top of page

privacy policy

Grantham Physiotherapy Practice is committed to protecting and respecting your privacy. We understand that your personal data is entrusted to us and appreciate the importance of protecting and respecting your privacy. To this end, we comply fully with the data protection law in force in the UK (“Data Protection Laws”) and with all applicable clinical confidentiality guidelines.


This Privacy Policy sets out the basis on which we collect and process personal data about you including our practices regarding the collection, use, storage and disclosure of personal data that we collect from you and/or hold about you and your rights in relation to that data. 


By providing your personal data to us or by using our services or website, you are accepting or consenting to the practices as described or referred to in this Privacy Policy.


For the purpose of Data Protection Laws, the data controller is Grantham Physiotherapy Practice Ltd.


What personal data may we collect from you?


When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual. Accordingly, we may hold and use personal data about you as a customer, a patient or in any other capacity, for example, when you visit one of our websites, complete a form, access our services or speak to us. 


Personal data we collect from you may include the following:

  • information that you give us when you enquire or become a customer or patient of us or apply for a job with us including name, address, contact details (including email address and phone number)

  • details of referrals, quotes and other contact and correspondence we may have had with you

  • details of services and/or treatment you have received from us or which have been received from a third party and referred on to us

  • information obtained from customer surveys, promotions and competitions that you have entered or taken part in

  • notes and reports about your health and any treatment and care you have received and/or need, including about clinic and hospital visits and medicines administered

  • patient feedback and treatment outcome information you provide

  • information about complaints and incidents

  • a record of the money we have received or is owed to us by yourself.


When do we collect personal data about you?

We may collect personal data about you if you:

  • enquire about any of our services or treatments

  • register to be a customer or patient with us or book to receive any of our services or treatments

  • fill in a form or survey for us

  • fill out a form on our website

  • participate in a competition or promotion or other marketing activity

  • contact us, for example by email, telephone or social media.


What personal data we may receive from third parties and other sources?

We may collect personal data about you from third parties such as:

  • Insurance providers will pass Grantham Physiotherapy Practice personal data of patients who have commenced a claim and require treatment with Grantham Physiotherapy Practice. This will normally be in the form of a referral and may consist of basic details e.g full name, date of birth, address, contact number and email address and the type of procedure/treatment they require.


How do we use your personal data?


Your personal data will be kept confidential and secure and will only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy, applicable Data Protection Laws, clinical records retention periods and clinical confidentiality guidelines. 


We normally process personal data if it is: 

  • necessary to provide you with our services - to enable us to carry out our obligations to you arising from any contract entered into between us and you including relating to the provision by us of services or treatments to you and related matter such as billing, accounting and audit, credit or other payment card verification and anti-fraud screening

  • in our or a third party's legitimate interests to do so e.g private medical insurer

  • required or allowed by any applicable law

  • with your explicit consent e.g direct marketing communications.


Generally, we will only ask for your consent to processing if there are no other legal grounds to process. In these circumstances, we will always aim to be clear and transparent about why we need your consent and what we are asking it for. Where we are relying on consent to process personal data you have the right to withdraw your consent at any time, please see details below.

Your right to be forgotten

You have the right to have your personal data deleted or amended on request and to withdraw treatment consent at any time. However, we are required by law to retain medical notes pertaining to treatment episodes. 


How to request access to personal data

  • Put your request in writing specifying the personal data you want to access. Send the request to Grantham Physiotherapy Practice Ltd or email If someone else is making this request on your behalf, you must send us a signed and dated statement that you give your consent for this.


You have the right to request that we correct any inaccuracies in your data. If you wish to do this, please follow the same guidelines as above for requesting personal data. Please be specific as to the information that requires correction and the new information that should replace it. 


You also have the right to ask us to stop processing your personal data for direct marketing purposes. If you wish to exercise this right, you should:

  • put your request in writing 

  • provide us with enough information to identify you.


Children’s data 

GDPR require a child’s parents to give consent to use their data, therefore it is essential that we document any processes related to the collection of children’s data.


The collection of children’s data does not vary from the collection of adult data except that the parent/guardian email address and home address will be used. The storage of notes for children will be 30 years. Consent to collect data is requested from the parent at time of first attendance.


What we would do if there was a data breach?

If there was a data breach the source of the breach would be investigated. The measures put in place to rectify the data breach and prevent future breaches would be documented and audited. Patients affected by the data breach would be informed.


Any changes we may make to our privacy policy in the future will be posted on this page. 

bottom of page