Fairway Physio Ltd provides a friendly, professional service that works within strict codes of conduct outlined by the CSP and HCPC that ensures all patients are treated equally. All information shared with Fairway Physio Ltd is done so confidentially and will only be shared with third parties that enable us to perform services in your best interest for which you have consented. Your personal information will otherwise be secured on password protected hardware / cloud systems or stored in a secure location. We can not guarantee, however, that any data you send to us via the internet is totally secure. Whilst we endeavour to protect your personal information, any information sent to Fairway Physio Ltd online is done so at your own risk.
This version of the Fairway Physio Ltd privacy policy is fully aligned with UK GDPR / Data Protection Act 2018, HCPC standards, and CQC-ready expectations for independent healthcare providers.
Privacy Notice
Fairway Physio Ltd
Registered Office: 7-11 Chapel Street, Lancaster, LA1 1NZ
Website: www.fairway-physio.co.uk
Email: info@fairway.physio
ICO Registration Number: ZA893403
1. Introduction
Fairway Physio Ltd (“we”, “our”, “us”) is committed to protecting your privacy and handling your personal information lawfully, fairly, and transparently.
This notice explains how we collect, use, store, and protect your personal information when you use our website or any of our clinical, wellbeing, or corporate services.
By using our website or engaging with our services, you acknowledge that you understand and agree to the terms of this Privacy Notice. If you disagree with any part of this policy, please discontinue use of our website and contact us for clarification.
2. Data Controller
Fairway Physio Ltd is the Data Controller responsible for your personal information and compliance with data-protection law in the UK.
3. Definitions
Personal Data – information that can identify you (e.g. name, address, email).
Special Category Data – sensitive data relating to your health, medical history, or treatment.
Patient / Client – anyone using or intending to use our services.
Website – www.fairway-physio.co.uk.
4. Who This Notice Applies To
This notice applies to anyone who:
Enquires about or uses our services
Books, attends, or pays for appointments
Contacts us by email, phone, social media, or in person
5. Services We Provide
We provide physiotherapy and associated clinical and wellbeing services, including but not limited to:
Musculoskeletal Physiotherapy
Sports Therapy and Rehabilitation
Strength & Conditioning and sports-specific movement screening
Sports Massage
Acupuncture
Corporate wellness and occupational-health programmes
Education, workshops, and online programmes
6. How We Collect Personal Information
We collect data from:
You, during consultations, assessments, online forms, calls, or emails
Parents/guardians if you are under 18
Other clinicians involved in your care
Insurers or referring organisations
Diagnostic and imaging providers
If you provide information about another person, please ensure you have their consent.
7. Types of Information We Process
Standard Personal Data may include:
Name, address, date of birth, gender, occupation, and contact details
Next-of-kin or emergency contact
Payment or insurance details (we do not store full card numbers)
Special Category (Health) Data may include:
Medical history, clinical notes, test results, diagnostic reports
Correspondence from other healthcare professionals
Treatment records and rehabilitation plans
8. Lawful Bases for Processing Your Data
Data Type | Lawful Basis | Purpose |
Standard Personal Data | Legitimate Interests / Contract / Legal Obligation | To register you, manage appointments, communicate, issue invoices, and maintain records |
Special Category Data | Provision of Health or Social Care / Legal Obligation | To maintain accurate clinical records and deliver safe, evidence-based treatment |
Marketing Data | Consent | To send occasional newsletters, offers, or service updates (you may withdraw consent anytime) |
9. How We Protect Your Information
We take data security seriously and employ the following measures:
Secure, encrypted clinical record systems compliant with UK GDPR (Nookal)
Encrypted email (Egress) for transmitting sensitive information or via Nookal software
Password-protected devices and restricted staff access
Staff training in confidentiality and data protection
Internal audits and access reviews
Ensuring all third-party processors meet data-protection standards
10. How We Use Your Information
We use your information to:
Provide physiotherapy and associated healthcare services
Fulfil legal, clinical, and contractual obligations
Communicate about appointments, payments, and treatment updates
Improve our services through anonymised audits or statistics
Send marketing communications (if you have opted in)
Complete the sale of products to you
11. Sharing Your Information
We share only the minimum necessary data and only when appropriate:
With other healthcare professionals directly involved in your care
With administrative staff supporting your treatment
With insurers or funding organisations (if relevant)
With regulators, legal authorities, or safeguarding bodies where required by law
With a parent or guardian if you are under 18
With anyone you explicitly authorise
We never sell or rent your personal information to third parties.
12. Third-Party Processors
To deliver our services, we may use carefully selected third-party processors who comply with UK GDPR standards, including:
Nookal – secure clinical records and appointment booking
Wibbi – Exercise prescription provision
Mailchimp – email newsletters and marketing communications – with explicit consent gained
Google Analytics – website performance and usage analysis
Egress Secure Email – encrypted transfer of sensitive data
Each processor is bound by a written data-processing agreement ensuring confidentiality and security.
13. Transfers Outside the UK / EEA
Our website is hosted in the UK.
If data must be stored or processed outside the UK or EEA, we will ensure appropriate safeguards (e.g. encryption or ICO-approved contractual clauses).
14. Website and Cookies
Our website may collect limited data through cookies to:
Track site usage and improve performance
Record whether you have accepted cookies
Keep you signed in to your account
You may block cookies via your browser, though some functions may not operate fully.
We also record anonymised browsing information such as IP address, browser type, and location to analyse site performance.
15. Email and Online Communications
Routine emails are not encrypted, and we therefore avoid sending sensitive data by standard email.
When required, we use Egress Secure Email or our encrypted Nookal documentation software for encrypted transmission of sensitive or medical information.
16. Data Retention Periods
We keep personal data only as long as required:
Adults: Eight years after the last appointment
Children: Until age 25 (or 26 if treated after age 17)
Insurance / financial records: As required by tax law
Marketing data: Deleted immediately when consent is withdrawn
17. Your Rights
Under UK GDPR you have the right to:
Access a copy of your data
Request corrections to inaccurate or incomplete information
Request restriction or object to processing
Withdraw consent for marketing
Request data portability (where applicable)
Complain to the Information Commissioner’s Office (ICO)
Please note that clinical records cannot normally be erased where legal or professional obligations require retention.
ICO: https://ico.org.uk/concerns/
18. How to Access or Amend Your Data
Requests to access, correct, or delete personal data should be sent to info@fairway.physio.
We may ask for proof of identity before releasing information and will respond within 30 days.
19. Children and Vulnerable Clients
We do not market to children.
Clients under 18 require consent from a parent or guardian.
We hold children’s data with the same level of confidentiality as adult records and in line with safeguarding requirements.
20. Data Protection Lead
Our appointed Data Protection Lead is responsible for overseeing compliance and responding to data-protection enquiries.
Data Protection Lead: Rob Barker, Practice Director, Fairway Physio Ltd
Email: info@fairway.physio
21. Data Breach Procedure
We have an internal data-breach policy aligned with ICO guidance.
In the event of a data breach likely to result in a risk to your rights and freedoms, we will:
Assess the breach and mitigate impact immediately.
Notify the ICO within 72 hours (where legally required).
Inform any affected individuals promptly, explaining what happened and what steps to take.
Document the breach and outcome in our incident log.
22. How to Complain
If you are dissatisfied with how we handle your personal information, please contact us first at info@fairway.physio so we can attempt to resolve the matter informally.
If unresolved, you may contact / complain directly to the ICO using the link below:
23. Updates to This Policy
We may update this Privacy Notice from time to time to reflect legal, regulatory, or operational changes.
The latest version will always be available on our website.
Version Control: Version 1.0 – Reviewed November 2025 – Next Review November 2026
24. Copyright Notice
This Privacy Notice is specific to Fairway Physio Ltd.
No part may be reproduced or redistributed without written permission.
