Physiotherapy Privacy Policy

Last Updated: 11/12/2025

The Weald Physiotherapy is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, share and protect your personal data when you visit our website (thewealdphysiotherapy.co.uk) or use our clinical services, including home-visit physiotherapy, deep tissue/sports massage and future clinic-based appointments.

1. Data We Collect & Why

1.1 Website & Contact Form

When you contact us through the website contact form or by email, we collect:

• Name.
• Email address.
• Any information you include in your message.

Purpose: To respond to enquiries, arrange appointments, or provide requested information.

Retention: Emails received via the contact form or directly to info@thewealdphysiotherapy.co.uk or any aliases are retained for up to 1 week, after which they are deleted to minimise the amount of personal data we store.

1.2 Clinical Information (Physiotherapy and Deep Tissue/Sports Massage Records)

When you become a patient, we collect information necessary for safe and effective care, including:

• Medical history and current symptoms.
• Assessment findings and diagnosis.
• Treatment plans and progress.
• Appointment notes and outcomes.
• Contact details for communication.

Storage: Clinical records are stored in WriteUpp, a secure, GDPR-compliant healthcare software platform.

About WriteUpp: WriteUpp acts as a data processor on our behalf and provides encrypted, ISO27001-certified clinical record storage. Their privacy and security information can be found here: http://writeupp.com/

1.3 AI-Assisted Transcription (Heidi AI)

With your consent, we may use Heidi AI during consultations to generate clinical notes from audio recordings:

• Audio is processed securely.
• Transcripts are transferred into your clinical notes.
• Audio recordings are deleted once the transcription is completed.
• AI-assisted notes are fully reviewed and verified by the physiotherapist.
• AI is not used for diagnosis or clinical decision-making.

Consent: You will be asked for explicit consent before AI-assisted transcription is used. You may decline without affecting your care. Heidi AI complies with GDPR, HIPAA, SOC 2, ISO 27001 and other major international privacy frameworks.

2. Lawful Basis for Processing

We process your data under the following lawful bases:

• Consent– for contact form submissions and AI transcription tools.
• Provision of health or social care – for physiotherapy, massage assessment, treatment and clinical documentation.
• Legitimate interests – for administrative purposes and service improvement.
• Legal obligations – such as retention of medical records.

3. How We Use Your Data

3.1 How We  Use Your Data

We use your information to:

• Deliver safe, effective physiotherapy and massage care.
• Communicate with you about appointments and treatment.
• Maintain accurate clinical records.
• Make referrals or provide reports (with your consent).
• Meet professional and regulatory requirements.

We do not sell or share your data with third parties for marketing.

3.2 Safeguarding Children, Young People and Vulnerable Adults

• We may process personal data of children, young people, or vulnerable adults and where applicable, their parent/guardian or responsible adult, to ensure safe treatment.
• Any safeguarding concerns are reported to the appropriate authorities in line with legal and professional obligations.
• Data processed for safeguarding is used only for this purpose and retained in accordance with legal and professional requirements.

4. Sharing Your Data

We may share your information only when necessary and with your consent:

• With your GP or other healthcare professionals involved in your care.
• With WriteUpp and Heidi AI, acting as secure data processors.
• When legally required (e.g., safeguarding concerns, court orders).

We do not share your information with other patients or third-party marketing services.

5. Data Retention

• Emails / Contact Form Submissions: deleted after 1 week.
• Clinical Records: retained in WriteUpp for 8 years after discharge (longer for children or specific conditions).
• AI Audio Data: deleted following transcription.

You may request deletion sooner where possible, but healthcare records are legally required to be retained for the mandated period.

6. Security

Your data is protected through:

• Encrypted communication (HTTPS).
• Restricted access to clinical systems.
• Use of certified, secure healthcare platforms (WriteUpp, Heidi AI).
• Strong password and device security.
• Secure storage of mobile and laptop devices used for clinical documentation.

7. Your Rights Under UK GDPR

You have the right to:

• Access your personal data.
• Request corrections.
• Request deletion (where legally allowable).
• Request restriction of processing.
• Request data portability.
• Withdraw consent for certain processing (e.g., AI transcription).

To exercise these rights, contact us using the details in Section 10.

8. Cookies

Our website may use cookies for functionality and analytics:

• Functional cookies: Ensure the site works properly.
• Analytics cookies: Help us improve user experience.

No cookies are used for marketing purposes. You can adjust cookie settings in your browser.

9. Updates to This Policy

We may update this Privacy Policy from time to time. The updated version will always be displayed on our website with the last updated date.

10. ICO Registration

The Weald Physiotherapy is registered with the Information Commissioner’s Office (ICO) and processes personal data in accordance with UK GDPR.

11. Contact Details

For questions about this Privacy Policy or your data:
 

📞 Phone: 01233 368100 

💬 WhatsApp: 07759 326602 

📧 Email: info@thewealdphysiotherapy.co.uk 

🌐 Website: www.thewealdphysiotherapy.co.uk