Physiotherapy & Wellness Group
Privacy & Data Protection Policy
www.winchester-physio.co.uk
We are committed to protecting and preserving the privacy of our visitors and patients when visiting our site, attending our clinics, or communicating with us electronically.
This policy explains how we process any personal data we collect from you or that you provide to us through our website or during your treatment. We confirm that your information will be kept secure and that we comply fully with applicable UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Please read the following carefully to understand how we handle your personal data. By using our website or engaging in our clinical services, you accept and consent to the practices outlined in this policy.
Types of Information We May Collect
When you visit our website, we may collect certain technical data automatically, such as:
- A truncated and anonymised version of your IP address
- Browser type and version
- Operating system and platform
- Pages visited, time spent on site, interaction logs, and access times
Cookies
How We Use Your Information
We use your personal data to:
- Deliver healthcare and treatment services
- Manage appointments, clinical records, and related communications
- Issue invoices and payment requests (which may include limited personal identifiers to ensure correct record linkage)
- Communicate with you about your care and service updates
- Improve and maintain our systems and website performance
All data is processed in line with one or more of the following lawful bases:
- Your explicit consent
- Performance of a contract (e.g. providing physiotherapy services)
- Compliance with legal obligations
- Our legitimate interest in delivering safe and efficient care
AI‑Assisted Clinical Documentation
We use GDPR compliant artificial intelligence software to support the creation of accurate and timely clinical documentation, including treatment notes and summaries. This is used only to assist your clinician and does not replace their judgement.
All AI systems used in our practice are assessed to ensure they meet UK data protection standards. PatientNotes, our chosen clinical documentation tool, meets regulations set out by HIPAA, GDPR, UK GDPR, the UK Data Protection Act, and is certified as a Class 1 medical device in the UK.
Patient data processed in this way is not stored externally, not used to train third party models, and is never accessed outside the context of your care with us.
All software used in our practice, including documentation and booking systems, stores data securely in the UK or EEA or in jurisdictions with equivalent data protection safeguards. We only work with providers that meet strict data security and GDPR compliance requirements.
You may opt out of AI assisted documentation at any time. This will not affect the quality or availability of your care.
Disclosure of Your Information
We will only share your data where necessary, such as:
- With other healthcare professionals involved in your care (with your consent)
- When legally required or to comply with regulatory bodies
- With trusted third-party service providers under strict confidentiality agreements
We do not sell, rent, or trade your personal information.
Data Retention
Invoices and Payment Information
Invoices and payment documentation may contain limited personal identifiers to ensure accurate matching with clinical records. These are transmitted through secure channels wherever possible.
We follow data minimisation principles and do not store card details — all payment transactions are handled via secure, regulated third-party systems.
Please note that while we take reasonable steps to protect email communications, no method of online transmission is entirely risk-free. By corresponding with us via email, you accept this minimal inherent risk.
Professional Registration
All physiotherapy services are provided by qualified practitioners registered with the Health and Care Professions Council (HCPC) and, where applicable, members of the Chartered Society of Physiotherapy (CSP). Each clinician is individually accountable for their professional conduct and practice, in line with HCPC standards. If you have concerns regarding a clinician’s conduct or clinical decisions, you may raise them directly with the relevant professional body.
Third-Party Links
Our website may contain links to external websites or services. These operate independently with their own privacy policies. For example, we may link to third-party stores or products (such as the Physiofirst e‑store), for which we receive a commission. Purchases made via these external platforms are not fulfilled by us, and any queries regarding those products should be directed to the seller.
We encourage you to review third-party privacy policies before submitting any personal data. We are not responsible for the content or data practices of external websites.
Your Rights – Access and Control of Your Data
You have the right to:
- Access the personal data we hold about you
- Request corrections to inaccurate or incomplete data
- Withdraw consent where processing is based on consent
- Lodge a complaint with the Information Commissioner’s Office (ICO)
To request access to your data or exercise any of your rights, please contact us using the details provided on our website. We may need to verify your identity to protect your data.
Updates to This Policy
Contact Us
Questions or concerns about this policy are welcome. Please contact us via email or the website contact form:
Physiotherapy & Wellness Group
www.winchester-physio.co.uk
Email: enquiries@physioandwellness.org
This policy applies across our organisation, which includes:
- Physiotherapy and Wellness Ltd
- Physiotherapy and Wellness Alresford Ltd
- Physiotherapy and Wellness Twyford Ltd