& Sports Injury Clinic

1. Introduction

This Privacy Policy explains how Coventry Osteopathic & Sports Injury Clinic ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website or receive treatment at our clinic.

We are committed to handling your personal data in an open, transparent, and lawful manner, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We may update this policy from time to time. Please check this page periodically to ensure you are satisfied with any changes.

2. Who We Are

Coventry Osteopathic & Sports Injury Clinic is the Data Controller responsible for your personal data.

Data Controller: Wendy Cook
Email: info@coventryosteopaths.co.uk
Phone: 02476 501923
Address: 312A Charter Avenue, Coventry, CV4 8DA

3. What Personal Data We Collect

Standard Personal Data

• Full name

• Contact information (email address, postal address, telephone number)

• Demographic information (postcode, preferences, interests)

• Information relevant to customer surveys or service improvements

Special Category Data (Health Information)

As a healthcare provider, we collect and process health-related information, classified as Special Category Data under UK GDPR Article 9. This includes:

• Medical history and health conditions

• Treatment records and clinical notes

• Details of medications, allergies, and relevant lifestyle factors

• Information provided during consultations

We handle all Special Category Data with strict confidentiality and appropriate safeguards.

4. How and Why We Process Your Data (Lawful Basis)

Treatment and Clinical Care

• Article 6: Contract – processing is necessary to provide you with treatment and fulfil our agreement with you

• Article 9: 9(2)(h) – processing is necessary for the provision of health care by a qualified professional

Appointment Booking and Reminders

• Article 6: Legitimate Interests – it is in your interest and ours to manage appointments effectively and ensure continuity of care

Clinical Record Keeping

• Article 6: Legal Obligation – we are required to retain clinical records in accordance with healthcare and regulatory requirements

• Article 9: 9(2)(h) - processing is necessary for the provision of health care

Health Newsletters and Marketing

• Article 6: Consent – we will only send marketing communications where you have given explicit consent, which you may withdraw at any time

Website Analytics and Improvement

• Article 6: Legitimate Interests – we use anonymised data to understand how our website is used and to improve user experience

If you do not provide necessary clinical information, we may be unable to provide treatment safely.

5. How We Use Your Information

We use your personal data to:

• Provide osteopathic and sports injury treatment

• Maintain accurate clinical records

• Manage appointments

• Send health information (where consent is given)

• Improve our services and website

• Meet legal and regulatory obligations

• Carry out administrative tasks

6. Data Retention

We retain personal data only for as long as necessary:

• Clinical records: Minimum 8 years after your last appointment (or until age 25, if longer)

• Marketing data: Until consent is withdrawn

• Website enquiries: 12 months unless treatment begins

• Financial records: 7 years (HMRC requirement)

After this period, data is securely destroyed.

7. Who We Share Your Data With

We do not sell or distribute your personal data.

We only share data where necessary with:

Cliniko

Used to manage clinical records and appointments.

PepTalkr

Used to send newsletters, clinic updates, and appointment communications.

Your name and email address may be stored and processed on secure servers located outside the UK, including Australia.

Where this occurs, appropriate safeguards are in place, including Standard Contractual Clauses under UK GDPR Article 46.

Reception and Administrative Staff

Access limited to contact and appointment information only.

Bookkeeper and Administrative Support

Access limited to essential billing and contact data only.

Treating Practitioners

Full access to clinical records to provide safe care.

Legal or Regulatory Authorities

Only where required by law.

All third parties are required to maintain confidentiality and appropriate data protection standards.

8. Data Security

We implement appropriate safeguards to protect your data:

• Paper records stored securely in locked premises

• Electronic records stored in secure, password-protected systems

• Office systems secured and maintained

• Staff trained in confidentiality and data protection

9. Use of AI-Assisted Tools

We are currently assessing the use of secure, clinically appropriate AI-assisted tools to support administrative and clinical processes within the clinic.

This may include the future use of AI technology to assist practitioners with clinical note-taking during consultations.

If and when such tools are implemented:

• They will be used solely as assistive technology

• They will not make clinical decisions or replace professional judgement

• All outputs will be reviewed and validated by your treating practitioner

• They will operate under strict confidentiality and data protection controls

• They will only be introduced where they meet UK GDPR requirements

Where required, we will ensure that appropriate safeguards are in place, including data processing agreements and lawful international transfer mechanisms.

We will update this Privacy Policy once any AI-assisted tools are actively in use.

If you have any questions about this, please contact us using the details in Section 2.

10. International Data Transfers

Some systems we use process personal data outside the UK.

Cliniko

May process data internationally depending on system configuration.

PepTalkr

Processes and stores data on servers located in Australia.

Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses under UK GDPR Article 46.

We have assessed these providers and are satisfied that appropriate data protection standards are maintained.

11. Cookies

We use cookies to:

• Analyse website traffic

• Improve functionality and user experience

• Remember your preferences

This data is anonymised and does not identify you personally.

You can control cookies through your browser settings.

More information: www.allaboutcookies.org

12. External Links

Our website may contain links to other websites. We are not responsible for their privacy practices.

13. Your Rights Under UK GDPR

You have the right to:

• Access your personal data

• Correct inaccurate data

• Request deletion (subject to legal obligations)

• Restrict processing

• Request data portability

• Object to processing

• Not be subject to automated decision-making

• Withdraw consent

We will respond to requests within one calendar month.

14. Controlling Your Information

Direct Marketing

You may withdraw consent at any time by:

• Clicking “unsubscribe” in emails

• Emailing us

• Calling or writing to us

Subject Access Requests

Requests can be made via email or post. Identity verification may be required.

15. Complaints

Step 1 – Contact Us

Wendy Cook
info@coventryosteopaths.co.uk
02476 501923

We aim to resolve complaints within 28 days.

Step 2 – ICO

You may contact the Information Commissioner's Office:

Website: www.ico.org.uk
Phone: 0303 123 1113
Address: Wycliffe House, Wilmslow, Cheshire, SK9 5AF

16. Changes to This Policy

We may update this policy at any time. Changes will be posted on this page.

Coventry Osteopathic & Sports Injury Clinic
312A Charter Avenue, Coventry, CV4 8DA
info@coventryosteopaths.co.uk
02476 501923

Last updated: 30 April 2026