Privacy Policy & Terms and Conditions
Privacy Policy & Terms and Conditions
Last Updated: 06 February 2025
Compliance: UK GDPR, Data Protection Act 2018 (as amended by the Data (Use and Access) Bill 2025), EU GDPR (where applicable), Consumer Contracts Regulations 2013.
1. Introduction
At Belfast Physio & Massage, we are committed to protecting and respecting your privacy. This document outlines how we collect, use, store, and protect your personal data in compliance with UK and Northern Ireland data protection laws.
By using our services or website, you agree to the practices outlined in this policy.
2. Who We Are
• Business Name: Belfast Physio & Massage
• Data Controller: Belfast Physio & Massage
• Contact Details:
- Address:427A Lisburn Road, BT9 7EY, Belfast
- Email: : info@belfastphysioandmassage.co.uk
- Phone: 028 9066 3294
3. Description of Services
Belfast Physio & Massage is operated by qualified and registered physiotherapists, offering physiotherapy, therapeutic massage, and related treatments. Our services aim to maintain, restore, and enhance the health of our clients.
We use Jane App for our online booking system, and secure payments are processed through Takepayments, Barclays, SumUp, Square and Stripe.
By using our booking system, you consent to the collection and processing of your personal data as outlined in this policy.
4. Data We Collect
We collect and process the following types of personal data:
- Personal Identification Data: Full name, date of birth, gender, contact details.
- Medical Information: Patient history, treatment records, GP details.
- Financial Data: Payment details, transaction history.
- Technical Data: IP address, browser type, website usage patterns (via cookies).
- Employment Data: CV, references, and qualifications (if applying for a job).
5. How We Collect Your Data
We obtain your data through:
- Direct interactions (e.g., booking an appointment, filling out forms).
- Automated tracking (e.g., cookies on our website).
- Third-party sources (e.g., referrals from GPs or health insurers).
6. How We Use Your Data
We process your data for the following lawful purposes under UK GDPR:
✔ Providing healthcare services (contractual necessity).
✔ Processing payments (legitimate interest/legal obligation).
✔ Appointment reminders (legitimate interest).
✔ Marketing communications (consent-based).
✔ Recruitment and employment processing (legitimate interest).
7. Data Retention Policy
Type of Data | Retention Period |
|---|---|
Adult health records | 11 years after the last appointment
|
Children’s health records | Until the patient turns 25 |
Financial data | 6 years (for tax compliance) |
Job applications (unsuccessful) | 12 months after application |
8. Automated Decision-Making and AI
We do not use automated decision-making without human oversight.
Some of our physiotherapists use AI-assisted tools to streamline report writing, improving efficiency. However, all AI-generated reports are reviewed, edited, and finalized by a qualified physiotherapist before being used.
If you prefer that your reports be completed manually, please inform your physiotherapist.
9. Data Sharing and Transfers
We may share your data with:
- Healthcare Providers (e.g., your GP, if necessary for treatment).
- Service Providers (e.g., IT, marketing, or payment processing companies).
- Regulatory Authorities (e.g., ICO in case of a data breach).
International Transfers
If data is processed outside the UK/EU, we use Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure compliance.
10. Your Rights Under UK GDPR
You have the right to:
Access your personal data. Rectify incorrect data. Request erasure of your data. Object to processing for marketing purposes.
To exercise these rights, contact info@belfastphysioandmassage.co.uk
11. Children’s Data Protection
We do not knowingly collect data from children under 16 years without parental consent.
If we provide treatment to minors, parents/guardians must make data access requests on their behalf.
12. Security Measures
We implement: Encryption for sensitive data. Multi-factor authentication for access controls. Regular cybersecurity audits in compliance with the UK Cyber Security and Resilience Bill 2025.
Breach Notification Policy
Any data breach will be reported to the ICO within 72 hours, and affected individuals will be informed without undue delay.
13. Contact Information
If you have concerns about data protection, contact our DPO at:
Email: info@belfastphysioandmassage.co.uk
Phone: 028 9066 3294
Address: 427A Lisburn Road, BT9 7EY, Belfast
You may also lodge a complaint with the ICO (www.ico.org.uk).
