This website uses cookies. Your interaction and usage of this website is subject to the points outlined within our privacy policy.

Menu
Login Login: Client Patient Physio
Local to Leeds? Book an appointment at our Head Office clinic
0113 229 1300
Search

Our Privacy Policy

Our Contact Details

Our full details are:

Physio Med Limited
Chartered House, Gelderd Road, Leeds, Ls12 6DT

Email: customerservices@physiomed.co.uk

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This privacy notice explains how we collect, use, store, and protect your personal data, your rights in relation to that data, and how you can contact us if you have any questions or concerns.

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at customerservices@physiomed.co.uk

What data do we collect about you, for what purpose and on what ground we process it.

Personal data means any information capable of identifying an individual. It does not include anonymised data.

We may process the following categories of personal data about you:

Health Data

This includes information relating to your physical or mental health, medical history, assessments, treatment records, clinical notes, and outcomes.

Purpose:

  • To assess, diagnose, and treat you
  • To maintain accurate clinical records
  • To ensure safe and effective care
  • To meet legal and professional obligations

Communication Data

This includes any communication you send to us via our website, email, text message, phone, or social media.

Purpose:

  • To respond to enquiries
  • To manage appointments
  • For record keeping
  • For the establishment, pursuance, or defence of legal claims

Patient / Customer Data

This includes your name, contact details, address, date of birth, appointment details, and payment records.

Purpose:

  • To provide physiotherapy services
  • To manage appointments and billing
  • To maintain accurate records

We do not store your card details.

For private patients and self-referrals, we collect data directly from you, which may include:

  • Name, address, date of birth, and contact details
  • Appointment and attendance records
  • Medical history, assessments, treatment notes, and outcomes
  • Payment and invoicing records

For Occupational Health referrals, we may receive personal data directly from your employer or their Occupational Health provider. This may include:

  • Name, date of birth, and contact details
  • Employment details (e.g. job role, work demands)
  • Health and medical information relevant to your referral
  • Assessment findings and treatment recommendations

When you use our website or contact us via online forms, email, or social media, we may collect:

Name and contact details

Enquiry details

  • Website usage data
  • Technical data such as anonymised IP address, browser type, and device information

Website User & Technical Data

This includes IP address (anonymised), browser type, pages visited, time spent on the website, and device information.

Purpose:

  • To operate and secure our website
  • To analyse website usage
  • To improve user experience

Marketing & Communication Preferences

This includes your preferences for receiving communications from us.

Purpose:

  • To send service-related information
  • To provide updates or information you have opted in to receive

You can withdraw your consent at any time.

Sensitive data

Some information we collect is sensitive data, also called special category data under GDPR. This includes information about your health, medical history, or other personal data necessary for treatment.

We do not collect data about your race, ethnicity, religion, sexual orientation, political opinions, trade union membership, or criminal convictions through our website forms. Please do not enter such information online.

Where you provide personal or health information, we process it lawfully and only for the purpose it was collected or a compatible purpose. If we need to use your data for a new purpose, we will notify you and explain the legal basis for processing.

If you have any questions about how we process your data or your rights, please contact us at: customerservices@physiomed.co.uk

1. Private Patients / Self Referrals

What We Collect

  • Health and medical information necessary for assessment and treatment
  • Personal details (name, date of birth, contact information)
  • Appointment and attendance records
  • Payment and invoicing information

Why We Collect It

We use this data to:

  • Deliver safe and effective care
  • Maintain accurate clinical records
  • Manage appointments and communications
  • Process payments
  • Comply with professional and legal obligations
2. Occupational Health (OH) Referrals

What We Collect

  • Health and medical information provided by your employer or OH provider
  • Employment details relevant to the referral (e.g., job role, workplace requirements)

Why We Collect It

We use this data to:

  • Assess and treat you safely
  • Provide reports and recommendations to your employer or OH provider
  • Support workplace health, rehabilitation, and return-to-work planning
  • Comply with legal, contractual, and professional obligations
3. Website Users / General Enquiries

What We Collect

  • Contact details and enquiry information provided via online forms, email, or social media
  • Technical information such as anonymised IP address, browser type, and device information

Why We Collect It

We use this data to:

  • Respond to enquiries
  • Manage requests for appointments or information
  • Operate and secure our website

You should not enter sensitive health or personal information in website forms.

Security

We are committed to keeping your personal and health information secure. To prevent unauthorised access, loss, or disclosure, we have implemented appropriate physical, technical, and organisational measures including:

  • Secure storage of paper and electronic records
  • Password-protected systems and encrypted databases
  • Role-based access for authorised staff only
  • Regular staff training on data protection and confidentiality
  • Regular backups and secure IT management

All health and sensitive data are treated with the highest level of security in line with UK GDPR and professional standards.

In the unlikely event of a data breach, we have procedures in place to investigate, contain, and notify affected individuals and the Information Commissioner’s Office if required.

How we use cookies

We use cookies and similar technologies only on our website to ensure it operates securely and effectively, and—where you consent—to analyse how visitors use the site so we can improve its performance and content.

You can manage your cookie preferences at any time through our cookie consent tool or your browser settings; however, disabling certain cookies may affect how parts of the website function.

Further details about the cookies we use, and their purposes are available in our full  cookie policy.

Cookies are not used in connection with occupational health referrals, clinical treatment, or the processing of patient medical information.

Links to other websites

Online bookings (for Leeds and Guiseley clinics) are provided via our third-party booking platform, TM3 Connect. When booking online, you will be redirected to TM3’s website, which operates under its own privacy notice and uses its own cookies and privacy practices

Our website also includes links to our social media platforms (including Facebook, Twitter, LinkedIn, and YouTube). These links direct you to external services, each of which has its own privacy and cookie practices.

Controlling your personal information

We are committed to protecting your personal information and processing it lawfully, fairly and transparently.

Where we rely on consent as the lawful basis for processing, you may withdraw your consent at any time.

We do not sell or rent personal data to third parties. Data may be shared where required by law or to deliver our services, in accordance with this privacy notice.

Your legal rights  

You have the right to:

  • request access to the personal data we hold about you;
  • ask for inaccurate or incomplete data to be corrected;
  • request deletion or restriction of your personal data in certain circumstances;
  • object to processing based on legitimate interests or for direct marketing;
  • request a copy of your data in a portable format, where applicable.

You can see more about these rights at:

https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/?utm_source=chatgpt.com

To exercise your rights, please contact: customerservices@physiomed.co.uk

You also have the right to raise a concern with the UK Information Commissioner’s Office (ICO).

We will not usually charge a fee to respond to requests to exercise your data protection rights, including subject access requests. However, where a request is manifestly unfounded or excessive, in particular because it is repetitive, we may charge a reasonable fee or refuse to act on the request.

To protect your personal data, we may need to request information to verify your identity before responding to a request to exercise your data protection rights. Where necessary, we may also ask for additional information to help us locate the relevant data or respond more efficiently.

We aim to respond to all valid requests to exercise your data protection rights within one month. Where a request is complex or where we receive a number of requests from you, we may extend this period by up to a further two months. If an extension is required, we will inform you within one month of receiving your request and explain the reasons for the delay.

Marketing Communications

We may send marketing communications only in limited and appropriate circumstances, depending on how we obtained your personal data and the context in which we are providing services.

Website enquiries and business contacts
 Where you have contacted us via our website, requested information about our services, or are acting on behalf of a clinic or employer, our lawful basis for sending marketing communications is either your consent or our legitimate interests (namely to promote and grow our business). In accordance with the Privacy and Electronic Communications Regulations (PECR), we may send marketing communications where you have requested information from us or where the communication is relevant to your professional role, and you have not opted out. If you are a limited company or other corporate body, we may send marketing emails without prior consent, but you may opt out at any time.

Occupational health (OH) patients
 Personal data received in connection with occupational health referrals is never used for marketing purposes. We do not send marketing communications to OH patients under any circumstances.

Clinic and self-referring patients
Where you are a clinic patient who has engaged our services directly, we will only send marketing communications if you have given explicit consent to receive them. Refusing or withdrawing consent for marketing will not affect the care or treatment you receive.

We use a third-party email service provider to distribute marketing communications and may collect aggregated statistics (such as email opens and clicks) to help us monitor and improve our communications. These statistics do not involve clinical or occupational health data.

You can ask us to stop sending marketing communications at any time by using the unsubscribe link included in our messages or by contacting us directly. Please note that opting out of marketing communications does not affect service-related or administrative communications that are necessary to deliver our services.

Disclosures of your personal data

We only share personal data where it is necessary to deliver our services, comply with legal or regulatory obligations, or operate our business securely and effectively. The parties with whom we may share personal data depend on the context in which we obtained it.

Website users and general enquiries
We may share limited personal data with:

  • IT and website service providers who support the operation and security of our systems
  • Professional advisers such as legal, accounting, insurance, and audit providers
  • Marketing service providers, where you have consented to receive marketing communications or where permitted under applicable law (as described in the “Marketing communications” section above

Occupational health (OH) services
In connection with occupational health referrals, we may share personal and health data with:

  • Employers or commissioning organisations, strictly in line with contractual and clinical reporting requirements
  • Clinics and healthcare professionals within our delivery network for the purpose of assessment and treatment
  • IT service providers who support secure clinical systems and data storage

Personal data processed for occupational health purposes is not shared with marketing agencies and is never used for marketing.

Clinic and self-referring patients
Where you engage our clinic services directly, we may share personal and health data with:

  • Healthcare professionals involved in your care
  • Diagnostic or treatment partners where clinically necessary
  • IT system providers supporting patient records and appointment systems

Across all contexts, we may also disclose personal data where required to do so by law or to regulatory authorities.

All third parties are required to handle personal data securely and in accordance with data protection law. Where third parties act as our processors, they are subject to contractual obligations to process data only on our documented instructions. Where we act as a joint controller with another organisation, we ensure responsibilities for data protection compliance are clearly defined.

Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, clinical, accounting, and reporting obligations. Retention periods vary depending on the context in which the data was obtained.

Website users and general enquiries
Personal data collected through our website or general enquiries (such as contact forms or email correspondence) is typically retained for up to 12 months after the enquiry has been resolved, unless a longer retention period is required for legal or contractual reasons.

Occupational health (OH) services
Personal and health data processed in connection with occupational health referrals is retained in accordance with contractual requirements, clinical governance standards, and applicable legal obligations. Health records are generally retained for a minimum of 7 years from the end of the case, unless a longer retention period is required by law or agreed with the commissioning organisation.

Clinic and self-referring patients
Personal and health data relating to clinic patients is retained in line with professional and regulatory requirements for healthcare records. Clinical records are generally retained for a minimum of 7 years following the last episode of care, or longer where required by law or best practice.

Marketing data
Where you have consented to receive marketing communications, we retain your contact details for marketing purposes until you withdraw your consent or opt out. We regularly review marketing lists to ensure they remain accurate and up to date.

When personal data is no longer required, it is securely deleted or anonymised in accordance with our data retention and disposal procedures.

Our role under data protection law

Depending on how you engage with us and the services we provide, we may act as a data controller, data processor, or joint controller under UK data protection law.

  • Website users and general enquiries
    When you contact us via our website or otherwise make a general enquiry, we act as the data controller in relation to the personal data you provide.
  • Occupational health (OH) services
    In connection with occupational health referrals, our role under data protection law depends on the contractual arrangements in place. In many cases, we act as a data processor on behalf of the commissioning employer for administrative aspects of the service, and as a data controller or joint controller in relation to clinical decision-making and the delivery of healthcare services. Where we act jointly with another organisation, responsibilities for compliance with data protection law are clearly defined.
  • Clinic and self-referring patients
    Where you engage our clinic services directly, we act as the data controller in respect of your personal and health data.

If you have any questions about our role in relation to your personal data, please contact us using the details set out in this privacy notice.

Changes to this privacy notice

We keep this privacy notice under regular review to ensure it remains accurate, up to date, and compliant with data protection law. We may update this notice from time to time to reflect changes in our services, legal requirements, or how we process personal data.

Any material changes will be published on our website, and where appropriate, we will take reasonable steps to notify you of those changes. Please review this privacy notice periodically to stay informed about how we protect your personal data.

 

Talk to our clinical team

Sidebar know your body

A vast range of information to help you understand and care for your body.
Health & Well-Being Zone
Get in Touch Find a Physio

Find a Physiotherapist
Near you