Privacy Policy

On 25th May 2018, the General Data Protection Regulation (GDPR) comes into effect. GDPR regulates the processing of personal data and introduces significant changes compared with the existing data protection legislation. As a result of the changes, we have needed to make some amendments to our current data collection and storage processes. Whilst these will not affect your treatment, they do affect what, how and why we keep your personal data. 

Under data protection law you, as client of Harrogate Physiotherapy Practice (HPP), have specific rights. It is our responsibility to communicate these rights to you in a clear and concise manner. This Privacy notice is designed to clarify how we will handle your data.

Your data will be processed lawfully, fairly and in a transparent manner. Personal data will be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Personal data will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Personal data will be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

GDPR & the terminology

We Harrogate Physiotherapy Practice, (Therapywise Treatment Rooms, Harrogate Sports And Fitness Centre, Hookstone Wood Road, Harrogate, HG2 8PN, Telephone number 01423 544004, E-mail address: For the purposes of processing your personal data we are the Data Controller.

The Personal Data We Process and What We Do with It

We record and use the following categories of personal data which include: name, date of birth, address, telephone numbers, e-mail address, GP details, your full medical history, diagnosis and treatment.

The information HPP collect will only be used for the purposes of providing physiotherapy services and appointment management services i.e. booking appointments, re-arranging appointments and follow-up communication to ensure the contract has been completely fulfilled. Personal data is also used for financial processing.

This data processing is necessary for us to deliver our physiotherapy service to fulfill the Patient/ Physiotherapy contract with the understanding that HPP will provide a service in exchange for payment. We will only process your data if you have given us consent to do so.

Sharing Your Personal Data

We only share your personal data with your explicit consent, where, for example we need to contact a third party and give them your contact details in order to process ongoing medical care, onwards referral (i.e. GP, private consultant) further private investigations i.e. private MRI scanning and/or other investigations. If referrals are e-mailed the documents are password protected and send via secure systems.

Where third parties are used by us to store your personal data i.e. Practice Management Systems and Accountancy Systems, we ensure that they are compliant with the data protection law. Where third parties are used for financial processing data is made anonymous.

All patient data including hardcopy (patient records), non-cloud based and could-based data are stored according to Data Protection regulations.

Retaining Your Personal Data

Whilst you are a patient of us we will continue to store and use your personal data. We will retain your treatment records for a statutory* period no greater than 8 years from the date of the last treatment. If you are 17 years or younger on the date of you last treatment we will keep your records till your 26th birthday.

Limited information will be retained within our accounts systems indefinitely, to maintain the integrity of the data.

Cloud-based personal data (online storage) relating to appointment management or treatment i.e. e-mail correspondence, will be deleted after you are discharged from your physiotherapy treatment.

*NHS Records Management Code of Practice for Health and Social Care 2016

Your Rights

As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right of erasure and a right to restrict processing.

Data Breaches

Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the person who is dealing with the breach; explain to you the nature of the breach and the steps we are taking to deal with it.

Should You Wish to Complain

You can contact the Information Commissioners Office (ICO) via their website: should you wish to make a complaint about the way we are processing your personal data.

Automated Decision Making and Profiling

We do not use any system, which uses automated decision making or profiling in respect of your personal data.