Privacy Policy
Policy date: October 2025
Policy Version: 1.0
Policy author: Jessie Bevan
Record of document change:
Record of document changes
Date: 6.10.25
Version: 1
Changes/comment: Original document written
Introduction
At Bloom Physio and Pilates, we are committed to protecting the privacy and confidentiality of our patients and website users. This privacy policy outlines how we collect, use, store, and protect your personal information in compliance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).
1. Information We Collect
- Personal Details: Name, date of birth, address, telephone number, email address, emergency contact information.
- Medical Information: Medical history, details of injuries, treatment records, physiotherapy notes, and other health-related data necessary for your care.
- Payment Information: Details required for processing payments, such as bank details or insurance information.
- Website Usage Data: IP address, browser type, pages visited, and cookies (when you use our website).
2. How We Use Your Information
- To provide fitness and physiotherapy services and manage your care.
- To communicate with you about appointments, treatment updates, and practice news.
- To process payments and manage billing or insurance claims.
- To comply with legal and regulatory obligations.
- To improve our services and website functionality.
3. Legal Basis for Processing
We process your personal information based on one or more of the following legal grounds:
- Your consent.
- The necessity to perform a contract with you (e.g., provision of care).
- Compliance with a legal obligation.
- Our legitimate interests in managing and growing our practice (where these interests do not override your rights).
4. Sharing Your Information
We will only share your information with third parties when necessary, such as:
- Other healthcare professionals involved in your care (with your consent).
- Insurance providers (with your consent).
- Regulatory bodies, where required by law.
- Service providers who assist in our business operations (e.g., IT support), under strict confidentiality agreements.
We will never sell your information to third parties.
5. Data Security
We take all reasonable measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. This includes secure storage (both physical and digital), restricted staff access, and regular staff training on data protection.
6. Data Retention
Your records are kept securely for as long as necessary to fulfil the purposes for which they were collected, including for the purposes of satisfying any legal, regulatory, or reporting requirements. Medical records are typically retained for a minimum of 8 years after your last treatment or as required by law.
7. Your Rights
You have certain rights regarding your personal data, including:
- The right to access your information.
- The right to correct inaccurate or incomplete information.
- The right to request deletion of your information (where legally permitted).
- The right to restrict or object to processing.
- The right to data portability.
- The right to withdraw consent at any time (where processing is based on consent).
To exercise any of these rights, please contact us using the details below.
8. Cookies and Website Usage
Our website may use cookies to enhance your browsing experience and gather anonymous usage statistics. You can manage cookie settings in your browser.
9. Contact Us
If you have any questions about this privacy policy or wish to exercise your rights, please contact:
Jessie Bevan
Bloom Physio and Pilates
admin@bloomphysioandpilates.co.uk
10. Changes to This Policy
We may update this privacy policy from time to time. The latest version will always be available on our website. Please review this policy periodically for any changes.