Privacy Policy

Privacy Policy

Introduction
Perform Osteopathy is committed to protecting your privacy and handling your personal data in a lawful, fair and transparent way.
This privacy notice explains how we collect, use, store and protect your personal data, including health information, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

Perform Osteopathy is the data controller for the personal data we hold.
Contact details:
Perform Osteopathy
71 Oxford Street
Glasgow
G5 9EP
Email: info@performosteopathy.co.uk
Phone: 0141 530 1425

If you have any questions about this privacy notice or how your data is handled, please contact us using the details above.

What personal data we collect

We may collect and process the following types of personal data:

Personal information
  • Name, address, email address, telephone number
  • Date of birth
  • Emergency contact details
Health and clinical information (special category data)
  • Medical history and relevant health information
  • Assessment findings and clinical notes
  • Treatment records and care plans
  • Correspondence relating to your care
Administrative and financial information
  • Appointment details
  • Payment and invoicing records
Website and communications data
  • Emails or messages you send us
  • Website enquiry forms

How we use your information

We use your personal data to:
  • Provide safe and effective osteopathic care
  • Maintain accurate clinical records
  • Communicate with you about appointments and your care
  • Manage billing and accounts
  • Meet our legal, regulatory and professional obligations
  • Improve our services
  • Respond to enquiries, complaints or concerns

Lawful basis for processing

Under UK GDPR, we rely on the following lawful bases:
  • Provision of healthcare: processing is necessary for the management of health and social care systems and services
  • Legal obligation: to meet regulatory, insurance and accounting requirements
  • Legitimate interests: for running the clinic safely and effectively
  • Consent: where required (for example, marketing communications)
  • For health information, we also rely on the special category condition that processing is necessary for the provision of health or social care.

Use of third-party data processors

We use secure third-party data processors to support the running of the clinic. These may include systems for:
  • Practice management and clinical records
  • Appointment scheduling
  • Secure email or messaging
  • Payment processing
  • Cloud data storage and backup
All third-party processors we use are required to:
  • Comply with UK GDPR
  • Process data only on our instructions
  • Use appropriate technical and organisational security measures
  • Keep your information confidential
We only use reputable providers and have data processing agreements in place where required.
A list of our current processors can be provided on request.

How we store and protect your data

We take data security seriously. Measures include:
  • Secure, password-protected clinical systems
  • Encrypted or secure cloud-based services
  • Access limited to authorised staff only
  • Locked storage for any paper records
  • Staff confidentiality obligations
We regularly review how information is stored and protected.

How long we keep your data

We keep records only for as long as necessary.
Clinical records are retained in line with professional guidance, legal requirements and insurance obligations (typically for 8 years after your last appointment).
Once records are no longer required, they are securely deleted or destroyed.

Sharing your information

We do not sell your data.
We may share information where necessary:
  • With other healthcare professionals involved in your care (with appropriate justification or consent)
  • With regulatory bodies if legally required
  • With our insurers or professional advisers
  • With third-party processors who provide services to the clinic
We will only share the minimum necessary information.

Your rights

Under data protection law, you have the right to:
  • Access the personal data we hold about you
  • Request correction of inaccurate information
  • Request erasure (in some circumstances)
  • Request restriction of processing
  • Object to processing in certain situations
  • Data portability (where applicable)
  • Withdraw consent where processing relies on consent
To exercise your rights, contact us using the details above.

Complaints

If you are unhappy with how we handle your data, please contact us first so we can try to resolve the issue.
You also have the right to complain to the Information Commissioner’s Office (ICO) www.ico.org.uk.

Changes to this privacy notice

We may update this privacy notice from time to time. The most recent version will always be available from the clinic or on our website.