Privacy Policy for Fosse Physiotherapy

Effective Date: 25/07/2025

Fosse Physiotherapy is committed to protecting your personal data and respecting your privacy. This policy explains how and why we collect, use, and store your personal information, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Fosse Physiotherapy is a physiotherapy and Pilates practice based in Frolesworth, Leicestershire.
The data controller is Joanna Smith, Chartered Physiotherapist.

Contact:
📧 jo@fossephysio.uk
Frolesworth, Leicestershire, UK

2. What Data We Collect

We may collect and process the following data:

Personal Information:

• Full name

• Email address

• Phone number

• Billing address (if applicable)

Health & Service Information:

• Health history, treatment notes, and medical information (if receiving physiotherapy)

• Class attendance and preferences

Payment & Account Data:

• Payment details (processed securely via third-party payment providers)

• Login credentials (for accessing members-only content)

• Purchase history and course access records

Website & Technical Data:

• IP address, device type, browser type

• Website behaviour (via analytics or cookies)

3. How We Collect Data

We collect data when you:

• Book a service or appointment

• Sign up for online classes or courses

• Make a payment or create a login

• Complete a health form or contact form

• Subscribe to our mailing list/marketing updates

• Interact with our website (cookies, analytics)

4. How We Use Your Data

We use your data to:

• Provide physiotherapy and Pilates services (in-person or online)

• Create and manage your account for online classes

• Process payments for courses or services

• Maintain clinical records (where applicable)

• Contact you with booking information, updates, or class reminders

• Send email newsletters and marketing communications,

  only where you have provided explicit consent

• Monitor and improve our website’s performance

You can unsubscribe from marketing emails at any time by clicking the “unsubscribe” link in any email or by contacting us directly.

5. Lawful Basis for Processing

We rely on the following legal bases under UK GDPR:

• Consent – for marketing communications

• Contract – to deliver purchased services/classes

• Legal obligation – to retain clinical records

• Legitimate interest – to manage/improve services

6. Payments & Third-Party Services

Online payments for classes or content are processed through secure third-party providers (e.g. Stripe, PayPal, or Squarespace Payments). We do not store your card details. These platforms are GDPR-compliant and manage your data according to their own privacy policies.

If using a platform to deliver online content (e.g. Squarespace Member Areas, Vimeo, or another course platform), only the information necessary to create and manage your login will be stored.

7. Data Storage & Security

• Clinical records are securely stored using Zanda, a GDPR-compliant practice management system.

• Website data is stored and processed through Squarespace, which uses secure, encrypted servers.

• Online class access data is stored securely via the relevant platform.

We implement physical, digital, and managerial safeguards to protect your data from loss, misuse, or unauthorised access.

8. Data Retention

• Clinical data is retained for 8 years (or until age 25 for children), in line with HCPC and CSP guidelines.

• Account data for online class access is retained as long as you have an active membership or until you request deletion.

• Email marketing data is retained for as long as you remain subscribed. You can unsubscribe or request removal at any time.

• Inactive accounts may be securely deleted after a reasonable period.

9. Your Rights Under

UK GDPR

You have the right to:

• Access the personal data we hold about you

• Correct inaccurate or incomplete information

• Request deletion (where no longer required)

• Withdraw consent for marketing at any time

• Object to or restrict certain processing

• Lodge a complaint with the ICO

  (Information Commissioner’s Office)

To exercise your rights, contact: jo@fossephysio.uk

10. Cookies & Analytics

Our website uses cookies to enhance your experience and monitor site performance. You will be notified of cookie use when you visit the site.

You can adjust cookie preferences via your browser settings.

11. Social Media

Fosse Physiotherapy uses third-party platforms such as Instagram, Facebook, and YouTube to share content and connect with clients and the public.

If you interact with our content on these platforms (e.g. by commenting, liking, or messaging), your information is subject to the privacy policies of those platforms. We do not export or store your personal data from social media outside of the platform unless you provide it directly (e.g. via a direct message asking to book an appointment).

We may link to our social media pages from our website or emails, but we do not track or collect your data from social media without your explicit consent.

For more information, you can refer to:

• Meta (Facebook & Instagram) Privacy Policy

• YouTube Privacy Policy

• Google Privacy Policy

12. Changes to This Policy

We may update this policy from time to time. The most recent version will always be published on our website.

Last updated: 29/08/2025