Privacy

Privacy Policy

Last updated: March 2026  |  Spring Rise Physio Clinic Limited

Spring Rise Physio Clinic Limited (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read it carefully.

1. Who We Are (Data Controller)

The data controller responsible for your personal information is:

Spring Rise Physio Clinic Limited
Company Registration No. 10548587
183 Ipswich Road, Colchester, England, CO4 0EL
Email: info@springrisephysio.net
Tel: 01206 751551 / 07861 251945

2. Data We Collect

We may collect and process the following categories of personal data:

  • Identity data: first name, last name, date of birth (for clinical records).
  • Contact data: email address, telephone number, postal address.
  • Health data: information about your medical history, symptoms, injuries, and treatment (collected during clinical appointments). This is “special category” data under UK GDPR and is handled with additional care.
  • Transaction data: details about payments you make to us, including order details when you purchase from our shop.
  • Technical data: IP address, browser type and version, time zone, browser plug-in types, operating system, and other technology on the devices you use to access this website.
  • Usage data: information about how you use our website and services.
  • Communications data: records of your correspondence with us (email, phone, online forms).

We do not collect any data about criminal convictions or offences. We will only collect special category health data with your explicit consent or where necessary to provide direct healthcare.

3. How We Collect Your Data

We collect personal data through:

  • Direct interactions (booking forms, contact forms, telephone, email, in-person consultations).
  • Our online shop (when you place an order).
  • Automated technologies or interactions (cookies, server logs) when you visit our website.
  • Third parties (e.g., online booking platforms, payment processors such as Stripe).

4. Legal Basis for Processing

We process your personal data under the following lawful bases:

  • Contract: to fulfil a contract with you (e.g., providing physiotherapy sessions, processing shop orders).
  • Legal obligation: to comply with legal requirements (e.g., maintaining clinical records, financial records for HMRC).
  • Legitimate interests: to run and improve our business, prevent fraud, and maintain the security of our website.
  • Explicit consent: for health (special category) data collected during clinical appointments, and for optional marketing communications.

5. How We Use Your Data

We use your personal data to:

  • Book, manage, and deliver clinical appointments and treatments.
  • Maintain clinical records as required by professional and legal obligations.
  • Process and fulfil online orders and manage returns.
  • Communicate with you about appointments, orders, or enquiries.
  • Send appointment reminders (where you have provided your details).
  • Send marketing communications, if you have opted in to receive them.
  • Improve our website and services through analytics.
  • Comply with legal, regulatory, and professional obligations.
  • Prevent and detect fraud or other criminal activity.

6. Sharing Your Data

We do not sell your personal data. We may share your data with trusted third parties only where necessary:

  • Payment processors (e.g., Stripe) to securely process payments. These processors are PCI-DSS compliant and act as data processors under our instruction.
  • IT and system providers (e.g., website hosting, booking software, email services) who are bound by data processing agreements.
  • Healthcare professionals to whom we refer you with your consent, or who refer patients to us.
  • Legal and regulatory authorities where required by law (e.g., HMRC, Information Commissioner’s Office).

All third parties are required to respect the security of your data and to treat it in accordance with UK law. We do not allow them to use your data for their own purposes.

7. Data Retention

We retain personal data only for as long as necessary for the purposes it was collected, including for legal, accounting, and reporting requirements:

  • Clinical records: retained for a minimum of 8 years from the date of the last treatment (or until a minor reaches the age of 25), in line with NHS and Chartered Society of Physiotherapy guidelines.
  • Financial/transaction records: 6 years after the end of the relevant tax year, as required by HMRC.
  • Marketing consent records: until you withdraw consent, plus a reasonable period thereafter.
  • Website usage data (cookies/analytics): up to 26 months.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request that inaccurate or incomplete data be corrected.
  • Right to erasure: request deletion of your data where there is no compelling reason for its continued processing (subject to legal obligations).
  • Right to restriction: request that we restrict processing of your data in certain circumstances.
  • Right to data portability: receive a copy of your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting lawfulness of prior processing.

To exercise any of these rights, please contact us at info@springrisephysio.net. We will respond within one month. There is no fee for making a request, unless it is clearly unfounded or excessive.

9. Data Security

We have put in place appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. These include password-protected systems, encrypted data transmission (HTTPS), and restricted staff access on a need-to-know basis.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours and, where appropriate, will notify you directly.

10. Cookie Policy

Cookies are small text files placed on your device when you visit a website. We use cookies to help our website function correctly, to understand how visitors use the site, and to improve your experience.

Types of cookies we use:

TypePurposeDuration
EssentialNecessary for the website to function (e.g., shopping cart, session management). Cannot be disabled.Session / persistent
AnalyticsHelp us understand how visitors interact with the website so we can improve it (e.g., Google Analytics).Up to 26 months
PreferencesRemember your choices (e.g., cookie consent preferences).12 months

When you first visit our site, we will ask for your consent to use non-essential cookies. You may accept all cookies, accept essential cookies only, or manage your preferences at any time by clearing your browser’s cookie storage or adjusting your browser settings. Note that disabling cookies may affect the functionality of certain parts of our website.

Our website does not use advertising or tracking cookies for third-party ad targeting.

For full details about the cookies we use, please see our Cookie Policy.

11. Marketing Communications

Where you have opted in to receive marketing emails or messages from us, we may send you information about our services, offers, and news. You may unsubscribe at any time by clicking the “unsubscribe” link in any marketing email or by contacting us directly. We will not share your contact details with third parties for their own marketing purposes.

12. Third-Party Links

Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.

13. Complaints

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues: ico.org.uk or by calling 0303 123 1113.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “last updated” date. We encourage you to review this policy periodically. Where changes are material, we will notify you by email or by a prominent notice on our website.

15. Contact Us

For any questions or concerns about this Privacy Policy, or to exercise your data protection rights, please contact us:

Post: Spring Rise Physio Clinic Limited, 183 Ipswich Road, Colchester, England, CO4 0EL
Email: info@springrisephysio.net
Tel: 01206 751551 / 07861 251945

Questions? We're Here to Help

Contact us by phone or email and we'll be happy to assist.

01206 751551 Email Us