Privacy Policy
We respect your privacy. This notice explains what personal data we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.
1. Who we are (Data Controller)
Rose the Physio — Triantafyllia (“Rose”) Kaimakami, HCPC-registered physiotherapist, trading as a sole practitioner in London, UK (Data Controller). Contact: info@rosethephysio.com. Correspondence address available on request.
2. The data we collect
- Contact data: name, email, phone (when you enquire or book).
- Clinical data: information you share during assessment and treatment (special category health data).
- Administrative data: appointment history, invoices, correspondence.
- Technical data: basic device/browser information needed to deliver the site. We do not use tracking/marketing cookies. If analytics are enabled in future, this notice and our cookie banner will be updated.
3. How and why we use your data (purposes & lawful bases)
- Provide physiotherapy care (assessment, planning, treatment, safety monitoring) — Contract (Art. 6(1)(b)); Health care (Art. 9(2)(h)).
- Communicate about your enquiry/appointments — Legitimate interests (Art. 6(1)(f)); Health care (Art. 9(2)(h)).
- Records, legal and regulatory duties (clinical record keeping, safeguarding, accounting) — Legal obligation (Art. 6(1)(c)); Health care (Art. 9(2)(h)).
- Service administration (quality, security, troubleshooting) — Legitimate interests (Art. 6(1)(f)).
We do not conduct direct marketing. If this changes, we will request your consent first.
4. Sharing your data
We do not sell your data. We may share minimal necessary data with:
- Care collaborators (with your consent or where appropriate): your GP, consultants, or allied health professionals.
- Service providers (processors): secure email/hosting, website, practice admin tools. These providers are bound by contracts and only act on our instructions. A current list of our core processors is available on request.
- Legal/regulatory & safeguarding: we may share information without consent where there is a serious risk of harm, to protect vital interests, or where required by law.
5. International transfers
If a provider stores data outside the UK, we use appropriate safeguards (UK adequacy regulations or the UK International Data Transfer Agreement) to protect your rights.
6. How long we keep your data (retention)
- Adult clinical records: normally 8 years from the date of last contact.
- Children/young people: until the 25th birthday (or 26th if aged 17 at last contact).
- Enquiry emails/admin: typically up to 2 years unless needed longer for legal reasons.
- Invoices/financial: typically 6 years plus current financial year.
7. Security
We apply technical and organisational measures to keep your data secure (access controls, encryption in transit, device protections, restricted access on a need-to-know basis). Clinical correspondence is sent via secure email; we do not use social media or consumer messaging apps for clinical information.
8. NHS/private records
Private records are kept separately from NHS records unless an appropriate, lawful information-sharing arrangement exists for your care and you have been informed or consented where required.
9. Your rights
You have the right to request: access, rectification, erasure, restriction, data portability, and to object to certain processing. Where we rely on consent, you can withdraw it at any time.
To exercise your rights, contact: info@rosethephysio.com. We aim to respond within one month of receiving your request.
10. Cookies and similar technologies
We currently use only essential technologies to deliver the website and do not use tracking or advertising cookies. If we add analytics or non-essential cookies in future, we will show a consent banner and update this notice with details.
11. Children’s data
We only process children’s data when it is necessary for care and with appropriate authority/consent. This website is not directed at children for independent sign-up.
12. Changes to this notice
We may update this policy to remain accurate and compliant. The “Last updated” date will change accordingly.
13. Questions or concerns
Contact: info@rosethephysio.com.
If you remain concerned, you can complain to the UK Information Commissioner’s Office (ICO): ico.org.uk.