Privacy Policy

Last Updated: 26/10/2025

At Physio From Home, we are committed to protecting the privacy and security of your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website (www.physiofromhome.com), or our online physiotherapy and ergonomic assessment services provided to organisations and their employees in the United Kingdom. By using our Services, you agree to the practices described in this Privacy Policy.

1. Who We Are
Physio From Home is an online physiotherapy that partners with small and large organisations to provide remote physiotherapy consultations and ergonomic assessments. We are the data controller responsible for the personal data collected through our Services, unless otherwise stated.
Contact Details:
– Email: admin@physiofromhome.com

2. Personal Data We Collect
We collect and process the following categories of personal data:
– Identity and Contact Data: Name, email address, phone number, job title, and organisation details.
– Health Data: Medical history, symptoms, treatment plans, and other health-related information provided directly by you via pre-appointment forms or during virtual sessions.
– Usage Data: Information about how you use our Website and Services, such as session bookings, IP addresses, device information, and browsing activity.
– Billing Data: Payment details (e.g., billing address, bank details, or payment processor information) for organisations entering annual contracts.
– Communication Data: Correspondence with us, including emails, support requests, or feedback.
We collect data directly from you (e.g., via pre-appointment forms or during sessions), from your organisation, or automatically via cookies and analytics tools (see Section 8). We do not collect health data from other organisations, such as the NHS, unless explicitly authorised by you for referral purposes.

3. How We Use Your Personal Data
We process personal data for the following purposes, based on the lawful bases outlined under UK GDPR:
– To provide and manage Services (e.g., scheduling physiotherapy sessions, conducting ergonomic assessments).
– To process payments and manage annual contracts.
– To communicate with you (e.g., confirm bookings, respond to inquiries).
– To share health data with the NHS or private medical insurance providers for referrals (e.g., for scans or investigations).
– To improve our Services (e.g., analyse usage patterns, enhance user experience).
– To comply with legal obligations (e.g., record-keeping, safeguarding).
– To send marketing communications (e.g. updates about new Services, with your consent).
– Special Category Data: Health data is processed only with your **explicit consent** or where necessary to protect your vital interests (e.g., in a medical emergency).

4. How We Collect Your Personal Data
We collect personal data:
– Directly: From you via pre-appointment forms, during virtual sessions, or when you contact us.
– From Organisations: When your employer provides employee details (e.g., contact information) as part of our B2B agreement.
– Automatically: Through cookies, analytics tools, or server logs when you interact with our Website (see Section 8).
– Third Parties: From secure platforms used for virtual sessions (e.g., video conferencing providers) or payment processors, subject to data protection agreements.

5. Sharing Your Personal Data
We may share personal data with:
– Service Providers: Third-party providers (e.g., video conferencing platforms, payment processors, or cloud storage providers) who assist in delivering our Services, all of whom are bound by UK GDPR-compliant data processing agreements.
– NHS or Private Medical Insurance Providers: With your explicit consent, we may share health data to request further scans or investigations (e.g., via referral letters).
– Professional Advisors: Lawyers, accountants, or auditors, where necessary for legal or compliance purposes.
– Regulators and Authorities: When required by law (e.g., HMRC, Information Commissioner’s Office, or safeguarding authorities).
– Within Your Organisation: Limited data (e.g., session attendance) may be shared with your employer to fulfil our contract, as agreed in our terms.
We do not sell or rent your personal data to third parties for marketing purposes.

6. International Data Transfers
If personal data is transferred outside the UK (e.g., to third-party platforms hosted internationally), we ensure compliance with UK GDPR through:
– Adequacy Decisions: Transferring data to countries recognised as having adequate data protection by the UK government.
– Standard Contractual Clauses: Using approved contracts to safeguard data.
– Other Safeguards: Implementing technical measures (e.g., encryption) to protect data during transfer.

7. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
– Encryption of health data during transmission and storage.
– Secure platforms for virtual sessions (e.g., end-to-end encrypted video conferencing).
– Access controls to limit data access to authorised personnel only.
– Regular security audits and staff training on data protection.

8. Cookies and Tracking
Our Website uses cookies and similar technologies to enhance user experience, analyse usage, and improve our Services. Cookies may collect Usage Data (e.g., IP addresses, browsing behaviour). You can manage cookie preferences through your browser settings or our cookie consent tool. For more details, see our Cookie Policy.

9. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy or to comply with legal obligations:
– Health Data: Retained for 7 years after the last session, in line with UK healthcare record-keeping requirements.
– Billing Data: Retained for 6 years to comply with UK tax laws.
– Usage Data: Retained for 2 years for analytics purposes.
– Other Data: Deleted within 12 months after the end of your organisation’s contract, unless otherwise required.

10. Your Data Subject Rights
Under UK GDPR, you (and your employees) have the following rights regarding your personal data:
– Access, rectify, or erase your data.
– Restrict or object to processing.
– Request data portability.
– Withdraw consent for health data processing or sharing.
To exercise these rights, contact us by email at admin@physiofromhome.com. We will respond within one month. You may also lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

11. Third-Party Links
Our Website may contain links to third-party websites or platforms (e.g., video conferencing tools). We are not responsible for their privacy practices. Review their privacy policies before providing personal data.

12. Children’s Privacy
Our Services are not intended for individuals under 16. We do not knowingly collect personal data from children.

13. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our Services or legal requirements. The updated policy will be posted on our Website with the “Last Updated” date.

14. Contact Us
For questions about this Privacy Policy or to exercise your UK GDPR rights, contact us at:
– Email: admin@physiofromhome.com