Nicola Brown of Integrative Physiotherapy is the named Data Protection Officer, and is responsible for collecting, processing, storing and safe-keeping personal and other information as part of providing a service and carrying out our regular business activities. We manage personal information in accordance with the Data Protection Act 2018 and we are registered as a Data Controller with the Information Commissioner’s Office Registration Number ZA690850.

If you are concerned about how we are collecting, processing, using and/or sharing your personal information, you can contact us on

Data processing principles

We take protecting online privacy and data security seriously. Please read the whole of this statement carefully as it sets out our approach to processing personal data, including what information we may collect from you, how we may use it, store it, protect it, and your rights as a data subject.

Our Privacy Statement outlines our approach to any kind of data processing where we are acting as a data controller or (including collection, use, transfer, storage and deletion) of personally identifiable information (any information that may be used to identify a physical person, and any other information associated therewith) about natural persons. This statement applies to our processing of data collected through any means, actively as well as passively, from persons located anywhere in the world.

We are guided by the following principles when processing data:

  1. We will only collect data for specific and specified purposes;
  2. We will not collect data beyond what is necessary to accomplish those purposes; we will minimise the amount of information we collect from you to what we need to deliver the services required;
  3. We will collect and use your personal information only if we have sensible business reasons for doing so, such as making available to you our services and products;
  4. We will not use your data for purposes other than those for which it was collected, accepted as stated within our policy, or with your prior consent;
  5. We will seek to verify and/or update your data periodically and we will accept requests from you for amendment of the data held;
  6. We will apply high technical standards to make our processing of data secure;
  7. Except otherwise stated, we will not store data in identifiable form longer than is necessary to accomplish its purpose or as required by law.

How we collect and use information

Most personal information is provided directly and voluntarily by you when you engage with us in order to enquired about, or purchase our services.

We will collect information from you when:

  1. You sign up to our newsletter or mailing list
  2. You download an opt-in
  3. You start receiving treatment from us (in person or virtually)
  4. You join a course or programme
  5. You contact us for information via our website or social media channels, by phone or email
  6. You post on our social media channels, website or blog


We collect this information in order to make available to you our services, and to communicate with you in relation to out services. We may use the information collected to:

  1. Allow us to process a booking for an appointment or programme which you purchase from us;
  2. Send you our newsletters and/or provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
  3. Respond to enquires you make about our service;
  4. Get feedback from you regarding the quality of our service;
  5. Ensure that content from our site is presented to you in the most effective manner for you and your computer or device;
  6. Allow you to access and utilise the service you have purchased from us, such as to create a client profile on our client database;
  7. Notify you about changes to our service.


We will not sell or lend your personal data to third parties, or share your personal data for marketing purposes without your express consent. We will only share your personal data with third party service providers where it is necessary for the delivery of our services, and only where we are confident that such third part service providers have appropriate data protection systems and measures in place that are compliant with UK Data Protection Legislation.

What information we collect

In accordance with Data Protection Legislation we only collect and process information which we require to meet the specific purposes as stated above. The information we collect about you could include but is not limited to:

  1. Contact details
  2. Personal details and identifiers
  3. Details about your health and medical information
  4. Details about your occupation and business
  5. Details about your lifestyle and social circumstances
  6. Personal development and goals
  7. Details about how you use our website

Special category data will only be collected with your express consent and will be handled in line with ICO best practice guidelines. As per our Data Processing Principles we will only ask for information that is necessary to deliver our service.

How we store your information

We have in place appropriate technical and organisational measures to ensure the security, confidentiality, integrity and availability of personal data we control.

Information on the company mobile phone (for calls and texts), is password protected and stored under your initials (including a number if needed), so they are unidentifiable.

Identifiable information created on the company laptop is password protected, then emailed, printed off, or stored in Cliniko records, and then deleted.

If you use our contact form, sign up for the newsletter, or book an introductory call, then your email address, name and phone number, will be stored on the WordPress-managed website.

Mailpoet (newsletter plug-in for WorkPress), send out emails and newsletters through the webpage, and Webmail host the company email account. Email addresses and names will be stored by them both.

Egress (encrypted emails) are used to send any sensitive or identifiable information.

On-line payments and therefore name, address and card details are held by Stripe (payment services provider).

Once you start receiving treatment through Integrative Physiotherapy (individually or in groups), clinical notes (including special category data), diary appointments, demographic and contact information are stored within Cliniko (practise management software), and/or The Clinic Toolkit.

Rehab My Patient (exercise software) stores name and email address when a personalised exercise programme is devised through them to be able to be sent out to you.

If payment to Integrative Physiotherapy is through AXA, Vitality Health or Aviva, then Healthcode (a medical bill clearing company), is mandated to be used to process all invoices. Name, date of birth, insurance company, diagnosis code, and dates of appointments are held by them.

WordPress, Mailpoet, Webmail, Stripe, Cliniko, Rehab My Patient, Healthcode, Egress and Clinic Toolkit have their own privacy policies and will protect your data. You can find out more here: (WordPress) (Mailpoet) (Webmail) (Stripe) (Cliniko) (Rehab my patient) (Healthcode)

Service Privacy Policy | Legal | Egress (Egress)

Privacy Policy - The Health Sciences Academy (Clinic toolkit)


We may store or process your data on cloud-based platforms or service providers whose servers are based outside of the UK. We will only use such providers where we are confident that appropriate safeguards are in place to ensure that any personal data is subject to an equivalent level of security and protection as required under UK Data Protection Legislation.

We also have in place appropriate procedures to handles any potential Personal Data Breaches, in accordance with Data Protection Legislation. Any such breaches will be reported to the relevant supervisory authority and notified to the affected data subjects where we are legally required to do so.

We will only keep your personal data for as long as is necessary to meet the requirements for which it was collected. This will vary depending on the nature of the requirements and the processing, but apart from in exceptional circumstances where longer retention is necessary, we will retain your personal health records for 8 years. After this period of time, we will delete your personal data unless there is a legitimate business reason to retina all or parts of the data we hold.

Legal basis for processing your data

The General Data Protection Regulation (GDPR) provides that processing of your data shall only be lawful if and to the extent that at least one of the following applies:

  1. You have consented;
  2. For the performance of a contract;
  3. For compliance with a legal obligation which we must perform;
  4. To protect the vital interests of you or another person;
  5. It is in the public interest;
  6. It is in the legitimate interests pursued by us or a third party;

We collect data for the purposes set out above. All personal data is managed to ensure that it is either erased from our system when it is no longer required for the purpose for which it was collected, retained for legal reasons or minimised and retained.

Any special category data collected from you has special protection and is limited to that permissible by law. In all instances where special category data is collected, we will obtain your express consent.

Links from our website

Our site contains links to and from other websites which are operated by individuals and companies over which we have no direct control. If you follow a link to any of these websites, please note that these websites have their own privacy and terms of use polices. We do not accept any responsibility or liability for these policies. We advise you to check the policies for third party sites before you submit any personal data to the website.

Marketing emails

We may send you marketing emails and communications when you have opted in a otherwise given consent for us to do so. We will make it as easy as we can for you to opt out of unwanted processing, providing it does not restrict our ability to provide you with the primary service you have requested.

Please note if you wish to unsubscribe from any marketing emails that you have signed up for, you can do so by emailing or clicking onto the unsubscribe link on the marketing email that was sent to you. It may take 24 hours for this to become effective.

Website analytics and targeted marketing

We use website analytics to provide the best user experience and service to you and to evaluate and improve our site. We utilise third party data analytics service Google Analytics to improve our visibility and to monitor website browser behaviour and navigation across our site.

These third-party data analytics service providers collect this information using cookies on our behalf in accordance with our instructions and in line with their own privacy policies. Our service providers may collect the following data about the way you use our site, which are anonymised and aggregated before reporting back to us:

Number of visitors to our site;

Pages visited whilst using the site and time spent per page;

Page interaction information, such as scrolling, clicks and browsing methods;

Source locations and details about where users go to when they leave the site;

Page response times and any download errors;

Changes to our policy and future processing

The Privacy Policy and Statement were last updated on 17th January 2024 and are reviewed every 6 months, or upon changes to relevant Data Protections Legislation being publishes, whichever is sooner.  

We do not intend to process your personal information except for the reasons stated within the Policy and Statement. We reserve the right to update this Privacy Statement from time to time. Where appropriate, we shall contact you to notify you of any material changes. You should also refer to our website periodically so that you may access and view our updated Privacy Statement. This will ensure that you understand how we are using your personal data and your legal rights around usage of such personal data:

If you have any questions or concerns regarding our data protection or privacy policies/statement, please contact us at and we will be happy to respond to any concerns.

Should you still have concerns about the way in which we manage your personal data then you should contact the relevant supervisory authority, which in the UK is the Information Commissioners’ Office: Contact us | ICO