Privacy Policy

Last updated: 15/11/25

Practice name: Kim Baxter Physiotherapy

Contact: kimbaxterphysiotherapy@gmail.com, 0114 266 1138

1. Introduction

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our physiotherapy services. We are committed to ensuring that your privacy is protected and that we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Kim Baxter Physiotherapy is the Data Controller for the personal information you provide to us.
If you have any questions about this policy or how we manage your data, please contact:
Data Protection Lead: Kim Baxter

 Email: kimbaxterphysiotherapy@gmail.com

3. What Information We Collect

We may collect and process the following types of personal data:

Personal and Contact Details

  • Name

  • Address

  • Date of birth

  • Telephone number

  • Email address

  • Emergency contact details

Medical and Health Information

  • Medical history

  • GP or consultant details

  • Clinical notes relating to assessment and treatment

  • Diagnostic reports and imaging relevant to your care

Administrative and Payment Information

  • Appointment records

  • Payment information (processed securely through our payment provider; we do not store card details)

  • Insurance details (if applicable)

4. How We Collect Your Information

We collect information in the following ways:

  • Directly from you during booking, assessment, or treatment

  • From your GP, consultant, or insurer with your consent

  • Through our website or online booking system

5. Why We Collect Your Information (Lawful Basis)

We process your personal data under the following lawful bases:

  • Provision of healthcare (UK GDPR Art. 6(1)(b) & Art. 9(2)(h)) – to assess, diagnose, and treat your condition

  • Legal obligations – to maintain accurate medical records and comply with healthcare regulations

  • Consent – where required, such as for sharing information with third parties

6. How We Use Your Information

We use your information to:

  • Provide physiotherapy assessment and treatment

  • Communicate with you regarding appointments or your care

  • Maintain accurate and legally compliant clinical records

  • Liaise with your GP, consultant, or insurer (with your consent)

  • Process payments and manage billing

We do NOT use your personal information for marketing purposes.

We will never sell, distribute, or share your information with third-party marketing organisations.

7. Sharing Your Information

We only share your data when necessary for your care or to meet legal obligations, including with:

  • Your GP, consultant, or other healthcare professionals (with your consent)

  • Your insurer (if applicable)

  • IT service providers who support our clinical systems (all bound by confidentiality and data-processing agreements)

We do not transfer your data outside the UK unless adequate safeguards are in place.

8. Data Storage and Security

We store personal data securely using encrypted and password-protected clinical systems.
We take appropriate technical and organisational measures to protect your information from loss, misuse, unauthorised access, or alteration.

9. Data Retention

We retain your clinical records for the period required by law and professional guidelines:

  • Adults: 8 years from the date of last treatment

  • Children: Until the patient’s 25th birthday (or 26th if aged 17 at the time of last treatment)

  • Insurance-related cases: As required by the insurer

After this period, your data will be securely deleted or destroyed.

10. Your Rights

You have the following rights under UK GDPR:

  • Right to access – Request copies of your personal data

  • Right to rectification – Correct inaccurate or incomplete data

  • Right to erasure – Request deletion of your data (in some circumstances)

  • Right to restrict processing – Ask us to limit how we use your data

  • Right to object – Object to processing (where applicable)

  • Right to data portability – Request your data in a structured, commonly used format

  • Right to complain – You may raise a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk

11. Changes to This Privacy Policy

We may update this policy occasionally. Any updates will be posted in-clinic and on our website.
Please check regularly to stay informed.