top of page

Privacy Policy

Privacy Policy

Effective Date: 01/01/2024

MCR Physiotherapy (formerly Physio & Soft Tissue Therapy MCR) is committed to safeguarding the privacy and security of your personal data. This Privacy Policy explains how we collect, use, share, and protect your information in accordance with the General Data Protection Regulation (GDPR), UK Data Protection Act 2018, and other applicable privacy laws.

By using our services or interacting with us, you agree to the terms outlined in this Privacy Policy.

1. Data Collection

We collect personal data directly from you and through interactions with our website or other communications. The types of data collected include:

a. Personal Identifiable Information (PII):

  • Full name, date of birth, and gender.

  • Contact details: email address, phone number, and home address.

b. Medical Information:

  • Medical history, details of injuries or conditions, and related documentation.

  • Information regarding treatment plans, appointment history, and healthcare notes.

c. Technical Data:

  • IP address, browser type, and device information collected during website visits.

  • Cookies and analytics data to understand user behavior on our website.

d. Financial Data:

  • Billing information, including payment card details and transaction history.

e. Communication Data:

  • Emails, texts, or other correspondence sent to or received from us.

We may also collect additional information necessary to fulfill legal or regulatory requirements.

2. Data Usage

Your data is used for the following purposes:

a. Service Provision:

  • To provide physiotherapy assessments, treatments, and care plans tailored to your needs.

  • To schedule and manage appointments.

b. Communication:

  • To send appointment reminders, updates on services, and responses to your inquiries.

  • To inform you of changes to our policies or terms of service.

c. Website Functionality and Improvement:

  • To monitor website usage patterns and improve user experience.

  • To troubleshoot technical issues and secure our online services.

d. Marketing and Promotions:

  • To send promotional offers, newsletters, or service updates with your explicit consent.

  • To conduct surveys or feedback requests to improve our services.

e. Legal and Regulatory Compliance:

  • To comply with applicable laws, regulations, or professional obligations, such as maintaining accurate medical records.

3. Data Sharing

We do not sell or rent your personal data. However, we may share your information in specific situations:

a. Service Providers:

  • Third-party processors: IT support, email services, payment processors, and practice management software providers may process your data on our behalf. These entities are required to protect your data and use it only for the intended purpose.

b. Legal Obligations:

  • We may disclose your data when required by law, such as in response to court orders, regulatory audits, or legal claims.

c. Healthcare Professionals:

  • With your consent, we may share relevant medical information with other healthcare providers, such as doctors, specialists, or insurers involved in your care.

d. Business Transfers:

  • In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner, subject to confidentiality obligations.

4. Data Retention and Security

a. Retention Period:

We retain your data for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal and regulatory obligations. Specific retention periods include:

  • Medical records: Retained for a minimum of 8 years following the conclusion of treatment, as required by healthcare regulations.

  • Financial records: Retained for at least 6 years for accounting and tax purposes.

b. Security Measures:

We implement robust technical and organizational measures to protect your data, including:

  • Encryption: Secure storage and transmission of sensitive information.

  • Access Control: Restricting access to personal data to authorized personnel only.

  • Regular Audits: Conducting regular assessments of security practices and system vulnerabilities.

Despite our best efforts, no system can be completely secure. If a data breach occurs, we will notify affected individuals and relevant authorities promptly as required by law.

5. Compliance with Data Protection Laws

We adhere to all applicable data protection laws, including:

  • The General Data Protection Regulation (GDPR), ensuring lawful, fair, and transparent data processing.

  • The UK Data Protection Act 2018, governs the handling of personal data within the UK.

6. User Rights

As a data subject, you have the following rights under GDPR and applicable laws:

a. Right of Access:

  • You can request details of the personal data we hold about you and obtain a copy of it.

b. Right to Rectification:

  • If your information is inaccurate or incomplete, you may request corrections.

c. Right to Erasure (Right to be Forgotten):

  • You can request the deletion of your data, subject to legal obligations.

d. Right to Restrict Processing:

  • You may request the temporary suspension of data processing under certain conditions.

e. Right to Data Portability:

  • You can request your data in a structured, commonly used, and machine-readable format to transfer to another service provider.

f. Right to Object:

  • You can object to the processing of your data for direct marketing or other specific purposes.

g. Right to Withdraw Consent:

  • Where processing relies on your consent, you may withdraw it at any time.

To exercise your rights, please contact us at:
[mcrphysiotherapy@gmail.com]

7. Use of Cookies and Tracking Technologies

We use cookies and other tracking technologies to enhance your experience on our website. You can manage your cookie preferences through your browser settings. 

8. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of these sites and encourage you to review their policies before sharing your data.

9. Changes to Privacy Policy

We reserve the right to modify this policy to reflect changes in our practices, legal requirements, or other circumstances. Any updates will be posted on our website with the effective date clearly indicated. We encourage you to review this policy periodically.

10. Contact Information

For questions, concerns, or to exercise your data rights, please contact:

By using our services or providing your information, you acknowledge that you have read and understood this Privacy Policy and consent to the practices described herein.

MCR Physiotherapy
Your health, our priority.

bottom of page