GDPR Policy
Last Updated: August 2025
At Farnham Physiotherapy & Sports Clinic, we are committed to protecting the privacy and security of our patients’ personal data. This policy explains how we collect, use and safeguard your information in accordance with the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and other applicable laws.
1. Data Collection
We collect personal data in order to provide high-quality physiotherapy services. This data may include:
• Name
• Contact details (address, e-mail, telephone)
• Date of birth
• Medical history and current health information
• Treatment notes and progress reports
Data are obtained during consultations and subsequent appointments, via our online booking system and through patient intake forms.
2. Use of Data
Personal data are used to:
• Provide physiotherapy assessments, treatments and rehabilitation programmes
• Communicate about appointment scheduling, reminders and follow-up care
• Maintain accurate medical records and treatment notes
• Raise invoices and process payments
• Meet legal and regulatory obligations
3. Data Sharing
We share personal data only when necessary to deliver our services or when required by law. Examples include:
• Other healthcare professionals involved in your care
• Insurance companies or third-party payers
• IT service providers who host and secure our systems
We do not sell or disclose data to third parties for marketing purposes without explicit consent.
4. Data Security
Appropriate technical and organisational measures are in place, including:
• Role-based access controls and two-factor authentication
• Ongoing system monitoring for security vulnerabilities
• Mandatory staff training on data-protection best practice
5. Data Retention
Personal data are held only as long as necessary for the purposes stated or as required by law. When no longer needed, data are securely deleted or anonymised.
6. Patient Rights
You have the right to: access your data, rectify inaccuracies, request erasure (in certain circumstances), restrict or object to processing, and receive your data in a portable format. Please contact us using the details below to exercise these rights.
7. Marketing Communications
We occasionally share educational content, service updates, special offers and event invitations by e-mail, SMS or WhatsApp. Marketing messages are sent only to individuals who:
• Have provided consent on our intake form or online-booking page, or
• Are existing patients and have been offered a clear opt-out.
You may withdraw consent or unsubscribe at any time by clicking the unsubscribe link in an e-mail, replying “STOP” to an SMS or contacting us directly.
8. Online Booking & Third-Party Integrations
Our website uses the Cliniko online-booking system. When you book an appointment online:
• The data you enter are transmitted securely to Cliniko Ltd, which acts as our data processor under a binding Data-Processing Agreement.
• Your details are stored on Cliniko’s UK-based or EU-based servers, protected by industry-standard encryption.
• Appointment confirmation, reminder and follow-up messages may be sent automatically via e-mail or SMS.
We also use secure integrations with marketing automation software solely for appointment management, review requests and service-specific education. No data are transferred outside these systems without lawful basis and contractual safeguards.
