Privacy (GDPR) Policy – Kate Leeming Physiotherapy
This notice explains what information we collect, when we collect it, and how we use it.
This policy applies from 1st March 2025.
During the course of our activities, we will process personal data (which may be held on paper, electronically, or otherwise) about you, and we recognise the need to treat it in an appropriate and lawful manner. The purpose of this notice is to make you aware of how we will handle your information.We reserve the right to update this policy to reflect changes in legislation or our internal processes. A new version will be made available on our website or by request.
1. Who are we?
This policy applies to Kate Leeming Physiotherapy (“we”), including:
Practitioners: physiotherapists and consultants delivering treatment.
Administrators or managers: all other persons working in connection with the company, especially where they have patient contact, or responsibilities affecting patients.
Employment status: this policy applies to both employed staff and contractors working with us.We take the issue of security and data protection very seriously and strictly adhere to guidelines published in the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, together with any domestic laws subsequently enacted.We process “special category data,” such as health information, under the additional conditions set out in Article 9 of the UK GDPR.Any questions relating to this notice and our privacy practices can be directed to:
📧 info@kateleemingphysiotherapy.co.uk
2. How we collect information from you and what information we collect
We collect information about patients and, where necessary, next of kin.We collect information from:Initial consultations or conversations with you, in person, by phone, or online.Appointments and treatment sessions.Forms, questionnaires, or correspondence with you.Other health professionals involved in your care, with your consent.Our website or other digital platforms (including cookies, if applicable).The type of information collected may include:Name, address, email address, and telephone number.Medical history, initial assessment information, and ongoing treatment notes.Payment and invoicing details (if applicable).Any other information relevant to your treatment and care.Because this may include health details, it is considered “special category data” under UK GDPR and is subject to strict safeguards.
3. Why we need this information and how it will be used
We use your information:To provide physiotherapy and associated services in line with your contract with us.To supply you with the services and information you have requested.To manage and monitor your medical condition and progress.To administer, support, and improve our business and the services we offer.To contact you (with your consent, if required) regarding follow-up care, further treatment, or relevant offers.To meet our legal and regulatory obligations.Our lawful bases under UK GDPR may include:
Contract – to deliver the services you have requested.
Legal obligations – to comply with laws or professional guidelines (e.g., medical record retention).
Vital interests – if urgent medical intervention is required.
Legitimate interests – for administrative purposes, provided these do not override your rights.
Consent – where required, e.g., sending marketing or follow-up messages.
4. Sharing of your information
The information you provide to us will be treated as confidential. We may share your information only for legitimate purposes, including:With other healthcare professionals involved in your care (with your consent).Between practitioners working within Kate Leeming Physiotherapy to ensure continuity of care.With service providers that support our business (e.g., accounting, invoicing, secure cloud hosting, patient management systems).If legally required by regulators, insurers, or authorities.We will not share, sell, or distribute your personal information for marketing or other purposes without your explicit consent.
5. Transfers outside the UK and Europe
Your information will ordinarily only be stored within the UK and European Economic Area (EEA).If it is ever necessary to transfer information outside the UK/EEA, we will ensure appropriate safeguards are in place (e.g., adequacy decisions, standard contractual clauses, or equivalent measures).
6. Security
We take steps to ensure your personal information is kept secure. Data may be stored on:Paper files (stored securely and limited in use).Email accounts, computers, hard drives, secure networks, and encrypted cloud services.Mobile devices with password or biometric protection.Where we rely on external services to store data, we ensure they are GDPR-compliant.
7. How long we keep your information
We retain personal data only for as long as necessary for the relevant activity, legal requirements, or professional guidelines.For medical records, we generally follow the Records Management Code of Practice for Health and Social Care 2021, which requires keeping adult health records for a minimum of 8 years after treatment ends (or longer where required).
8. Your rights
You have the right to:Request a copy of the information we hold about you.Correct inaccuracies in your information.Request the erasure of personal data where it is no longer required.Request restrictions on processing under certain circumstances.Object to processing where lawful basis is legitimate interests.Request the transfer of your data to another provider (data portability).Withdraw consent for marketing or other optional communications.If you wish to exercise any of these rights, please contact us at:
📧 info@kateleemingphysiotherapy.co.uk
9. Contact
For all privacy-related concerns or to exercise your rights, please contact:
Kate Leeming Physiotherapy – Data Protection Officer
📍 123 Street, Huddersfield
📧 info@kateleemingphysiotherapy.co.uk
All Rights Reserved. Website by The Flow Group.
