Privacy Policy

How we collect, use, and protect your personal information

Last updated: March 2025

1. Introduction

This privacy policy explains how Canonbury Clinic of Osteopathy ("we", "us", "our") collects, uses, stores, and protects your personal data when you use this website, contact us, or engage our services. We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are the data controller for the personal information we collect. If you have any questions about this policy or how we handle your data, please contact us using the details below.

2. Data Controller

Canonbury Clinic of Osteopathy
265 Upper Street, Islington, London N1 2UQ
Email: info@canonburyclinic.co.uk

3. What Information We Collect

3.1 Information you provide directly

  • Contact form submissions: Name, email address, phone number (optional), and the content of your message
  • Appointment bookings: Name, contact details, preferred dates and times
  • Patient records: Case history, clinical notes, assessment findings, and any health information you share during consultations. This may be classified as special category data under UK GDPR
  • Payment information: Payment amounts, dates, and method of payment (we do not store card details)

3.2 Information collected automatically

  • Website usage data: Pages visited, time spent on the site, referring website, and browser type. This data is collected via cookies and analytics tools and is anonymised where possible
  • Device information: IP address (anonymised), device type, operating system, and screen resolution

4. How We Use Your Information

We use your personal information for the following purposes:

  • To respond to enquiries submitted through the contact form
  • To schedule and manage appointments
  • To provide osteopathic treatment and maintain appropriate clinical records
  • To process payments for treatments
  • To communicate with you about your appointments (reminders, follow-ups)
  • To comply with legal and regulatory obligations, including those of the General Osteopathic Council
  • To improve this website and the services we offer

5. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Consent: When you submit the contact form or sign up for communications, you consent to us processing your data for those purposes. You can withdraw consent at any time
  • Contract: Processing is necessary to provide the osteopathic treatment you have requested and to manage our professional relationship
  • Legitimate interest: To improve our website and services, and to respond to your enquiries
  • Legal obligation: To comply with professional, legal, and regulatory requirements, including those set by the General Osteopathic Council and HMRC

6. How We Store and Protect Your Data

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it, including:

  • Patient records are stored securely in an encrypted, password-protected system
  • Paper notes (if any) are kept in a locked filing cabinet within the clinic
  • Electronic communications are sent via secure, encrypted channels where possible
  • Access to your data is limited to authorised clinical staff only
  • This website uses SSL/TLS encryption to protect data transmitted through the contact form

7. How Long We Keep Your Data

  • Contact form enquiries: Up to 12 months after your last communication, unless you become a patient
  • Patient records: 8 years after the end of our professional relationship, in line with General Osteopathic Council guidelines and insurance requirements
  • Payment records: 7 years, as required by HMRC
  • Website analytics data: Anonymised data is retained for up to 26 months

8. Sharing Your Data

Your confidentiality is important to us. We will not share your personal information with third parties except in the following limited circumstances:

  • Legal requirement: If required by law or court order
  • Risk of harm: If we believe there is a serious risk of harm to you or another person, we may need to share relevant information with appropriate authorities
  • With your explicit consent: For example, if you ask us to share clinical information with your GP or another healthcare professional
  • Service providers: We use third-party services for website hosting and email. These providers are GDPR-compliant and process data on our behalf under appropriate agreements

9. Cookies

This website uses cookies — small text files stored on your device — to improve your browsing experience and to understand how visitors use the site. For full details, see our Cookie Policy.

10. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of the personal data we hold about you
  • Right to rectification: You can ask us to correct any inaccurate or incomplete data
  • Right to erasure: You can request that we delete your personal data, subject to any legal or professional obligations we have to retain it
  • Right to restrict processing: You can ask us to limit how we use your data
  • Right to data portability: You can request your data in a structured, commonly used format
  • Right to object: You can object to our processing of your data in certain circumstances
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at info@canonburyclinic.co.uk. We will respond to your request within one month.

11. Children’s Privacy

We do not knowingly collect personal information from children under 13 through this website. If we treat young people, we obtain consent from a parent or guardian and handle their data with particular care in accordance with UK GDPR requirements for children’s data.

12. Third-Party Links

This website may contain links to other websites. We are not responsible for the privacy practices of external sites. We encourage you to read the privacy policy of any website you visit.

13. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practice or legal requirements. The “last updated” date at the top of this page indicates when the policy was last revised.

14. Complaints

If you are unhappy with how we have handled your personal data, we would appreciate the opportunity to resolve your concern directly. Please contact us using the details above.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

15. Contact Us

If you have any questions about this privacy policy or wish to exercise your data rights, please contact us:

Canonbury Clinic of Osteopathy
Email: info@canonburyclinic.co.uk
Address: 265 Upper Street, Islington, London N1 2UQ

Made with by Therapy Webgenie