Privacy Policy

Last updated: March 2026

Embody Physiotherapy respects your privacy and is committed to protecting your personal data. This privacy notice explains how personal data is collected, used, stored, and protected when you use our website or receive physiotherapy services from us. It also explains your rights under UK data protection law.

Embody Physiotherapy handles personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Important Information and Who We Are

Purpose of this Privacy Notice

This privacy notice explains how Embody Physiotherapy collects and processes personal data when you:

  • visit our website

  • make an enquiry

  • book an appointment

  • receive physiotherapy treatment

It is important that you read this notice so that you understand how and why your data is used.

This website is not intended for children and we do not knowingly collect personal data relating to children without parental or guardian involvement.

Data Controller

Embody Physiotherapy is the data controller responsible for your personal data.

Contact Details

If you have any questions about this privacy policy or how your data is handled, please contact:

Embody Physiotherapy
Embody Studio
92 Mill Rise
Brighton
BN1 5GH

Email: embodyphysiotherapybrighton@gmail.com

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters:

www.ico.org.uk

However, we would appreciate the opportunity to address your concerns first.

2. The Data We Collect About You

Personal data means any information that can identify an individual.

We may collect, store, and process the following types of data:

Identity Data

Name, date of birth, and address.

Contact Data

Email address, phone number, and billing address.

Health Information (Special Category Data)

As part of providing physiotherapy treatment we collect health information including:

  • medical history

  • injury details

  • physiotherapy assessment findings

  • treatment records and progress notes

  • GP or consultant details where relevant

This information is necessary to provide safe and effective care.

Financial Data

Payment information where required for appointment payments.

Technical Data

When you visit our website we may automatically collect:

  • IP address

  • browser type

  • device information

  • website usage data

This helps us understand how our website is used and improve its performance.

If You Do Not Provide Personal Data

Where we require personal information to provide physiotherapy services and it is not provided, we may not be able to offer treatment safely or effectively.

3. How Your Personal Data Is Collected

We collect personal data in several ways:

Directly From You

Information may be provided when you:

  • complete an enquiry or contact form

  • book an appointment

  • complete an initial assessment form

  • communicate with us via phone, email, or in person

  • attend a physiotherapy consultation

  • provide feedback

During Treatment

During the course of physiotherapy we create and maintain clinical records relating to your assessment and treatment.

These records may be stored securely within encrypted clinical record systems.

Automated Technologies

When you use our website, certain technical information may be collected automatically through cookies and analytics tools.

4. How We Use Your Personal Data

We will only use your personal data when permitted by law.

Most commonly we use your data to:

  • provide physiotherapy assessment and treatment

  • maintain accurate clinical records

  • communicate with you regarding appointments

  • manage bookings and payments

  • comply with legal and professional obligations

Where appropriate, information may also be shared with other healthcare professionals involved in your care with your consent.

Marketing

Embody Physiotherapy does not use your personal information for marketing and does not sell or share your information with third parties for marketing purposes.

5. Sharing Your Personal Data

Your information may be shared when necessary with:

  • your GP

  • consultants or healthcare professionals involved in your care

  • your private medical insurer (if applicable)

  • individuals you request us to communicate with (such as a coach, carer, or family member)

Information will only be shared when necessary for your care or where required by law.

6. International Transfers

Embody Physiotherapy does not intentionally transfer personal data outside the United Kingdom or European Economic Area.

If digital systems used for secure clinical records store data internationally, this will only occur where appropriate safeguards are in place.

7. Data Security

We take appropriate measures to protect personal data against:

  • unauthorised access

  • loss or misuse

  • alteration or disclosure

Clinical records are stored securely and only accessible to authorised individuals.

Procedures are in place to respond to any suspected data breaches and to notify relevant authorities where required.

8. Data Retention

Healthcare providers are legally required to retain medical records.

Physiotherapy records are typically retained for:

  • 8 years after the last appointment for adults

  • until age 25 (or 26 if aged 17 at the time of treatment) for children

After this period records may be securely destroyed or anonymised.

9. Your Legal Rights

Under UK data protection law you have rights regarding your personal data.

These include the right to:

  • request access to your personal data

  • request correction of inaccurate information

  • request deletion of data (where legally permissible)

  • object to certain processing activities

  • request restriction of processing

  • request transfer of your data to another provider

  • withdraw consent where processing relies on consent

To exercise these rights please contact us using the details above.

10. Response Times

We aim to respond to legitimate requests within one month.

In complex cases we may require additional time and will notify you if this occurs.

Cookies

Our website may use cookies to improve user experience and understand website usage.

You can control cookie settings through your browser preferences.