top of page

Privacy Notice

This document refers to personal data, which is defined as information concerning any living person (a "Data Subject") that is not already in the public domain.

The UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) seek to protect and embody the rights of data subjects. These rights cover the safeguarding of personal data and protection against the unlawful processing of personal data within the UK.

 

1 – Who We Are

Trowbridge Osteopaths & Wellbeing Centre Ltd, based at 20 Union Street, Trowbridge, Wiltshire BA14 8RU ("the Practice"), is a multi-disciplinary clinic providing healthcare services.

 

2 – Professional Standards

Our treatments are carried out in accordance with:

  • The Institute of Osteopathy's patient charter and the General Osteopathic Council (GOsC) standards.

  • The General Chiropractic Council (GCC) Code of Professional Practice.
    The Practice also offers complementary services, including Acupuncture, Hypnotherapy, and Sports Massage.

 

3 – Personal Data

To provide safe and effective treatment, our practitioners (Osteopaths and Chiropractors) require detailed medical information. We will only collect what is relevant and necessary for your care. When you visit our practice, we make notes which may include details concerning your health, lifestyle, and medical history. We also collect contact details to manage your appointments and communicate with you regarding your care.

 

4 – Legal Basis for Processing

  • Medical Records: Processing is necessary for the purposes of preventive or occupational medicine and the provision of health or social care (Article 9(2)(h) of the UK GDPR).

  • Communication: We process your data to fulfil our contract with you (managing appointments) or based on our legitimate interests in providing healthcare services.

  • Marketing: We may occasionally send you newsletters or practice updates. You may opt out of these at any time.

 

5 – Legitimate Interests

Our legitimate interest is to promote and provide osteopathic, chiropractic, and wellbeing treatments to patients. We may use your data to provide information about our services and health-related updates.

 

6 – Consent

Through agreeing to this privacy notice, you are consenting to Trowbridge Osteopaths & Wellbeing Centre Ltd processing your personal data for the purposes outlined. You can withdraw your consent to receive marketing communications at any time; however, we are required by law to retain clinical medical records for a specific period (see Section 8).

 

7 – Disclosure and Access

We are committed to keeping your personal information safe and secure. Access to your data within our practice is strictly controlled:

  • Clinical Access: Full access to your medical records is restricted to the practitioners directly involved in your treatment (including our osteopaths and chiropractors).

  • Administrative Access: Our administration team may access your contact information and appointment history solely to manage your account and facilitate scheduling.

  • External Disclosure: We will not disclose your personal information to third parties (such as your GP) without your explicit consent, unless we are legally compelled to do so by law or regulation.

8 – Retention Policy

The Practice will process and store personal data for as long as you are a patient. For legal and insurance purposes, we are required to retain medical records for at least 8 years after your last treatment. For minors, records are retained until the patient reaches the age of 25.

 

9 – Data Storage & International Transfers

We maintain a fully digital record-keeping system. We no longer use paper records for clinical notes.

  • Software: We use Cliniko, a specialist practice management software, to store all patient clinical data and contact information.

  • International Storage: Cliniko stores data in secure data centres located in Australia.

  • Safeguards: Because Australia is outside the UK, we ensure your data receives an equivalent level of protection by requiring Cliniko to utilise appropriate safeguards (such as Standard Contractual Clauses) as required by the UK GDPR to protect your privacy rights.

 

10 – Data Storage (Non-Clinical)

Supporting data (such as general email correspondence) may be processed via Google Mail/Drive or Mailchimp. These providers also employ high-level security and encryption to protect your data.

 

11 – Your Rights as a Data Subject

You have the right to:

  • Request a copy of the personal data we hold about you.

  • Request that we correct any inaccuracies in your data.

  • Request the erasure of your data (subject to our legal obligations to retain medical records).

  • Object to certain types of processing, such as direct marketing.

 

12 – Accessing Your Data

To request access to your personal data, identification will be required (e.g., a driving licence, a passport, and a utility bill). All requests should be made to Claire Gregory by phoning 07504 258927 or writing to us at 20 Union Street, Trowbridge, Wiltshire, BA14 8RU.

 

13 – Complaints

If you wish to make a complaint about how your personal data is being processed, you have the right to complain to Claire Gregory at the Practice. If you do not receive a response within 30 days, you may contact the Information Commissioner’s Office (ICO):

​

bottom of page