Privacy Policy for Home Support Physio

Last updated: March 07, 2026

Home Support Physio (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal information in a transparent, secure, and lawful way. This privacy policy explains how we collect, use, store, and protect your personal data when you visit our website (homesupportphysio.co.uk), book a free consultation, or use our services.

We are a sole-trader physiotherapy service operated by Claire Taylor-Edwards (BSc MCSP), a Chartered Physiotherapist providing home-visit rehabilitation for older adults in Worcestershire and Herefordshire.

We act as the data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. What personal data do we collect?

We may collect the following types of information:

• Identity and contact data: Your name, address, telephone number, email address, date of birth (if relevant to care), and next of kin/emergency contact details.

• Health and medical data (special category data): Information about your physical health, mobility issues, medical history, medications, diagnoses (e.g., post-joint replacement, arthritis, osteoporosis), treatment needs, and any notes from assessments or sessions.

• Website and communication data: IP address, browser type, pages visited, time/date of visits, referral source (collected via cookies or server logs), and any messages or forms you submit (e.g., consultation request).

• Payment data (if applicable): Limited details if you pay for services (handled securely by our payment provider; we do not store full card details).

We only collect data that is necessary for providing our physiotherapy services or responding to your enquiries.

2. How do we collect your personal data?

• Directly from you: When you contact us by phone, email, website form, or during a home visit.

• During assessments/treatment: Through discussions, physical examinations, and notes taken as part of your care.

• Automatically: Via website cookies (basic analytics only; no marketing tracking) and server logs.

3. Why do we use your personal data? (Purposes and legal basis)

We process your data for the following reasons:

• To provide physiotherapy services, assessments, treatment plans, and follow-up care (legal basis: necessary for the performance of a contract or legitimate interests in delivering health services; plus explicit consent or health care provision for special category health data under UK GDPR Article 9).

• To respond to enquiries, book consultations, and communicate with you (legal basis: consent or legitimate interests).

• To maintain accurate clinical records as required by professional standards (HCPC and CSP guidelines) (legal basis: legal obligation and health care provision).

• To improve our website and services (basic analytics only) (legal basis: legitimate interests).

• To comply with legal obligations (e.g., safeguarding, insurance, tax records) (legal basis: legal obligation).

We do not use your data for automated decision-making or profiling.

4. Who do we share your personal data with?

We share data only when necessary:

• With healthcare professionals (e.g., your GP, consultants, or other therapists) if relevant to your care and with your consent.

• With our professional insurers or regulators (HCPC, CSP) if required for complaints, audits, or professional obligations.

• With IT/hosting providers (e.g., Hostinger for website data) under strict data protection agreements.

• If legally required (e.g., court order, safeguarding concerns).

We do not sell your data or share it for marketing purposes.

5. How long do we keep your personal data?

• Clinical/treatment records: Retained for at least 8 years after last contact (or longer if required by law/professional guidelines).

• Enquiry/consultation data: Kept for up to 2 years unless you become a client.

• Website logs: Up to 12 months.

We securely delete or anonymise data when no longer needed.

6. How do we keep your data secure?

We use appropriate technical and organisational measures, including encryption, secure passwords, access controls, and regular backups. Home-visit notes are stored securely and confidentially. We are not immune to risks, but we take reasonable steps to protect your information.

7. Your rights under UK GDPR

You have the following rights (subject to some exceptions):

• Right to access your personal data

• Right to rectification (correct inaccurate data)

• Right to erasure (“right to be forgotten”)

• Right to restrict processing

• Right to data portability

• Right to object to processing

• Rights related to automated decision-making (not applicable here)

To exercise any right, contact us (details below). We will respond within one month (free of charge in most cases).

8. International transfers

We do not transfer your data outside the UK or EEA.

9. Cookies and website tracking

Our site uses only essential cookies (for functionality). No marketing or third-party tracking cookies are used. You can manage cookies via your browser settings.

10. Changes to this policy

We may update this policy from time to time. Changes will be posted here with the updated date.

11. Contact us

If you have any questions about this privacy policy or your data, please contact:

Claire Taylor-Edwards

Home Support Physio

Email: claire@homesupportphysio.co.uk

Phone: 07921 561625

You also have the right to complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we handle your data:

Website: https://ico.org.uk/make-a-complaint/

Phone: 0303 123 1113

Thank you for trusting us with your care and information. We are committed to protecting your privacy while providing the best possible physiotherapy support at home.