Privacy Policy
Last updated: March 2026
Embody Physiotherapy respects your privacy and is committed to protecting your personal data. This privacy notice explains how personal data is collected, used, stored, and protected when you use our website or receive physiotherapy services from us. It also explains your rights under UK data protection law.
Embody Physiotherapy handles personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Important Information and Who We Are
Purpose of this Privacy Notice
This privacy notice explains how Embody Physiotherapy collects and processes personal data when you:
visit our website
make an enquiry
book an appointment
receive physiotherapy treatment
It is important that you read this notice so that you understand how and why your data is used.
This website is not intended for children and we do not knowingly collect personal data relating to children without parental or guardian involvement.
Data Controller
Embody Physiotherapy is the data controller responsible for your personal data.
Contact Details
If you have any questions about this privacy policy or how your data is handled, please contact:
Embody Physiotherapy
Embody Studio
92 Mill Rise
Brighton
BN1 5GH
Email: embodyphysiotherapybrighton@gmail.com
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters:
However, we would appreciate the opportunity to address your concerns first.
2. The Data We Collect About You
Personal data means any information that can identify an individual.
We may collect, store, and process the following types of data:
Identity Data
Name, date of birth, and address.
Contact Data
Email address, phone number, and billing address.
Health Information (Special Category Data)
As part of providing physiotherapy treatment we collect health information including:
medical history
injury details
physiotherapy assessment findings
treatment records and progress notes
GP or consultant details where relevant
This information is necessary to provide safe and effective care.
Financial Data
Payment information where required for appointment payments.
Technical Data
When you visit our website we may automatically collect:
IP address
browser type
device information
website usage data
This helps us understand how our website is used and improve its performance.
If You Do Not Provide Personal Data
Where we require personal information to provide physiotherapy services and it is not provided, we may not be able to offer treatment safely or effectively.
3. How Your Personal Data Is Collected
We collect personal data in several ways:
Directly From You
Information may be provided when you:
complete an enquiry or contact form
book an appointment
complete an initial assessment form
communicate with us via phone, email, or in person
attend a physiotherapy consultation
provide feedback
During Treatment
During the course of physiotherapy we create and maintain clinical records relating to your assessment and treatment.
These records may be stored securely within encrypted clinical record systems.
Automated Technologies
When you use our website, certain technical information may be collected automatically through cookies and analytics tools.
4. How We Use Your Personal Data
We will only use your personal data when permitted by law.
Most commonly we use your data to:
provide physiotherapy assessment and treatment
maintain accurate clinical records
communicate with you regarding appointments
manage bookings and payments
comply with legal and professional obligations
Where appropriate, information may also be shared with other healthcare professionals involved in your care with your consent.
Marketing
Embody Physiotherapy does not use your personal information for marketing and does not sell or share your information with third parties for marketing purposes.
5. Sharing Your Personal Data
Your information may be shared when necessary with:
your GP
consultants or healthcare professionals involved in your care
your private medical insurer (if applicable)
individuals you request us to communicate with (such as a coach, carer, or family member)
Information will only be shared when necessary for your care or where required by law.
6. International Transfers
Embody Physiotherapy does not intentionally transfer personal data outside the United Kingdom or European Economic Area.
If digital systems used for secure clinical records store data internationally, this will only occur where appropriate safeguards are in place.
7. Data Security
We take appropriate measures to protect personal data against:
unauthorised access
loss or misuse
alteration or disclosure
Clinical records are stored securely and only accessible to authorised individuals.
Procedures are in place to respond to any suspected data breaches and to notify relevant authorities where required.
8. Data Retention
Healthcare providers are legally required to retain medical records.
Physiotherapy records are typically retained for:
8 years after the last appointment for adults
until age 25 (or 26 if aged 17 at the time of treatment) for children
After this period records may be securely destroyed or anonymised.
9. Your Legal Rights
Under UK data protection law you have rights regarding your personal data.
These include the right to:
request access to your personal data
request correction of inaccurate information
request deletion of data (where legally permissible)
object to certain processing activities
request restriction of processing
request transfer of your data to another provider
withdraw consent where processing relies on consent
To exercise these rights please contact us using the details above.
10. Response Times
We aim to respond to legitimate requests within one month.
In complex cases we may require additional time and will notify you if this occurs.
Cookies
Our website may use cookies to improve user experience and understand website usage.
You can control cookie settings through your browser preferences.