top of page

Privacy Policy: Project Physio Ltd

This notice explains what personal data (information) we hold about you, how we collect it, and how we use and may share information about you during your relationship with Project Physio Ltd. We are required to notify you of this information under data protection legislation (GDPR). 

Please read this Privacy Policy carefully and ensure that you understand it. We would also encourage you to read any third party privacy policy we highlight in relation to data controlling and processing. This privacy notice supplements these policies and does not override them. Project Physio Limited may update this policy to comply with any change in our practice or relevant legislation. You should check back on this page to ensure that you are happy with any changes. This policy is effective from 16/09/2020. 


If you have any queries about this Privacy Notice, if you are not sure what something means, or if you wish to contact us about the personal information we hold, please email us at:

For further information around how your data is managed please visit the Information Commissioner's Office ( website.

Definition of Terms


‘we’, our’, ‘us’, ‘Company’, ‘organisation’ is a direct reference to Project Physio Limited

‘services’ means health care related services provided by us

‘You’ ‘patient’ or ‘patients’ means people who attend our clinic or intend to use our services

Company Information

Company Name : Project Physio Ltd

Place of Registration : Scotland

Companies House No : 672120

Email address:

ICO Registration Number: ZA788042

Data protection principles

We will comply with the data protection principles when gathering and using personal information, as set out in our Data Protection Policy and where data is collected by third parties that are engaged by ourselves we would direct you to their privacy policies. We do not sell data to any third parties.

Practice Management Software - Cliniko -

Online Payment - Stripe -

Website - Wix -


Exercise Software - Physitrack -

Marketing platform - Mailchimp -

We have verified that all of the above service providers are GDPR compliant.

Who collects the information?

Project Physio Ltd (the ‘Organisation’) is a ‘data controller’ and gathers and uses certain information about you.  Where the Organisation is also a ‘data processor’, we will process information received from third parties about you.

We receive, collect and store any information you enter on our website or provide us in any other way such as the Internet protocol (IP) address or through contact forms. We may use software tools such as Cookies (Google Analytics)  to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, DOB, communications) through our online booking system. Comments, feedback and recommendations left on our social media channels may also be collected and used within our own social media or website to help promote our business. 

Our company website ( is hosted on the platform. provides us with an online platform that allows us to sell our services to you. Your data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall. Wix privacy policy and information around the data they collect can be found here

Our online practice management software is run by Your personal information is imputed when a healthcare professional (the ‘organisation’) records information about a patient (you) or when you personally complete an online form or booking. The cliniko privacy policy and the information they collect can be found here

Our online payment platform is hosted by The information that Stripe collects may include payment method information (such as credit or debit card number, or bank account information), the purchase amount, date of purchase, and payment method. Stripes privacy policy and information around the data they collect can be found here

We use a third-party provider, MailChimp, to deliver our email marketing newsletter. Mailchimp is integrated into our practice management software Cliniko. When booking an appointment through our online booking systems personal information such as your name, email address, address, or telephone number will be transferred securely to a distribution list. We gather statistics around email opening and clicks using industry-standard technologies to help us monitor and improve our e-newsletter. For more information, please see Mailchimp's privacy policy

Our rehabilitation software is provided by Physitrack who are integrated with cliniko. How Physitrack complies with GDPR and for information around the type of data it collects please read the following Physitracks full privacy policy can be found here

We have verified that all of the above service providers are GDPR compliant. 

About the information we collect and hold

The schedule set out in the following section summarises the information we collect and hold, how and why we do so, how we use it and with whom it may be shared.

We may need to share some of the categories of personal information set out below with other parties, such as your GP, surgeon, other health professionals or clinics including their administrative staff, parent or legal guardian in the case of a minor or legal experts, when required to do so by law. This would require us to have your written consent prior to us releasing any data we hold on you. The recipient of the information will be bound by confidentiality obligations.

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to the information we collect or to the purposes for which we collect and process it. You will be provided with the opportunity to consent to the ‘organisations’ privacy policy when booking online. 

You will need to give us permission to email you to provide you with news, special offers and general information about other services we offer that are like those that you have already purchased or enquired about. If you have opted-in to marketing emails then you will continue to receive these, until any such time you click the "unsubscribe" link at the bottom of our marketing messages.

You can also unsubscribe at any time by emailing us on however please note that some communications (such as service messages, account notifications, billing information) are considered transactional and necessary for account management.

Schedule relating to the information we collect and hold


Where information may be held

Your data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall. More information can be found here

Our chosen rehabilitation software Physitrack takes appropriate technical and organizational measures to protect your (personal) data against loss or any form of unlawful use. Because of the medical nature of some of the personal data, Physitrack has incorporated a very high level of security. More information can be found here


Information around the data security for our marketing platform Mailchimp can be found here

Cliniko Data is encrypted, stored in state-of-the-art facilities, access is restricted to those who have a need to know, and they regularly review their technology to maintain security. 

How long we keep your information

By law we have to keep basic information about our customers in order to maintain accurate physiotherapy record. If you are over age 18 we legally have to keep your records for a period of 8 years. If you are under the age of 18, we are required to keep your records until your 25thBirthday (or 26thBirthday if you are aged 17).

In some circumstances, you can ask us to delete your data if beyond the legally required timescales outlined above.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Any personal information that is used for marketing purposes, that has been provided using explicit consent, will be erased in accordance with your rights if requested.


A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

All Cookies used by and on our site are used in accordance with current Cookie Law.

Certain features of Our Site depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”. Your consent will not be sought to place these Cookies however you can adjust your internet browsers settings to disable all cookies. This may however affect how certain aspects of our site work.

Our website and online booking system use first-party cookies provided by Google Analytics. All information around these can be found here

Your rights to correct and access your information and to ask for it to be erased


Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

Your right to lawful consent - you have the right to state your consent to our privacy policy

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

For further information around your rights please refer to 

Please contact us at or call on 07842 881 349


Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. Each employee has their own personal login and password and where possible 2 factor authentication is used for extra security.  

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

The ‘organization’ has signed and agreed to a Data Processing Addendum (DPA) which includes Standard Contractual Clauses (also known as "Model Clauses"). These are an approved set of provisions which offer sufficient safeguards and protection for data that's processed outside of the EU/EEA. A copy of the DPA can be provided on request. 

How to complain

We hope that we may resolve any query or concern you raise about our use of your information and we can be contacted at If not, contact the Information Commissioner at or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane




bottom of page