hempstead valley therapy centre

Privacy Policy – Hempstead Therapy Centre

Privacy policy

GDPR has since 25th May 2018 established revised legal protection for personal information. This Privacy Policy sets out how Hempstead Therapy Centre Limited uses and protects the information that you give to us when you register as a patient. Hempstead Therapy Centre Limited is committed to protecting and respecting your privacy and complying with the principles of the GDPR. We fully respect the confidentiality of the information that you may share with us.

The purpose of processing your information

We aim to process information about you in a secure and transparent way that enables us to carry out our job of assessing and managing you, whilst holding your data in a way that you can understand and complies with current legislation.

When you register as a patient at Hempstead Therapy Centre Limited we will ask you for some basic personal data including name, address, date of birth, contact details, and medical information both relevant to the condition you have been referred for/have referred yourself for and any other medical information about your general health. This will help us to assess your condition and manage you in the most appropriate way that suits your individual needs. We may also use your information to promote our services and to support and manage our staff.

The lawful basis for processing your information

At Hempstead Therapy Centre Limited and as members of:

  • The Chartered Society of Physiotherapy (CSP) we abide by the CSP code of conduct including practice and ethics. 
  • The General Osteopathic Council (GOC) we abide by the established code of conduct of this organisation including practice & ethics.
  • The Royal College of Podiatry (RCoP) we abide by the established code of conduct of this organisation including practice & ethics.
  • The Society of Sports Therapists. We abide by the established code of conduct of this organisation including practice & ethics.
  • The Society of Massage therapists. We abide by the established code of conduct of this organisation including practice & ethics.
  • The Society of Reflexologists. We abide by the established code of conduct of this organisation including practice & ethics.

The lawful basis under which we hold and use your information is our legitimate interests; our requirement to retain the information to provide you with the best possible assessment and management of your condition.

As we hold special category data known as “health-related information”, the Additional Condition under which we hold and use this information is: for us to fulfill our role as physiotherapists/health care practitioners, Osteopaths, Podiatrists, Massage Therapists & Reflexologists in line with:

What information we hold and what we do with it

The information we hold includes your:

  • Personal and contact details.
  • Medical history and other health-related information; including physical and mental health, family, lifestyle, social, employment, and education details.
  • Treatment details and related notes.

We might use your information in the following ways:

  • For our own record keeping.
  • To provide you with the highest levels of care, treatment, and customer service.
  • As a patient, we may need to contact you by email, phone, or through the post. Our primary means of contact is email. We may forward appointment reminders to you and may need to liaise about payment matters.
  • From time to time we may send you an email with news about our clinics: the range of services we offer, clinic promotions, and news and articles of interest to you.
  • To improve our services offered to you.
  • The information you provide us with is held in strict confidence. We will NOT sell, distribute or disclose your information to third parties unless we have your permission or are required to do so by law or by following best medical practice.

How we store your information

Your information is stored securely on password-protected encrypted computers and as internal paper records/patient files. This information allows us to provide you with health services, manage your records and appointments, and correspond (if applicable and consent is given) with your referring consultant, insurer, or case management company to process your claim (as appropriate).

The retention period for your information

Your patient file information is held for a minimum of 8 years (as required by The Data Protection Act). All financial records are retained for a minimum of 7 years.


The protection of your personal information is extremely important to us, we are committed to ensuring that your information is secure, and we strive to protect your personal information using means reasonably required by us to do so. We have physical, electronic, and managerial procedures to secure the information that you supply us with. 

As no form of data storage and transmission is 100% reliable we cannot guarantee its absolute security. Therefore, we make no warranties as to the level of security afforded to your data. We will, however, always aim to act in accordance with the relevant legislation. We will not share your information with anyone other than the professionals (NHS/private referrers) and intermediaries, (insurer, solicitor, employer, or other parties) that you have given us permission to share your information with. 

Your data will not be transferred outside the EU without your consent.

Under 16s

All our physiotherapists are DBS checked, fully qualified, and insured to treat children under the age of 16. Children under the age of 16 must be accompanied by a parent or guardian over the age of 18 when visiting our service. We also require the child’s parent or guardian to provide their consent for assessment and treatment and acceptance of our terms on behalf of the child.

Your Rights

GDPR gives you the following rights:

  • The right to be informed: To know how your information will be held and used (this notice).
  • The right of access: To see your therapist’s records of your personal information, so you know what is held about you and can verify it.
  • \The right to rectification: To tell your therapist to make changes to your personal information if it is incorrect or incomplete.
  • The right to erasure (also called “the right to be forgotten”): For you to request your therapist to erase any information they hold about you
  • The right to restrict processing of personal data: You have the right to request limits on how your therapist uses your personal information
  • The right to data portability: Under certain circumstances, you can request a copy of personal information held electronically so you can reuse it in other systems.
  • The right to object: To be able to tell your therapist you don’t want them to use certain parts of your information, or only to use it for certain purposes.
  • The right to lodge a complaint with the Information Commissioner’s Office: To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.

Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

If you wish to exercise any of these rights or you would like to find out more about your rights, please use the contact details given above.

If you are dissatisfied with the response you can complain to the Information Commissioner’s Office; their contact details are at www.ico.org.uk

Therapist’s rights

Please note:

  • If you do not agree to us keeping records of information about you and your treatments, or if you do not allow us to use the information in the way we need to for treatments, we may not be able to treat you.
  • We must keep your records of treatment for a certain period as described above, which may mean that even if you ask us to erase any details about you, we might have to keep these details until after that period has passed.
  • We can move your records between our computers and IT systems, as long as your details are protected from being seen by others without your permission.

Changes to Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

Further information

For further information regarding our personal data processing contact us or please see our data protection register entry details on the Information Commissioner’s Office website at https://ico.org.uk/ESDWebPages/Entry/ZA311630