Privacy Policy

At Pro Active Physiocare Ltd, we are committed to protecting the privacy and security of your personal and health information. This policy outlines how we collect, use, and safeguard your data in accordance with UK GDPR.

1. Data Controller

The Data Controller is Arunkumar Kumbhagiri, Director of Pro Active Physiocare Ltd. Contact: [Insert Business Email] | [Insert Business Phone]

2. Information We Collect

To provide high-quality physiotherapy care, we collect the following:

• Personal Identity Data: Name, date of birth, and gender.

• Contact Data: Address, email, and phone number.

• Special Category (Health) Data: Medical history, symptoms, scan reports (MRI/X-ray), GP details, and clinical notes from your assessment and treatment.

• Payment Data: Details required to process payments (we do not store full card details; these are handled by encrypted payment processors).

3. Why We Need Your Data

We process your data under the following legal bases:

• Contractual Necessity: To provide the physiotherapy services you have booked.

• Legal Obligation: To maintain accurate medical records as required by the Health and Care Professions Council (HCPC) and the Chartered Society of Physiotherapy (CSP).

• Health & Social Care: For the provision of healthcare or treatment.

4. How We Use Your Information

• To create and manage your clinical treatment plan.

• To communicate with you regarding appointments or exercise programs.

• With your explicit consent, to update your GP or consultant (e.g., regarding TMJ surgery or MSK rehab).

• To process invoices and insurance claims.

5. Data Sharing & Disclosure

We never sell your data. We only share information with third parties when necessary:

• Medical Professionals: Your GP, consultant, or dentist (only with your consent).

• Insurance Providers: If your treatment is being funded by a private health insurer.

• Software Providers: Secure, GDPR-compliant clinical management systems (e.g., Cliniko, Jane, or similar) used for booking and notes.

6. Data Retention

In accordance with UK law and CSP guidelines, adult clinical records are generally retained for 8 years after the conclusion of treatment. For children, records are kept until their 25th or 26th birthday. After this period, data is securely destroyed.

7. Your Rights

Under UK GDPR, you have the right to:

• Access: Request a copy of the personal data we hold about you.

• Correction: Ask us to correct inaccurate information.

• Erasure: Request deletion of data (Note: This may be limited by our legal obligation to keep medical records).

• Restriction: Ask us to limit how we use your data.

8. Security

We use industry-standard physical and digital security measures (including encryption and password protection) to ensure your health records are safe from unauthorized access or disclosure.

9. Cookies (Website Only)

Our website uses cookies to improve your browsing experience and analyze traffic. You can manage your cookie preferences through your browser settings.

10. How to Complain

If you have concerns about how we handle your data, please contact Arunkumar Kumbhagiri directly. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.