top of page

PRIVACY POLICY

Last updated: 12 January 2026

 

Helix Osteopathy (“we”, “us”, “our”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your data in line with UK data protection law, including the UK GDPR and the Data Protection Act 2018.

 

1. Who We Are and How to Contact Us

​

Controller: Helix Osteopathy

Address: Ground Floor, 47c The Quadrant, Marshalswick AL4 9RB

Email: helixosteopathy@outlook.com

​

If you have any questions about this Privacy Policy or how we use your data, please contact us using the details above.

 

2. The Information We Collect

 

Personal Data

 

We may collect the following information:
 

  • Name, address, date of birth, phone number, and email address

  • Appointment details and booking information

  • Payment details (not full card numbers if processed by a third‑party provider)

  • Email or form enquiries

  • Marketing preferences

​

Special Category Data (Health Information)

 

As a healthcare provider, we also collect sensitive health information such as:
 

  • Medical history and symptoms

  • Treatment notes and clinical assessments

  • Relevant lifestyle or injury information

 

This information receives additional legal protection.

 

3. How We Collect Your Information

 

We collect personal data in the following ways:

​

  • Directly from you when you book, complete forms, or contact us

  • During appointments and assessments

  • From other healthcare professionals involved in your care (with appropriate consent or confidentiality basis)

  • Through cookies/analytics on our website

 

4. Why We Use Your Data and Our Legal Bases

 

We must identify a lawful basis under Article 6 UK GDPR and, for health data, an additional condition under Article 9.

​

We use your data for:

​

Providing Osteopathic Care

To assess, diagnose, and treat you.

 

Legal bases:

  • Contract (providing treatment you request)

  • Legitimate interests

Health basis:

  • Health or social care provision (Article 9(2)(h))

​

Clinical Records and Compliance

Keeping accurate medical records and fulfilling legal or regulatory requirements.

​

Legal bases:

  • Legal obligation

  • Legitimate interests

Health basis:

  • Health or social care provision

​

Communication About Appointments

Sending reminders, confirmations, or updates.

​

Legal basis:

  • Contract or legitimate interests

 

Payments and Administration

Handling invoices, payments, and clinic management.

​

Legal bases:

  • Contract

  • Legal obligation

 

Marketing (Optional)

Sending newsletters or updates.

​

Legal basis:

  • Consent (you can withdraw at any time)

       Or where allowed:

  • Soft opt‑in for existing clients

 

We do not use your health information for marketing.

 

5. Confidentiality

 

All health information is handled with strict confidentiality, in line with the Common Law Duty of Confidentiality and professional healthcare standards. We only share information when necessary for your care, legally required, or with your permission.

 

6. Who We Share Information With

 

We may share your data with:

 

  • Healthcare professionals involved in your care

  • Service providers such as website, booking, or clinical record systems

  • Payment processors

  • Regulators or authorities where legally required

​

All third‑party providers must protect your data appropriately.

 

7. International Transfers

 

If any of our service providers store or process data outside the UK, we follow ICO guidance on international transfers.

​

This includes:

  • Ensuring the destination country has an adequacy decision, or

  • Using approved safeguards (e.g., UK International Data Transfer Agreement)

​

We only transfer data when appropriate protection is in place.

 

8. How Long We Keep Your Information

 

We keep personal data only as long as necessary.

Health records are retained in line with professional guidelines and insurer requirements. After this, records are securely deleted or anonymised.

 

You may contact us if you wish to know specific retention periods.

 

9. Your Rights

 

You have the right to:

  • Access your data

  • Correct inaccurate information

  • Request erasure (in some circumstances)

  • Restrict processing

  • Object to certain processing

  • Request data portability

  • Withdraw marketing consent at any time

 

To exercise your rights, please contact us. We will respond within one calendar month.

 

10. Cookies and Website Tracking

 

Our website uses cookies to:

  • Ensure the site works correctly (essential cookies)

  • Understand how visitors use the site (analytics cookies)

 

You can manage your cookie preferences through our cookie banner or your browser settings.

​

Marketing and analytics cookies require consent under UK PECR rules unless covered by specific, limited exemptions. Essential cookies do not require consent.

 

11. Security Measures

 

We take steps to protect your data, including:

  • Secured systems and encrypted connections

  • Restricted access to clinical data

  • Staff confidentiality obligations

  • Regular data protection reviews

 

If a data breach poses a risk to you, we will notify you and the ICO where required.

​

12. Children’s Data

 

Where we provide treatment to children, we collect information from parents/guardians and assess the child’s ability to understand their privacy rights. We always safeguard the child’s confidentiality appropriately.

 

13. Updates to This Policy

 

We may update this Privacy Policy to reflect changes in our services or legal requirements. When we do, we will update the “Last updated” date at the top of the page.

 

14. How to Make a Complaint

 

If you have concerns about how we handle your data, please contact us first on helixosteopathy@outlook.com

bottom of page