Privacy and Data Protection Policy

Your privacy is very important to us. This document gives you information about the data we collect, why we collect it, how we use and store it.

The Boxgrove Clinic is committed to maintaining the personal information it holds about you in accordance with the requirements of applicable data protection, data privacy and medical record legislation.

Any information you do provide will remain confidential and will be processed only for the purposes specified in this Privacy Policy. The information you provide will be recorded, processed and retained in electronic and/or paper form. Any sensitive data you supply us with, which includes such things as details about your state of health, in giving such information you are deemed to be providing us with explicit consent to process the information for the purposes specified in this Policy.

Who are we?

The Boxgrove Clinic is a private health and wellbeing clinic based at The Old Granary, The Street, Boxgrove PO18 0ES. The Clinic provides private treatments including physiotherapy, soft tissues therapy, sports massage, podiatry and a range of exercise classes. You can contact us at the above address or by calling Tel: 01243-696630.

For the purposes of this policy The Boxgrove Clinic is the Data Controller.

How do we gather Data?

We will gather all the information we need to provide you with the appropriate treatment or for you to take part in one of our exercise sessions at your first visit to the clinic by asking you to complete a Patient or Class Contract. For those receiving treatment this will include any information we need to identify you medically. (For example: legal name, date of birth, postal address, contact phone number). When you first provide your personal information you will also be given the option to opt in for email appointment reminders and email marketing in order to receive information about our classes, events and newsletters. We will not send you email marketing unless you tick the box to consent to us contacting you in this way, or unless you have asked us to previously. You can opt out of email marketing at any time by clicking the Unsubscribe link at the bottom of any email, or by contacting Reception.

As with all sensitive data we keep all of these details securely in our systems. The exception is payment details, which are sent to and managed securely by our payment service provider. We do not keep a record of your credit card, for example, apart from the card type and last four digits for reference. If you provide us with card details to make payment over the phone we enter those directly into our card processor, the details are not recorded. In the event of a phone payment we will ask you what you would like us to do with your receipt. You can choose for it to be posted to you, retained until your next visit, or destroyed.

When you opt in to receive email marketing

There are several ways you might do this, for example:

• using an online request
• giving your details to staff in clinic as part of your class or patient contract
• when attending an event and asking us to send you emails.

When you first sign up for emails we will send you a welcome email to make sure you want to receive emails from us. You can opt out of email marketing at any time by clicking the Unsubscribe link at the bottom of any email, or opt out of any marketing by contacting the clinic.

When you contact the clinic

If you telephone the clinic to make an appointment or to request information we will usually ask for your name, a contact telephone number and email. This is in order for us to book he appointment with one of clinicians or to book you into the class. It also allows us to contact you in the event of a change to your appointment or class, and to send you an email appointment reminder. If you do not wish us to email you with reminders please inform reception and complete your contract to this effect. You can at any time ask us to stop emailing reminders to you by contacting reception at the clinic.

When you are referred by a third party

If you are referred to the clinic by a third party such as a consultant or a GP they will provide us with the key information to identify and contact you. We will store your referral data as part of your clinic records if you attend an appointment as they form part of your medical records. If you do not respond to our offer of an appointment we notify the referrer and then your referral will be destroyed and any electronic record created will be deleted.

How do we use your data?

Primarily we use the data you give us to fulfil our contract with you to provide treatment or exercise sessions, and to keep accurate records of any treatment to provide continuing care. We will use your email and/or mobile number to provide appointment reminders unless you have requested that we do not, and to forward copies of any exercises prescribed by your therapist or invoices/receipts that you may request.

The legal basis we use for processing data related to your treatment and marketing purposes is called ‘legitimate interest’.

We have a legal obligation to keep this data for the length of time in line with statutory requirements.

When you opt in to email marketing

We use any data you provide to us (at any time) as a way to send you the most relevant marketing, or the marketing you specifically consented to. For example:
• changes, updates or new class information
• health and wellbeing information as part of our newsletter
• information about clinic events
All of our emails include an ‘unsubscribe’ option and you can do this at any time. This will automatically remove you from our mailing list. Alternatively you can at any time contact Reception and asked to be removed.

Who we may disclose your information to

To ensure that you receive the best level of care we may share your personal data with the following:

• other practitioners within the clinic to seek a second opinion or utilize their expertise in order to benefit your treatment
• your GP should we advise you to seek an appointment following treatment or to provide them with details of any treatment you have received where appropriate
• the Consultant who referred you to the clinic so that they have a full picture of your treatment prior to any future appointments in order to benefit your continuing medical care
• a Consultant to whom we are referring you for further treatment
• the Lead Clinician or Director who has responsibility for auditing clinic records to ensure they meet professional and legal standards
• a Solicitor, who must provide your written consent for the release of your records, in the event you have asked them to act on your behalf following an accident or other legal proceedings
• where we are requested to do so to comply with a legal duty

We do not share your data with any other unrelated outside companies.

Your credit card data is processed securely through an external secure card processing company, as detailed elsewhere in this policy. Our copies of paper receipts are stored securely for financial reasons and we must retain this information in line with statutory requirements.

Accessing and updating your personal data

You have the right:

• to access your personal data (to ask us what information we hold about you).
• to ask for your data to be deleted or corrected. We rely on your input where information changes to inform us during the course of your treatment. For example, should you move house or your contact number or email change. Where we are able we will delete data, however, we are legally obliged to retain medical information in line with statutory requirements.
• to ask us to stop processing your data. Where we are able to do this we will unless required to do so in line with a statutory requirement.
• to stop receiving marketing from us. You can opt out at any time as described elsewhere in this policy.

To exercise your rights please contact clinic Reception or one of our Directors.

Keeping your information secure

We will take reasonable technical and organisational security measures to safeguard your personal information. Your information is stored securely on a computer system and in paper form in a locked cabinet in a secure room when not required in clinic. Access is limited to those booking or providing your treatment unless described elsewhere in this policy. However, the use of the internet is not entirely secure and for this reason we cannot guarantee the security of any personal information which is transferred through the internet or email.

Internet communications are not secure unless the data being sent is encrypted. We cannot accept any responsibility for unauthorised access by a third party or the corruption of data sent to us.
Messages that you send to us by email are not secure. We recommend that you do not send any confidential information to us by email. If you choose to send any confidential information to us via email, you do so at your own risk with the knowledge that a third party may intercept this information. Instructions sent by you via email and to the website are processed exclusively at your risk. Should you prefer, please ask for one of our staff to contact you by telephone as they will be happy to discuss your treatment with you.


Should you have any concerns regarding the privacy of your data you should contact Reception or one of our Directors at the clinic.