top of page

Privacy Policy

A legal disclaimer

Norfolk Home Physiotherapy is committed to protecting your privacy and handling your personal data responsibly in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website and services.

​

Information We Collect

​

We may collect and process the following categories of personal data:

  • Contact Details: Name, phone number, email address, and home address for appointment scheduling and communication.

  • Health Information: Relevant medical or physiotherapy details you provide to deliver appropriate care.

  • Payment Information: Limited details necessary for invoicing or processing payments.

  • Technical Data: IP address, browser type, and website usage information (via cookies and analytics tools).

​

Lawful Basis for Processing

​

Under UK GDPR, we process your personal data on the following lawful bases:

  • Contract: To provide physiotherapy services agreed between you and us.

  • Legal Obligation: To comply with regulatory and healthcare record-keeping requirements.

  • Legitimate Interests: For effective business operations, including communication and service improvements.

  • Consent: For any optional marketing communications or when we require specific permission to process sensitive health data.

​

How We Use Your Information

​

We use your personal data to:

  • Provide physiotherapy services in your home

  • Manage bookings and communicate with you about appointments

  • Maintain accurate treatment and health records in line with professional obligations

  • Process payments and invoices

  • Improve our website services through usage analysis

​

Sharing Your Information

​

We do not sell or rent your personal data. We may share data only when necessary with:

  • Healthcare or regulatory bodies, if legally required

  • Professional advisors (e.g., insurers, accountants) when relevant to our services

  • Technology service providers who support our website and communications
    All third parties we engage are required to comply with data protection law.

​

Data Retention

​

  • Health and treatment records will be kept for the minimum legally required period (typically 8 years for adults, or until a child reaches age 25, whichever is longer).

  • Non-health data will only be kept as long as necessary for the purposes outlined in this policy.

  • After retention periods, data will be securely deleted or anonymised.

​

Data Security

​

We have implemented appropriate technical, administrative, and physical safeguards to prevent unauthorised access, misuse, or disclosure of your personal data.

​

Your Rights

​

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you

  • Request corrections if your data is inaccurate

  • Request deletion of your data, subject to legal and healthcare obligations

  • Restrict or object to certain processing activities

  • Withdraw consent where applicable

  • Data portability (where relevant)

 

You may exercise these rights by contacting us using the details below. We will respond within one month.

​

Cookies

​

Our website may use cookies for functionality and analytics. You can manage cookie preferences or disable them in your browser.

​

Contact Me

​

If you have any concerns or wish to exercise your rights, please contact me.

bottom of page