Last Updated: 11 December 2024

Blind Sight Physiotherapy (“we,” “our,” or “us”) is committed to protecting your privacy. This privacy policy explains how we collect, use, store, and protect your personal information in compliance with the Data Protection Act 2018 and UK GDPR.

1. Information We Collect

We may collect the following types of personal data:

• Personal Information: Name, home address, contact details (e.g., phone number, email address), and date of birth.
• Medical Records: Information related to your health, treatments, and consultations for physiotherapy, massage, personal training, and Ayurvedic services.
• Payment Information: Card details and payment transaction data.

2. How We Collect Your Information

We collect information through:

• Initial and ongoing consultations.
• Booking appointments via phone, email, or online forms.
• Payments made for services.
• Marketing opt-ins, such as when you subscribe, sign up, or book an appointment.

3. How We Use Your Information and Consent

We process your personal and medical data with your consent, which is obtained in the following ways:

• Medical Records: Consent is provided verbally or in writing during your initial consultation or subsequent appointments. By attending an appointment and sharing your medical history, you agree to the processing of your health information for the purposes of providing treatments.
• Marketing: Consent for receiving marketing communications is provided when you subscribe, sign up, or book an appointment. You can opt out at any time.
• Payments: By providing payment details, you consent to their use for processing transactions related to your appointment.

4. Legal Basis for Processing

We process your data under the following legal bases:

• Medical data: With your explicit consent and to fulfil legal obligations.
• Marketing data: With your consent (where applicable).
• Payment data: As necessary to perform our contract with you.

5. Data Storage and Security

Your data is stored digitally and protected using secure systems designed to prevent unauthorised access, loss, or misuse.

6. Data Sharing

We do not share your personal or medical information with third parties unless:

• Required to do so by law.
• You have given explicit consent.

7. Data Retention

We retain your data as follows:

• Medical records: Retained for a minimum of 8 years after your last treatment.
• Marketing data: Retained until you opt out of receiving communications.
• Payment information: Retained only as necessary for financial records and in compliance with legal obligations.

8. Cancellation and Payment Policy

• Cancellation Notice: We require a minimum of 24 hours’ notice for cancellations. If less notice is given, the full session fee will be charged.
• Payment Reservations: To reserve your appointment, a percentage of the session fee will be taken at the time of booking. This payment is non-refundable unless at least 24 hours’ notice is provided for cancellation.

9. Payment Security

We use secure, PCI DSS-compliant third-party providers to process card payments. We do not store full card details on our systems.

10. Your Rights

Under UK data protection laws, you have the right to:

• Access your personal data.
• Request corrections to inaccurate or incomplete data.
• Request deletion of your data (where appropriate).
• Opt-out of marketing communications at any time.

11. Updates to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we update the policy, the “Last Updated” date at the top of this page will be revised. We encourage you to review this policy periodically to stay informed about how we are protecting your personal data.

12. Contact Us

If you have any questions or concerns about this privacy policy or wish to exercise your rights, please contact us at:

Blind Sight Physiotherapy

Email: hello@Blindsightphysiotherapy.co.uk