top of page

PRIVACY POLICY

Sarah Green Physiotherapy and Clinical Pilates is committed to protecting your privacy and handling your personal data safely and responsibly. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​

1. Who we are:

Practice name: Sarah Green Physiotherapy and Clinical Pilates
Data Controller: Sarah Green, Physiotherapist
Contact details: sarahgreenphysio@gmail.com, 07886077112

​

2. What personal data we collect:

We may collect and store the following information:

  • Name, address, email address, and telephone number

  • Date of birth

  • GP and other healthcare provider details

  • Medical history, injury details, clinical notes, and treatment records

  • Appointment and attendance records

  • Payment and invoicing information

  • Correspondence by email, phone, or electronic booking systems
    ​

3. How we use your information:

Your personal data is used to:

  • Provide physiotherapy and clinical Pilates assessment and treatment

  • Maintain accurate clinical and professional records

  • Communicate with you regarding appointments, treatment, and aftercare

  • Manage payments, invoices, and insurance claims where applicable

  • Meet legal, regulatory, and professional obligations

Your data will only be used for purposes directly related to your care or where legally required.

​

4. Lawful basis for processing:

We process personal data in accordance with UK GDPR and HCPC Standards of Conduct, Performance and Ethics. The lawful bases we rely on include:

  • Consent – for treatment, communication, and sharing information where required

  • Contract – to provide healthcare services you have booked

  • Legal obligation – to comply with HCPC, CSP, insurance, and tax requirements

  • Vital interests – where necessary to protect your health or safety
    ​

5. How your data is stored and protected:

We follow HCPC guidance on record keeping and confidentiality to ensure personal data is kept secure, accurate, and up to date:

  • Electronic records are stored on secure, password-protected systems

  • Paper records are stored securely with restricted access

  • Only authorised individuals involved in your care can access your records

Personal data is retained in line with HCPC, CSP, and legal guidance (typically a minimum of 8 years following your last appointment, or longer where required).

 

6. Use of Artificial Intelligence (AI) for Clinical Notes

Sarah Green Physiotherapy and Clinical Pilates may use secure AI-assisted tools to support the creation of clinical notes and records.

We ensure that:

  • All AI processing is done under strict UK GDPR compliance

  • AI tools only process data necessary for clinical documentation

  • Clinical judgement is always provided and verified by a qualified physiotherapist

  • No AI-generated notes are relied upon without human oversight

  • Personal and health data are stored securely and access is restricted to authorised staff

Your clinical data is treated confidentially at all times, and AI tools do not replace professional assessment or decision-making.

​

7. Sharing your information:

Your personal data will not be shared without your consent, except:

  • With other healthcare professionals involved in your care (e.g. GP, consultant)

  • With insurers where relevant and authorised by you

  • Where disclosure is required by law or regulatory bodies
    ​

8. Your rights:

In line with UK GDPR and HCPC standards, you have the right to:

  • Access the personal data we hold about you

  • Request correction of inaccurate or incomplete data

  • Request erasure of your data where applicable

  • Request restriction of processing or object to processing

  • Withdraw consent at any time where consent is the lawful basis

Requests should be made in writing and will be responded to within one month.

​

9. Data breaches:

In the unlikely event of a data breach that poses a risk to your rights and freedoms, appropriate action will be taken in accordance with legal requirements, including notification to the Information Commissioner’s Office (ICO) where necessary.

​

10. Website and cookies:

If you use our website or online booking system, basic cookies may be used to ensure functionality and improve user experience. No non-essential cookies are used without consent.

​

11. Complaints and concerns:

If you have concerns about how your data is handled, please contact us in the first instance so we can try to resolve the issue.

You also have the right to raise a concern with the Information Commissioner’s Office (ICO), the UK authority for data protection.

​

12. Changes to this policy:

This Privacy Policy may be updated from time to time to reflect changes in legislation or professional guidance. The most current version will be available on request or via our website.

Last updated: [January 2026]

bottom of page