Privacy Policy

Effective Date: 01/06/2025

New Horizons Physiotherapy website is owned by New Horizons Physiotherapy, which is a data controller of your personal data. This Privacy Policy explains how personal data is collected, used, and protected by your physiotherapist.

Cookies:

The website uses cookies to help personalise your online experience. By accessing New Horizons Physiotherapy, you agreed to use the required cookies.

A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.

We may use cookies to collect, store, and track information for statistical or marketing purposes to operate our website. You have the ability to accept or decline optional Cookies. There are some required Cookies that are necessary for the operation of our website. These cookies do not require your consent as they always work. Please keep in mind that by accepting required Cookies, you also accept third-party Cookies, which might be used via third-party provided services if you use such services on our website, for example, a video display window provided by third parties and integrated into our website.

Who We Are
New Horizons Physiotherapy is a shared trade name used by independent sole traders who are qualified and registered physiotherapists. While we collaborate for advertising and promotional purposes, each physiotherapist operates independently and is responsible for their professional practice and data handling.

What is personal data
Personal data refers to any information that relates to an identified or identifiable individual. This can include details such as your name, address, email, phone number, or date of birth.

Personal Data We Collect
Your physiotherapist may collect and process the following data:

• Identity data: Name, date of birth, gender

• Contact details: Address, phone number, email, emergency contact

• Health information: Relevant medical history, diagnosis, treatment notes, GP contact details, medical documents

• Payment information: Bank transfers, invoicing data, or other payment records handled via third-party payment processors (we do not store card details)

This data is collected via client intake forms, consent forms, direct communication, and during your treatment sessions.

Our website also uses cookies to enhance your browsing experience, analyse site traffic, and support basic website functionality. Cookies are small text files stored on your device when you visit our site. Some cookies are essential for the website to function properly (e.g. to remember your session or preferences), while others help us understand how visitors use our site so we can improve our services. We may also use third-party cookies for analytics and performance purposes. Under GDPR, we are required to obtain your consent before placing non-essential cookies on your device. When you visit our website, you will be presented with a cookie banner that allows you to accept or manage your cookie preferences. You can also change your settings or withdraw consent at any time through your browser.

How We Use Your Data
Your data may be used for the following purposes:

• To provide safe and effective Physiotherapy assessment and treatments to manage your care

• To communicate with you regarding appointments, treatment plans and follow-ups

• For administrative tasks such as invoicing and payment processing

• To comply with legal and regulatory obligations

Each Physiotherapist is responsible for handling your data independently, even when working under the same trade name.

Data Sharing
Your information is kept confidential. We do not share your data with third parties except:

• With your consent (e.g., contacting your GP or other medical health professionals)

• Where legally required (e.g., safeguarding concerns or court orders)

• For collaborative treatment (e.g., if a second therapist is involved, with your prior consent)
  

Each Physiotherapist is individually responsible for their use and protection of your data once you become their client. We only collect data that is necessary for these purposes and will not use it for any unrelated reason.

How We Store and Protect Your Data
We collect your personal and health information directly from you during the intake process, initial assessments, treatment sessions, and through any communication you have with us.

To manage this information securely, we use specialised allied health professional practice management software designed for clinical use and secure storage and handling of sensitive information. This software is compliant with data protection regulations and is used to manage your intake forms, clinical assessments, treatment plans and session notes. All data is stored electronically in encrypted systems, with access restricted to authorised personnel only. Data is securely stored in password-protected digital systems and/or locked physical files.

Data Retention
In accordance with the General Data Protection Regulation (GDPR), we retain your personal and health information only for as long as is necessary to fulfil the purposes for which it was collected, including to meet our legal, professional, and operational requirements. Health records are typically retained for a minimum of eight years after the last treatment, in line with standard healthcare guidelines. Your information is securely stored within our GDPR-compliant allied health practice management software, which uses encrypted systems to protect your data. Once the retention period has expired, your data will be securely deleted, unless we are required to retain it for a longer period due to legal reasons.

Your Rights
Under General Data Protection Regulation (GDPR), you may have the following rights:

Right to Access: You have the right to request copies of your personal data.

Right to Rectification: You have the right to ask us to correct information if you think it is inaccurate or incomplete.

Right to Erasure: You have the right to ask us to delete your personal information in certain circumstances. ("right to be forgotten").

Right to Restrict Processing: You have the right to ask us to restrict or limit of how your data is processed.

Right to Object: You have the right to object to the processing of your personal data in certain circumstances.

Right to Data Portability: You have the right to ask for transfer of your data to another provider in certain circumstances.

Right to Lodge a Complaint: You have the right to complain by contacting us at hello@newhorizonsphysio.co.uk and also the Information Commissioner's Office (ICO), the UK's data protection supervisory authority via their website.

To exercise any of these rights, contact us at hello@newhorizonsphysio.co.uk or your treating Physiotherapist.

Update to This Policy
This policy may be updated from time to time to reflect legal or operational changes. The most recent version will always be available on our website.