top of page

Data Management Policy and Privacy Notice

About our Privacy Notice

InTouch Physiotherapy Services ltd is committed to protecting your privacy and legal rights when dealing with your personal information. This Privacy Notice intends to provide clear and understandable details about the information we collect about you (or anyone you have provided us with information about, e.g. your child), how we use and protect it. It also provides information about your rights that relate to the data we process.

If you have any queries about this Privacy Notice, if you are not sure what something means, or if you wish to contact us about personal information we hold, please email us at:

InTouch Physiotherapy Limited is registered with the Information Commissioners Office, registration number ZA515986.

Why we collect information about you

The physiotherapist caring for you is legally required to keep records about your care and treatment ensuring you receive the best possible care. The information can include:

  • Basic details about you, such as name, address, gender, email address, telephone number and date of birth

  • Details of contacts we have had with you, such as clinic visits, communications, accounts

  • Notes and reports about your care and treatment

  • Images taken to document your progress or assist in your treatment delivery

How your records are used 

Your records are used to guide and administer the care you receive. They ensure that:

  • The professionals involved have accurate and up-to-date information on your needs and future care requirements

  • There is a good basis for assessing the quality of care you receive

  • We can work effectively with others providing you with care

  • Your concerns can be properly investigated, should you need to complain

Your information may also be used anonymously (by removing any details that could identify you) to help us:

  • Review and monitor the overall quality of care we provide, to make sure it is of the highest standard

  • Make sure that our services are meeting patient’s needs

  • Training and education

InTouch Physiotherapy will only use data provided by our patients and clients for professional purposes, all data we hold is protected in line with General Data Protection Regulation (GDPR). All data we obtain is processed fairly and lawfully for specific purpose. Patient or clients personal information is never disclosed to third parties, unless the patient or client has given explicit consent or where we are legally obliged.


How your records are stored:

Your healthcare records and personal details are retained in electronic format, stored within software that uses cloud-based storage. 



  • Images will be taken using electronic devices provided specifically for the purpose of work (ie not personal use mobiles / tablets).

  • Images taken for the purpose of demonstrating something within a clinical appointment will be deleted immediately.

  • Images take as part of treatment monitoring or that form part of your exercise prescription may be shared with your personal mobile with your consent before being saved to your healthcare record and deleted from the device.


Website and Cookies

We collect Non-personal and Personal Information through the website for the following purposes:

1.       To provide and operate the Services;

2.       To provide our Users with ongoing customer assistance and technical support;

3.       To be able to contact our Visitors and Users with general or personalized service-related notices and promotional messages;

4.       To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services;

5.       To comply with any applicable laws and regulations.


Our company is hosted on the platform. provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall. 


We receive, collect and store any information you enter on our website, in addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.


The following links explain how to access cookie settings in various browsers:

To opt out of being tracked by Google Analytics across all websites, visit this link:


Your confidentiality

The confidentiality of your health records is protected by law. Your records are stored securely, password protected and only authorised people are able to access them.

All reasonable steps will be taken to protect the confidentiality and security of your personal information, and to keep personal information accurate and, where necessary, up to date.

InTouch Physiotherapy will take all reasonable steps to ensure data is only retained for the duration of the purpose for which it was obtained. Where requested, InTouch Physiotherapy will take the required steps to amend, restrict or delete personal information from current operational systems where it is no longer required. InTouch Physiotherapy can rectify records if there is valid reason. In some cases InTouch Physiotherapy may be required to hold some details about you after your treatment with us has ended, for example for legal audit and regulatory purposes relating to health care.


Disclosure of your personal data

In the usual course of our business we may disclose your personal data (only to the extent necessary) to relevant third party organisations that we use to support the delivery of our services. This may include the following:

  • business partners, suppliers and sub-contractors for the performance of any contract we enter into with you,

  • organisations providing IT systems support and hosting in relation to the IT systems on which your information is stored,

  • delivery companies for the purposes of transportation,

  • third party service providers for the purposes of storage of information and confidential destruction, third party marketing companies for the purpose of sending marketing emails relating to InTouch Physiotherapy business activity only and subject to obtaining appropriate consent.


Where a third party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.

Your Data Protection Rights under the GDPR:

In accordance with GDPR law you have the right to:

•   Access any of the information that we collect plus any other content that forms part of your patient record, including notes and expect to be able to read them and understand what they mean without expert medical knowledge

•   Know if your personal information has been forwarded to a third-party (such as a fellow healthcare professional, consultant or GP)

•   Have any invalid information about you corrected

•   Have your personal data deleted by us if you decide to switch to another physiotherapy provider

•   Prevent further use (or processing) of your information

•   Ask your physiotherapist to send you (or your new physiotherapist) your personal information in an open electronic format like a .csv file or text file

•   Request that your physiotherapist stops sending you any marketing information

•   Ensure that any profiling that is undertaken using your personal data is fair, appropriate, statistically valid and transparent

•   Expect your physiotherapist to take appropriate measures to protect your data

•   Be notified if critical information about you has been inappropriately accessed and is deemed to be a critical breach

•   Not to have your personal information transferred outside of the EU

•   Know how your personal information is being used by your physiotherapist


In the event of a data breach

We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control including the control of our data processors, has been compromised. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report any relevant breaches to the Information Commissioner’s Office.

Access to your own health records

Under the Freedom of Information Act and GDPR regulation, you have the legal right to obtain the information that InTouch Physiotherapy holds about you. 

To access your own health care records, requests should be made to us in writing to:


InTouch Physiotherapy

43 The Rise,



NE20 9LH


Or via email:

For further information please ask.   


Further Information

InTouch Physiotherapy may occasionally contact you with information regarding the clinic, such as new services we offer, but InTouch Physiotherapy will never provide your details to a third party marketing company and all reasonable steps to ensure that any data held is adequate, relevant and not excessive for the purpose for which it is intended.


If at any time you would like to know more about how we use your information and how we maintain your confidentiality, amend, access or correct your data or would like us to no longer process your data please contact us at: or send a letter to: Joanne Greenhalgh, InTouch Physiotherapy, 43 The Rise, NE20 9LH


We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.


Last updated July 2023

bottom of page