• Home
  • Services
  • Treatment Costs
  • Our Team
  • Our Clinics
  • Online Booking
  • Conditions We Treat
  • Photo Gallery
  • More
    • Home
    • Services
    • Treatment Costs
    • Our Team
    • Our Clinics
    • Online Booking
    • Conditions We Treat
    • Photo Gallery
  • Home
  • Services
  • Treatment Costs
  • Our Team
  • Our Clinics
  • Online Booking
  • Conditions We Treat
  • Photo Gallery

Physiotherapy Services by Jemma Oliver

This privacy policy outlines how Jemma Oliver Physio collects, uses, stores, and protects your personal information, in accordance with the General Data Protection Regulation (GDPR) and UK data protection laws.


1. Introduction

Jemma Oliver Physio is committed to protecting your privacy and handling your personal data with care and respect. This policy explains how we collect, use, and safeguard your information when you use our physiotherapy services.


2. Who We Are

  • Practice Name: Jemma Oliver Physio
  • Contact Details:
    • Address: Galloways, Howick Park Ave, Penwortham, PR1 0LS 
    • Email: jemmaoliverphysio@gmail.com
    • Phone: 07377869584
  • Data Controller: Jemma Oliver - Clinic Owner

3. What Personal Data We Collect

We collect and process various types of personal data, including:

  • Personal Identification Information: Name, address, date of birth, contact details (phone number, email address).
  • Health Information: Medical history, current conditions, symptoms, diagnoses, treatment plans, progress notes, test results, imaging reports, and any other information necessary for providing physiotherapy care. This is considered "special category data" under GDPR.
  • Contact Information for Emergencies/Next of Kin: If provided by you.
  • Payment and Billing Information: Details related to your appointments and payments.
  • Communication Records: Correspondence between you and our practice.
  • Website Usage Data (if applicable): Information collected through our website, such as IP addresses, browser type, and pages visited (see Section 9 for more details on cookies).

4. How We Collect Your Data

We collect your data through various means:

  • Directly from You:
    • During initial consultations and ongoing appointments.
    • Through intake forms, questionnaires, and consent forms.
    • Via phone calls, emails, or other direct communications.


  • From Third Parties (with your consent or as required by law):
    • From your GP or other healthcare professionals if you are referred to us or if we need to liaise with them for your care.
    • From your insurance provider if you are using private health insurance.


5. Why We Collect and Process Your Data (Purposes and Legal Basis)

We collect and process your personal data for the following purposes, relying on specific legal bases under GDPR:

  • To Provide Physiotherapy Services: This is our primary purpose. We need your information to assess your condition, diagnose, plan and deliver treatment, and monitor your progress.
    • Legal Basis: Performance of a contract (your implied or explicit agreement for us to provide services) and legitimate interests (our interest in providing effective care). For health data, this is also processed for medical diagnosis, provision of health or social care or treatment.


  • To Communicate with You: To inform you about appointments, changes to services, and relevant practice information.
    • Legal Basis: Performance of a contract and legitimate interests.


  • For Billing and Administration: To process payments, manage accounts, and maintain accurate records.
    • Legal Basis: Performance of a contract and legal obligations.


  • To Comply with Legal Obligations: Such as mandatory reporting or responding to court orders.
    • Legal Basis: Legal obligations.


  • For Quality Improvement and Training: To review the quality of care, for internal audits, and to train our staff. Where possible, data will be anonymised.
    • Legal Basis: Legitimate interests and legal obligations (e.g., professional body requirements).


  • For Research (Anonymised Data): In some cases, anonymised data may be used for research purposes, with appropriate ethical considerations.
    • Legal Basis: Consent (if explicit consent is obtained for research) or legitimate interests (for anonymised data).


6. How We Store and Protect Your Data

We implement robust security measures to protect your personal data:

  • Confidentiality: All patient information is treated with the strictest confidence by our staff.
  • Physical Security: Paper records are stored in locked filing cabinets in secure premises.
  • Electronic Security: Electronic records are stored on secure, password-protected computer systems with up-to-date anti-virus software and firewalls. We use encrypted systems where appropriate.
  • Access Control: Access to your personal data is restricted to authorised personnel on a "need-to-know" basis.
  • Data Minimisation: We only collect and retain data that is necessary for the purposes outlined in this policy.
  • Secure Transmission: Any electronic transmission of data is done via secure and encrypted methods where possible.


7. How Long We Keep Your Data (Retention Periods)

We retain your personal data for a period that is:

  • Necessary for the purposes for which it was collected.
  • In accordance with legal and professional requirements.

Generally, we will retain physiotherapy treatment records for at least  7 years after the last attendance, or until a child reaches the age of 25, whichever is longer, in line with professional guidelines like those from the CSP. After this period, records will be securely destroyed.


8. Sharing Your Data (Disclosure)

We will not share your personal data with third parties for marketing purposes. We may share your information in the following circumstances:

  • With Your Consent: When you explicitly authorise us to share information with specific individuals or organisations (e.g., a specialist, employer, or solicitor).
  • To Provide Your Care: With other healthcare professionals involved in your care (e.g., your GP, hospital specialists) on a "need-to-know" basis.
  • Legal or Regulatory Requirements: If we are legally obliged to do so (e.g., by court order, law enforcement, or regulatory bodies).
  • With Third-Party Service Providers: We may use third-party providers for services such as IT support, secure cloud storage, or accounting. These providers are contractually obligated to protect your data and only use it for the purposes we specify.

9. Your Rights

Under GDPR, you have several important rights regarding your personal data:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete personal data we hold.
  • Right to Erasure (Right to be Forgotten): You can request that we delete your personal data in certain circumstances.
  • Right to Restrict Processing: You can ask us to limit how we process your personal data.
  • Right to Object to Processing: You can object to us processing your personal data for certain purposes.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transfer it to another organisation.
  • Right to Withdraw Consent: If we are processing your data based on your consent, you have the right to withdraw that consent at any time.


To exercise any of these rights, please contact us in writing using the details provided in Section 2. We will respond to your request within one month.


10. Website and Cookies 

Our website may use cookies to enhance your browsing experience. Cookies are small text files that are placed on your device when you visit a website. They help us understand how our website is used and improve its functionality.


Types of Cookies Used: essential cookies, analytical cookies, marketing cookies.

  • How to Manage Cookies: You can set your browser to refuse cookies or to alert you when cookies are being sent. Please refer to your browser's help function for instructions.


11. Complaints

If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator.

  • ICO Website: https://ico.org.uk/

You can also raise your concerns directly with us in the first instance.


12. Changes to Our Privacy Policy

We may update this privacy policy from time to time. Any changes will be posted on our website [if applicable] and will become effective upon posting. We encourage you to review this policy periodically.

Effective Date: [Date] Last Updated: [Date]

Important Notes for the Physiotherapy Practice:

  • Customisation: This is a template. You must tailor it to your specific practice, including your exact data collection practices, retention periods, and contact details.
  • Legal Review: It is highly recommended to have this policy reviewed by a legal professional specializing in data protection to ensure full compliance with current UK law.
  • Accessibility: Make this policy easily accessible to your patients, for example, by displaying it on your website, having copies available in your waiting room, and providing it upon request.
  • Staff Training: Ensure all staff members are trained on this privacy policy and understand their responsibilities regarding data protection.
  • Consent Forms: Ensure your consent forms clearly refer to this privacy policy and explain how data will be used.
  • ICO Registration: As a data controller processing personal and sensitive health data, you are likely required to register with the Information Commissioner's Office (ICO). Check the ICO website for requirements.

Copyright © 2025 Jemma Oliver Physio - All Rights Reserved.

Powered by

  • Privacy Policy
  • Online Booking

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept