IDD Therapy Osteopathy Sports Therapy Shockwave Therapy Testimonials About

Privacy Notice

Last updated: November 11, 2025

1. Who We Are

Wealden Osteopaths & Spine Centre is the data controller for the personal data you provide.

Contact details:

Wealden Osteopaths & Spine Centre
7 Flimwell Park, Hawkhurst Road
Flimwell, East Sussex
TN5 7FJ
Email: [email protected]

If you have any questions about this Privacy Notice or how we use your data, please contact us using the details above.

2. Information We Collect

We collect and process personal data to provide safe, effective care and operate our website (wealdenspineandjointcare.co.uk). The data we collect may include:

  • Information you provide via our website: name, email address, phone number, and any details you include in a contact form or enquiry.
  • Automatically collected data: when you visit our website, we may collect data such as your IP address, browser type, operating system, referring website, pages visited, and time spent on the site. This is collected via cookies and analytics tools (see section 6).
  • Clinical data (in-clinic only): if you become a patient, we will collect and store additional data including your date of birth, medical history, treatment notes and any other information necessary to provide healthcare services. This information is collected directly from you during your consultation and is **not** collected via our website.

3. How We Use Your Data

We use your personal information only where we have a lawful basis to do so under UK data protection laws. This may include:

  • Performance of a contract: to book and provide appointments, communicate with you, and deliver clinical care.
  • Legal obligations: to comply with healthcare regulations, clinical record-keeping requirements, and tax or accounting obligations.
  • Legitimate interests: to operate and improve our website, respond to enquiries, and ensure the security of our systems.

We will never sell or rent your data and will not use it for marketing purposes.

4. How We Share Your Data

We will only share your information where it is necessary and lawful to do so, including:

  • With our clinical record system: We use Cliniko to securely manage appointment scheduling, patient records, and treatment notes.
  • With service providers: such as website hosting and IT support, who help us operate our business. These providers act only on our instructions and are bound by strict confidentiality and data protection obligations.
  • With regulatory authorities or legal bodies: if required by law or to comply with legal obligations.
  • In exceptional circumstances: such as protecting the safety of you or others.

International transfers: We do not transfer your data outside the UK or EEA unless adequate safeguards are in place (for example, UK/EU-approved standard contractual clauses).

5. Data Retention

We retain your data only for as long as necessary for the purposes for which it was collected and to meet our legal and regulatory requirements.

  • Enquiry data: kept for up to 12 months if no appointment is booked.
  • Clinical records: retained for a minimum of 8 years after your last appointment (or until a child patient turns 25, whichever is later), in line with professional guidelines.

6. Cookies and Analytics

Our website uses cookies and Google Analytics to understand how visitors use our site and to improve functionality. These cookies may collect non-personal data such as:

  • IP address
  • Browser type
  • Pages visited and time spent

You can disable cookies in your browser settings at any time. Disabling cookies will not affect your ability to use most features of our site, but some functions may operate less effectively.

7. Your Rights

Under the UK GDPR, you have rights over your personal data. These include:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure: to request deletion of your data where there is no legal basis for us to retain it.
  • Right to restrict or object: to certain types of processing.
  • Right to data portability: to receive your data in a structured, machine-readable format.
  • Right to withdraw consent: where processing is based on consent (though we do not rely on consent for most processing activities).

To exercise any of these rights, please contact us at [email protected]. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk if you are unhappy with how we process your data.

8. Security of Your Information

We take data security seriously and use appropriate technical, administrative, and physical safeguards to protect your personal information from unauthorised access, alteration, disclosure, or destruction. Access to clinical records is restricted to qualified practitioners and authorised staff.

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. By submitting your data, you acknowledge and accept this risk.

9. Changes to This Notice

We may update this Privacy Notice from time to time. When we do, we will revise the “Last updated” date at the top of this page. We encourage you to review this page periodically to stay informed about how we protect your information.