Privacy Policy

Sarah Slade Physio

Privacy & UK GDPR Policy

Last updated: December 2025

This Privacy & UK GDPR Policy explains how Sarah Slade Physio collects, uses, stores, and protects your personal information when you use our website, social media pages, booking system, mobile services, and in-clinic services.

By using our website or services, you agree to this Policy.
If you do not agree, please do not use our services. 

1. Information We Collect

We collect information in the following ways:

1.1 Information You Provide Directly

This includes information you give us when you:

  • Make an enquiry or register as a patient
  • Use our treatment, booking, or payment services
  • Complete website forms or contact us by email, phone, SMS, or social media
  • Participate in surveys, competitions, or research
  • Engage with us through third-party referral pathways
 

Personal data may include:

  • Name, date of birth, address, email, phone number
  • Medical history and clinical information required for treatment
  • Payment details
  • Referral information
  • Optional information (e.g., photos, personal notes you choose to share)
 

Treatment Records:
We are legally required to maintain clinical records. These must be kept for at least seven years, even if you request deletion of other data. Records can be archived upon request but not destroyed before the legal retention period.

Storage:
All clinical notes are stored electronically through our GDPR-compliant medical records system (Cliniko). Access is password-protected.

1.2 Information We Collect Automatically

When you use our website or online services, we may automatically collect:

  • IP address and general location
  • Device type, operating system, and browser
  • Pages viewed and links clicked
  • Website usage data (e.g., session duration)
  • Cookies and tracking data (see Section 2)

This helps us maintain site security, improve performance, and deliver a better user experience.

1.3 Information from Third Parties

We may receive information about you from:

  • Referral partners
  • Payment processors
  • Online platforms you choose to connect with (e.g., Facebook Messenger, Drift chat)
  • Analytics or marketing providers (e.g., Google)

We only receive the minimum data necessary and use it in line with this Policy. 

2. Cookies & Similar Technologies

Our website uses cookies, tracking pixels, and similar technologies to:

  • Enable core website functions
  • Analyse how visitors use the website
  • Improve content and user experience
  • Deliver relevant advertising (where applicable)

You can control or disable cookies via your browser settings at any time. 

3. How We Use Your Information

We use your personal data to:

  • Provide physiotherapy treatment and related services
  • Manage bookings, communication, and payments
  • Respond to enquiries
  • Send appointment reminders and service notifications (SMS/email)
  • Improve our website and services based on usage analytics
  • Send marketing communications where you have provided consent
  • Maintain legal and regulatory compliance
  • Ensure safe and secure operation of our services

We only process your data when we have a lawful basis, such as:
consent, contractual necessity, legitimate interests, or legal obligation. 

4. How We Share Your Information

We may share your data with:

Service Providers

Trusted partners who help us deliver our services, such as:

  • Practice management software (Cliniko)
  • Payment processors
  • Website and email hosting providers
  • IT, analytics, or marketing support services

These providers are contractually required to protect your data.

With Your Consent

For example, sharing updates with your GP or another healthcare professional.

Business Transfers

If the business changes ownership, your information may transfer to the new provider under the same privacy protections.

Public Content

If you post publicly on our social media pages, that content becomes visible to others.

We never sell your personal data. 

5. Your Rights (UK GDPR)

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion (where legally permitted)
  • Restrict or object to processing
  • Withdraw consent at any time
  • Request a copy of your data (Subject Access Request)

To exercise your rights, contact us using the details below.

Please note:
Clinical records must be retained for a minimum of seven years under UK healthcare regulations. 

6. International Data Transfers

Some service providers we use (e.g., Cliniko) store data on servers outside the UK.
These transfers comply with UK GDPR through legally recognised safeguards and contractual protections. 

7. Data Retention

We keep your personal information only as long as necessary for:

  • The purpose it was collected, or
  • Legal or regulatory requirements

Clinical notes must legally be retained for at least seven years. 

8. Keeping Your Information Secure

We use technical and organisational measures to protect your data from:

  • Loss
  • Unauthorised access
  • Alteration
  • Destruction

However, no online system is 100% secure. If you have concerns, please contact us. 

9. Updates to This Policy

We may update this Privacy Policy from time to time.
The most current version will always be available on our website.
If changes are significant, we will notify you where appropriate. 

10. Contact Us

If you have any questions about this policy or your personal data, please contact:

Sarah Slade Physio
📞 07904 370994
📧 sarahsladephysio@gmail.com