top of page

Privacy Policy

A legal disclaimer

Last updated: 10/11/2025

​

At DCM Physiotherapy (“we”, “us”, or “our”), your privacy and the protection of your personal data are of the highest importance. This Privacy Policy explains how we collect, use, store, and share your information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

DCM Physiotherapy

We act as the Data Controller for the personal data we collect about you. This means we determine how and why your personal data is processed.

2. Information We Collect

We may collect and process the following information:

a. Personal Information

  • Name

  • Address

  • Date of birth

  • Phone number

  • Email address

b. Health Information

  • Medical history and clinical notes relevant to your physiotherapy care.
    (This is considered special category data and handled with extra care.)

c. Payment Information

  • Payments processed through Stripe (we do not store or have access to your full card details).

  • Cash payment records (amount, date, and receipt number only).

d. Communication & Website Data

  • Emails, messages, or forms you send to us.

  • Website usage data such as IP address, browser type, and pages visited (via cookies or analytics tools).

3. Lawful Basis for Processing

We process your personal data under the following lawful bases (as defined by the UK GDPR):

Purpose Lawful Basis

Providing physiotherapy treatment

Performance of a contract

Maintaining medical and business records Legal obligation

Processing payments via Stripe or cash

Legitimate interests / Contract

Communicating with you (appointments, follow-ups)

Sending marketing communications (if you consent) 

Managing health information

Provision of health or social care (Article 9(2)(h) UK GDPR)

4. How We Use Your Information

We use your data to:

  • Deliver physiotherapy services safely and effectively.

  • Manage appointments, reminders, and communications.

  • Process payments via Stripe or in cash.

  • Keep accurate clinical and financial records.

  • Improve our services and website performance.

  • Comply with legal and professional obligations.

5. Payment Processing

When you pay online, payments are securely handled by Stripe.

  • Stripe collects and processes your payment information according to its own Privacy Policy.

  • We do not store or have direct access to your payment card details.
    If you pay in cash, we record only the necessary information for accounting and compliance.

6. How We Store and Protect Your Data

We take appropriate technical and organisational measures to safeguard your personal information against unauthorised access, alteration, or loss.
Your records are securely stored on password-protected systems and accessible only to authorised staff.

7. Data Sharing

We do not sell or rent your personal data.
We may share information only when necessary:

  • With other healthcare professionals involved in your care (with your consent).

  • With third-party service providers such as Stripe, solely for payment processing.

  • With regulators, insurers, or legal authorities when required by law.

All third-party providers are required to handle your data securely and in compliance with the UK GDPR.

8. International Transfers

Your data may be processed outside the UK (for example, by Stripe).
In such cases, we ensure that appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your information in accordance with UK data protection laws.

9. How Long We Keep Your Data

We retain your personal and medical information only for as long as necessary to:

  • Provide ongoing care,

  • Comply with professional and legal record-keeping requirements (normally 7–8 years after your last treatment),

  • Meet tax and accounting obligations.

After this period, your information will be securely deleted or anonymised.

10. Your Data Protection Rights

Under the UK GDPR, you have the right to:

  • Access your personal data.

  • Rectify inaccurate or incomplete data.

  • Erase data (“right to be forgotten”) where applicable.

  • Restrict or object to certain processing.

  • Data portability – request a copy of your data in a structured format.

  • Withdraw consent where processing is based on consent (e.g., marketing).

To exercise any of these rights, please contact us at:
📧 Info@dcmphysiotherapy.co.uk

​

11. Cookies and Website Analytics

Our website may use cookies or analytics tools to improve user experience and monitor site performance.
You can manage or disable cookies through your browser settings.

12. Updates to This Policy

We may update this Privacy Policy from time to time. Any updates will be posted on our website with a revised “Last updated” date.

bottom of page