Privacy Policy – IC Osteopathy

Reviewed: 8th February 2026

IC Osteopathy takes great care to protect the personal information we hold about our patients, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This privacy notice explains what information we collect, why we collect it, how we use it, and the rights you have regarding your data.

1. The Clinic

IC Osteopathy is owned and operated by:

IC Osteopathy

Central Staffs Crossfit,

Unit 4, Leons Way Tollgate Drive,

Tollgate Industrial Estate,

Stafford, Staffordshire

ST16 3HS

Tel: 07769 493123

Email: info@icosteopathy.co.uk

Website: www.icosteopathy.co.uk

For the purposes of this privacy notice, IC Osteopathy will be referred to as “the Clinic”.

The Clinic provides osteopathy, rehabilitation, lifestyle and health advice, and related therapeutic services.

2. Personal Information We Collect

The Clinic processes personal information for current and previous patients, including:

Name
Date of birth
Address
Email address
Phone numbers
GP details
Occupation
Medical history
Health information
Treatment notes
Correspondence
Referrals
Scan reports and imaging
Payment receipts
Insurance claim information

Processing includes obtaining, storing, using, securing, sharing (where appropriate), and destroying this information.

3. How We Collect Personal Information

We collect personal information from:

Patients directly (or their parent/guardian)
Email, phone, online booking, and website contact forms
Insurance companies
Other healthcare professionals (with your consent)
Rehabilitation software (exercise prescription platforms)
Payment processors
CCTV footage at the clinic premises (where applicable)

4. Why We Collect Personal Information

a. To provide safe and effective treatment

We collect and store relevant medical and personal information to:

Assess your health
Deliver appropriate osteopathic treatment
Provide rehabilitation exercises
Offer lifestyle and health advice
Maintain accurate clinical records

Your clinician will document details relating to your symptoms, medical history, examination findings, treatment, and progress.

This information is held securely and accessed only by staff involved in your care or clinic administration.

b. To manage appointments and respond to enquiries

We use your contact details to:

Confirm and remind you of appointments
Respond to your queries
Provide reports or information relating to your treatment
Send follow‑up advice or exercise plans

c. To share service updates and clinic information

We may send occasional updates or information about services only if you have opted in to receive marketing communications.

You may opt out at any time by emailing us.

We do not sell or broker your personal information.

d. To request feedback

We may invite you to leave a review (e.g., Google Reviews).

Leaving a review is entirely optional.

5. Lawful Basis for Processing

The legal bases under UK GDPR include:

Contract – processing is necessary to provide treatment and services you request.
Consent – you consent to the collection and processing of your medical information as part of your treatment.
Legitimate interests – for appointment reminders, service updates, and clinic administration.
Legal obligation – maintaining medical records for required retention periods.

You may withdraw consent at any time by contacting the Clinic.

6. Disclosure of Personal Information

We keep your information confidential. It may be shared only when necessary with:

Regulatory authorities
NHS or other healthcare professionals (with your consent)
Insurance companies
Legal representatives
Fraud prevention agencies
Local authorities
IT and software providers who support clinic operations
In rare cases, if we believe someone is at risk of harm

We do not share your information with third parties for marketing purposes.

7. Data Retention

We retain personal information in accordance with legal and professional requirements:

Adults: Records are kept for 8 years after your last appointment.
Children: Records are kept until the patient’s 25th birthday (or 26th if treated at age 17).

After this period, records are securely deleted or destroyed.

8. How We Store Personal Information

a. Clinic Records

All patient records are stored securely and accessible only to authorised staff.

b. Digital Systems Used by the Clinic

The Clinic uses secure third‑party systems for administration and clinical operations, including:

Cliniko – online booking and digital patient records
Rehab My Patient (or equivalent) – exercise prescription software
Email and cloud storage providers – for secure communication and document storage
Payment processors – for handling card payments

These providers act as data processors and do not use your information for their own purposes.

9. Your Rights as a Data Subject

Under data protection law, you have the right to:

Be informed about how your data is used
Access the information we hold about you
Rectify inaccurate or incomplete data
Erase your data in certain circumstances
Restrict processing in certain circumstances
Data portability – request transfer of your data
Object to certain types of processing

To exercise your rights, contact us using the details at the top of this notice.

We will respond within one calendar month.

If we refuse a request, we will explain why and inform you of your right to challenge the decision.

10. Complaints

If you have concerns about how we use your personal data, please contact us first so we can address the issue.

If you remain dissatisfied, you may contact:

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Website: https://ico.org.uk/make-a-complaint/ (ico.org.uk in Bing)

Telephone: 0303 123 1113

11. Updates to This Policy

This privacy policy may be updated periodically to reflect changes in legislation or clinic operations.

The most recent review date will always be shown at the top of this page.