coach/High Level: Used for secure communication, data sharing, and patient engagement.
- Avensure/People Cloud: Stores staff payroll and HR records.
- Locked Cabinets: Legacy paper records (patients from previous owner).
- Access Controls: Staff access is limited based on role.
- Encryption: All online systems are password-protected and encrypted.
5. Sharing Your Data
We only share your data when necessary and with your consent, including:
- Insurance Companies: To process claims (using codes where possible).
- Referrals to Healthcare Providers: GPs, consultants, or NHS services – only with your explicit consent.
- Third-Party Service Providers: Such as payment processors, IT providers, and software platforms (all GDPR-compliant).
- Legal/Regulatory Bodies: If required by law.
We do not sell your data to third parties.
6. How Long We Keep Your Data
- Patient Records: Retained for a minimum of 8 years after your last appointment (in line with HCPC/CSP guidance), or until a child reaches 25 years of age.
- Financial Records: Retained for 7 years to comply with HMRC requirements.
- Staff Records: Retained for the duration of employment plus 6 years.
After these periods, records are securely destroyed.
7. Your Rights
Under GDPR, you have the right to:
- Access the personal data we hold about you.
- Request corrections to inaccurate data.
- Request deletion of your data (where legally possible).
- Restrict or object to processing of your data.
- Request transfer of your data to another provider.
- Make a complaint to the ICO (Information Commissioner’s Office) if you believe your data rights have been breached.
8. Cookies and Website Data
9. Changes to This Policy
We may update this policy from time to time. The most recent version will always be available on our website, with the effective date shown at the top.
10. Contact Us
If you have any questions about how we use your data, or wish to exercise your rights, please contact:
Data Controller: Daniel Massey
Email: admin@masseyphysiotherapy.co.uk
Phone: 01925 266 881