Privacy Policy
Clear information on how Vast Physio Ltd collects, uses, stores, and protects your personal data.
Vast Physio Ltd
Who We Are
Vast Physio Ltd is a provider of physiotherapy and musculoskeletal services in the United Kingdom. We are registered with the Information Commissioner's Office (ICO) and act as the data controller of your personal information.
What Information We Collect
a. Personal Information
We may collect and process the following information:
- Full name
- Contact details (e.g. email address, phone number)
- Date of birth
- Address
- Information submitted via contact or enquiry forms
b. Health and Medical Information
If you use our services (including through our online booking system), we may collect health-related information such as:
- Medical history
- Injury details
- Treatment records and clinical notes
- Appointment history
This information is classified as special category data under UK GDPR and is handled with the highest level of confidentiality.
c. Technical Information
- IP address
- Browser type and device information
- Website usage data (via cookies or analytics tools)
How We Use Your Information
We use your data to:
- Provide physiotherapy assessment and treatment
- Manage appointments and clinical records
- Communicate with you regarding your care
- Liaise with other healthcare professionals where appropriate
- Meet legal and regulatory obligations (e.g. HCPC, CSP, insurance requirements)
- Improve our services and website functionality
- Send marketing communications (only where consent has been given)
Lawful Basis for Processing
We process your personal and health data under the following lawful bases:
- Provision of healthcare - Article 9(2)(h) UK GDPR
- Contract - to deliver our services
- Legal obligation - regulatory and professional requirements
- Legitimate interests - service management and improvement
- Consent - for marketing communications where applicable
Sharing Your Information
We do not sell your personal data.
Your information may be shared with:
- Healthcare professionals involved in your care (e.g. GP, specialist)
- Cliniko (our practice management system), which securely stores clinical data
- Third-party service providers supporting IT, email or administration
- Regulatory or legal authorities where required
All third parties are GDPR-compliant and bound by confidentiality agreements.
Data Security and Storage
We take appropriate technical and organisational measures to protect your data:
- Secure, encrypted systems (including Cliniko)
- Restricted access to authorised personnel only
- Secure storage of any physical records
- Regular system updates and data protection measures
Data Retention
We retain clinical records in line with UK professional guidance:
- Adult records: minimum of 8 years after discharge
Data is securely deleted or destroyed once no longer required.
Your Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Request correction of inaccurate information
- Request deletion of your data (where applicable)
- Restrict or object to processing
- Withdraw consent at any time (where applicable)
- Lodge a complaint with the Information Commissioner's Office (ICO)
Cookies
Our website uses cookies to improve user experience and analyse website performance. You can manage cookie preferences via your browser settings.
Third-Party Links
Our website may include links to external websites. We are not responsible for their content or privacy practices.
Changes to This Policy
We may update this policy from time to time. The latest version will always be available on this page.
Contact Us
If you have any questions about this Privacy Policy or how your data is handled, please contact:
Vast Physio Ltd
You also have the right to contact the Information Commissioner's Office:
0303 123 1113