Privacy Policy

First Foundations Physiotherapy

Last updated: 04 March 2026

First Foundations Physiotherapy takes the privacy and protection of your personal information very seriously. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website or services. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are (Data Controller)

First Foundations Physiotherapy is the data controller responsible for your personal data.

First Foundations Physiotherapy
Email: kate@firstfoundationsphysiotherapy.co.uk
Website: www.firstfoundationsphysiotherapy.com

As the data controller, we determine how and why your personal data is processed.

2. What Personal Data We Collect

We may collect the following personal information:

Personal details, name, address, email address, phone number, DOB, gender and health information. As we provide physiotherapy services, we may collect medical information such as:

Medical history, injury or condition details, treatment notes and progress notes and clinical assessments. This information is classified as special category data (health data) under the UK GDPR.

Administrative information collection includes, insurance information (if required for claims), appointment history, any correspondence with you, website usage data. We automatically collect some information about your visit to our website. This information helps us to make improvements to website content and navigation, and includes your IP address, the date, times and frequency with which you access our website and the way you use and interact with its content.

3. How We Collect Your Data

We collect data in the following ways:

When you complete forms on our website, when you contact us by phone, email, or post. When you register for or attend physiotherapy treatment, when you complete medical screening or consent forms and automatically when you use our website (such as through cookies).

4. How We Use Your Data

We use your information to provide physiotherapy assessment and treatment, maintain accurate medical records, communicate with you about appointments, process insurance claims (where applicable), improve our services and website and send marketing communications where you have consented.

5. Legal Basis for Processing

Under the UK GDPR we process your data using the following lawful bases:

Contract - to provide physiotherapy services you have requested.

Legal obligation - to comply with healthcare record-keeping and regulatory requirements.

Legitimate interests - to manage and improve our services and website.

Consent - for certain activities such as marketing emails.

Healthcare provision - health information is processed because it is necessary for the provision of healthcare services.

6. Sharing Your Data

We may share your data with trusted third parties where necessary, including:

Cliniko – our secure practice management software provider used to store patient records. 

Insurance companies where claims are made, other healthcare professionals where necessary for your care (and normally with your consent), regulatory authorities where required by law. We ensure that any third parties handling your data comply with data protection laws.

7. Data Security

We take appropriate technical and organisational measures to protect your data. These measures include secure practice management software, password-protected systems, restricted access to patient records and secure storage of electronic records. If you believe your data has been compromised, please contact us immediately at: kate@firstfoundationsphysiotherapy.co.uk

8. Data Retention

We retain personal data only for as long as necessary. Healthcare records are generally retained in accordance with professional guidance:

Adult patient records: typically 8 years after the last treatment. Children's records: typically until age 25. Some information may be retained longer where required by legal or regulatory obligations.

9. Marketing Communications

We may send you marketing communications if: you have given consent, or you have previously used our services and have not opted out. You can withdraw consent or unsubscribe at any time by contacting us or using the unsubscribe link in our emails.

10. Your Data Protection Rights

Under the UK GDPR, you have the following rights:

Right of access – request a copy of the personal data we hold about you.

Right to rectification – correct inaccurate or incomplete data.

Right to erasure – request deletion of your data where appropriate.

Right to restrict processing – limit how your data is used.

Right to data portability – request transfer of your data.

Right to object – object to certain types of processing, including marketing.

To exercise any of these rights, please email us.

11. Complaints

If you are unhappy with how we handle your data, please contact us first so we can resolve the issue. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO). 

12. Cookies

Our website may use cookies to improve your browsing experience and help us understand how visitors use the website. Cookies are small files stored on your device that collect information such as browsing behaviour. You can control or disable cookies through your browser settings.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our services. Any updates will be published on this page.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.