Lightjoints Physio Logo
Contact Us

GDPR Privacy Policy

Privacy Notice & GDPR Policy

Light Joints Physiotherapy

1. Introduction

Confidentiality and lawful handling of personal data are fundamental to the operation of Light Joints Physiotherapy.

This Privacy Notice explains:

  • What personal data we collect

  • How and why we process your data

  • The legal basis for processing

  • How data is stored and protected

  • With whom data may be shared

  • How long data is retained

  • Your rights under UK GDPR and the Data Protection Act 2018

By using our services or website, you acknowledge and agree that your personal data will be processed in accordance with this Privacy Notice.


2. Data Controller

Data Controller:
Light Joints Physiotherapy
Company Registration Number: 15563331

Contact details:
Telephone: 0113 873 0766
Email: [email protected]
Address: Suite 1 (Inside Jetts Fitness), 5b Stile Hill Way, Colton, Leeds, LS15 9JB

If you have concerns about how your data is handled, you may contact us directly.

If you remain dissatisfied, you have the right to complain to:

Information Commissioner’s Office (ICO)
Website: www.ico.org.uk


3. Scope of This Privacy Notice

This policy applies to:

  • Patients receiving treatment

  • Website users

  • Enquirers and prospective patients

  • Contractors and third parties

  • Individuals who interact with our services

It covers personal data collected through:

  • Website forms

  • Telephone enquiries

  • Email communication

  • Paper documentation

  • Clinical consultations

  • Third-party referrals

  • Patient management systems


4. Legal Basis for Processing Personal Data

We process personal data under the following lawful bases:

  • Contractual necessity – To provide clinical treatment and services

  • Legal obligation – To comply with statutory requirements (e.g. record retention)

  • Legitimate interests – For business administration and service improvement

  • Explicit consent – Where required for sharing information or marketing

  • Vital interests – In emergency situations

  • Health care provision – Processing necessary for provision of healthcare under UK GDPR Article 9(2)(h)

Special category data (e.g. health, ethnicity, religion) is processed strictly for clinical and regulatory purposes.


5. Information We Collect

We may collect the following categories of personal data:

Personal Identification Data

  • Name

  • Date of birth

  • Address

  • Telephone number

  • Email address

  • Online identifiers

Clinical & Health Data

  • Physical and mental health information

  • Medical history

  • Treatment notes

  • NHS number (where applicable)

  • GP details

  • Referral information

  • Emergency contact information

Administrative & Financial Data

  • Payment details

  • Insurance information

  • Billing records

Sensitive Personal Data

Where relevant to clinical care:

  • Ethnicity

  • Religion

  • Marital status

  • Nationality

  • Immigration status

Such data is processed only where necessary for care provision or legal compliance.


6. How We Use Your Data

We use personal data to:

  • Provide assessment, diagnosis, and treatment

  • Maintain accurate clinical records

  • Process payments and insurance claims

  • Communicate treatment plans and updates

  • Coordinate care with other healthcare professionals (with consent)

  • Improve service quality

  • Respond to enquiries

  • Comply with legal and regulatory obligations

You cannot opt out of communications directly related to your treatment or legal obligations.


7. Data Storage & Security

We implement appropriate technical and organisational measures to protect personal data.

Record Storage

Paper Records

  • Stored in locked filing cabinets

  • Access restricted to authorised personnel

  • Offices secured and alarmed outside working hours

Electronic Records

  • Stored in a secure, GDPR-compliant patient management system

  • Password-protected access

  • Multi-factor authentication where available

  • Regular password updates

  • Access restricted by role-based permissions

Office Systems

  • Password protected computers

  • Firewall protection

  • Encrypted backups

  • Regular system updates

Although we implement robust safeguards, no system can guarantee absolute security.

If you suspect a data breach, please notify us immediately.


8. Data Sharing & Disclosure

We do not sell personal data.

We may share data with third parties where necessary for:

  • Clinical referral

  • Insurance processing

  • Laboratory or diagnostic services

  • Safeguarding concerns

  • Legal obligations

  • IT hosting providers

All third parties processing data on our behalf are bound by written data processing agreements and confidentiality obligations.

Routine Access To Data

Access may be granted to:

  • Your treating practitioner

  • Authorised administrative staff

  • Approved patient management system providers

  • Insurance providers (where applicable)

Where consultants or contractors access data, they are required to sign confidentiality agreements.

We obtain consent before sharing information with external healthcare professionals unless legal obligations require disclosure.


9. International Data Transfers

Your data is primarily stored within the United Kingdom.

In limited circumstances, data may be transferred outside the UK or European Economic Area where:

  • Our service providers host data infrastructure abroad

  • Technical support requires remote access

Where transfers occur, appropriate safeguards are implemented in accordance with UK GDPR requirements.

By using our services, you acknowledge that such transfers may occur where necessary.


10. Data Retention

We retain personal data only for as long as necessary to fulfil legal and clinical obligations.

Clinical Records

We retain treatment records for a minimum of eight years from the date of last treatment.

Contact Records

Contact information may be retained for continuity of care purposes. You may request deletion once legal retention obligations have expired.

Uncompleted Assessments

Where a free assessment is undertaken but no treatment follows, records may be deleted periodically in line with retention schedules.

Retention periods are reviewed regularly to ensure compliance.


11. Your Data Protection Rights

Under UK GDPR, you have the following rights:

  • Right to be informed – About how your data is used

  • Right of access – Request copies of your data

  • Right to rectification – Correct inaccurate data

  • Right to erasure – Request deletion (subject to legal retention requirements)

  • Right to restrict processing – In limited circumstances

  • Right to data portability – Request transfer of data

  • Right to object – Object to certain types of processing

  • Rights related to automated decision-making – Where applicable

We will respond to valid requests within 30 days, or within two months for complex requests.

Requests should be submitted in writing to the Data Controller.


12. Complaints

If you are not satisfied with our response regarding data protection matters, you may escalate your complaint to:

Information Commissioner’s Office (ICO)
Website: www.ico.org.uk


13. Cookies

Our website uses cookies to improve functionality and user experience.

Full details of cookie usage are outlined in our separate Cookie Policy.


14. Policy Review

This Privacy Notice is reviewed periodically and updated where required to reflect:

  • Changes in legislation

  • Regulatory guidance

  • Operational updates

  • Service expansion

Last Updated: 06/03/2026

LIGHT JOINTS PHYSIOTHERAPY

Our Clinics

Services

Contact Us

Call Today
Lightjoints Physiotherapy
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.