Privacy Policy
This policy explains how we collect, use, and protect your personal information when you use our services.
Effective Date: December 2025
Last Reviewed: December 2026
1. Data Controller
JT Football Physiotherapy (“the Practice”) is the Data Controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Practice address: 5 Bunting Place, Kilmarnock, KA1 3LE
Email: jtfootballphysiotherapy@gmail.com
The Practice complies with applicable professional standards relating to confidentiality, record keeping and data protection.
2. Purpose of This Policy
This Privacy Policy explains how the Practice collects, processes, stores and protects personal and special category data in the course of providing physiotherapy services, and outlines the rights of patients in relation to their personal information.
3. Personal Data We Process
The Practice may process the following categories of data:
3.1 Personal Data
- Full name
- Date of birth
- Address
- Email address
- Telephone number
- Emergency contact details
3.2 Special Category Data (Health Data)
- Medical history and relevant health information
- Clinical assessment findings
- Diagnosis, treatment plans and progress notes
- Correspondence with other healthcare professionals
- Reports, referrals and test results (where applicable)
3.3 Administrative and Financial Data
- Appointment records
- Invoices and payment records
- Insurance details (where applicable)
4. How Data Is Collected
Data is collected directly from patients via registration and consent forms, verbal information during consultations, written or electronic correspondence, and online booking or practice systems.
5. Lawful Basis for Processing
The Practice processes personal data under lawful bases such as performance of a contract, legal obligation and legitimate interests. Special category health data is processed for the provision of healthcare. Where consent is used, it will be obtained explicitly and can be withdrawn at any time.
6. Use of Personal Data
Personal data is used to:
- Provide safe and appropriate physiotherapy care
- Maintain accurate clinical records
- Communicate with patients
- Liaise with other healthcare professionals
- Manage billing and insurance claims
- Comply with legal and professional obligations
7. Confidentiality and Information Sharing
The Practice adheres to strict confidentiality principles. Data will not be disclosed without consent unless necessary for direct care, legal obligations, or safeguarding concerns. Only minimum necessary data will be shared where applicable.
8. Data Storage and Security
The Practice implements appropriate technical and organisational measures to protect data, including secure electronic systems, encrypted devices where appropriate, restricted access and secure storage for paper records.
9. Data Retention
Records are retained in line with professional and legal requirements. Adult records are held for at least 8 years after last treatment; children’s records until age 25 (or 26 if treated at 17). Records are securely destroyed when retention periods expire.
10. Data Subject Rights
Under UK GDPR, patients have the right to access, correct, delete, restrict processing, withdraw consent, and lodge a complaint with the UK Information Commissioner’s Office (ICO).
11. Website and Cookies
The Practice website may use cookies for functionality and analytics. Cookies do not collect health data. Users may manage cookies through their browser settings.
12. Policy Review
This Privacy Policy is reviewed regularly to ensure compliance with legislation and professional standards. The latest version is available upon request or on the website.
13. Contact Details
For questions about this Privacy Policy or data handling, please contact:
JT Football Physiotherapy
Email: jtfootballphysiotherapy@gmail.com