Privacy Notice

This privacy notice explains how Twist and Shout Osteopathic Health Centre (“we”, “us”) collects and uses your personal data when you visit our website, contact us, or attend the clinic. It is written to comply with UK data protection law, including UK GDPR and the Data Protection Act 2018.

Who we are

Twist and Shout Osteopathic Health Centre
32 South Street
Bridport
Dorset
DT6 3NQ
Telephone: 01308 459996

For the purposes of data protection law, we act as the data controller for personal data we collect about patients and enquirers.

What data we collect

We collect and process different types of personal data depending on how you interact with us:

• Website enquiries: your name, contact details (email address and/or phone number), and the information you choose to include in your message.
• Appointment bookings: your name and contact details, appointment type, date and time, and limited administrative notes such as payment status or attendance.
• Clinical records: when you become a patient, we collect medical and health information that is necessary to provide osteopathic or related healthcare. These records are kept separately in accordance with professional and regulatory requirements.
• Technical information: basic information provided by your browser (such as IP address, device type and pages visited). We do not use tracking or marketing cookies.

How we use your data

We use personal data for the following purposes:

• To respond to enquiries and provide information you have requested.
• To arrange and manage appointments at the clinic.
• To provide safe and appropriate osteopathic or related treatment.
• To take and record payments for services where applicable.
• To maintain accurate clinical and administrative records.
• To meet legal, regulatory and professional obligations.

Our legal bases for processing

Under UK GDPR we must have a lawful basis for processing your personal data. We rely on:

• Article 6(1)(b) – Performance of a contract: where processing is necessary in order to provide assessment and treatment, manage appointments, or respond to your request for services.
• Article 6(1)(f) – Legitimate interests: for running and protecting the practice, maintaining records, and responding to enquiries in a proportionate way that does not override your rights.

When we process information about your health, this is “special category” data. We rely on:

• Article 9(2)(h) – Health or social care: processing is necessary for the purposes of preventive or occupational medicine, medical diagnosis, and the provision of health or social care or treatment.

Where we obtain your data

Most of the personal data we hold is provided directly by you, either in person at the clinic, over the phone, or through the website enquiry form. In some cases we may receive information from:

• Your GP or another healthcare professional, with your knowledge and consent.
• Health insurers or other third parties involved in funding your treatment.

Sharing your data

We treat your information as confidential. We only share personal data when necessary and appropriate, including with:

• Other healthcare providers involved in your care, where you have agreed to this or where it is necessary in your vital interests.
• Health insurers or funding bodies where required to process or validate claims, with your consent.
• Professional advisers, regulators or insurers where we are required to do so by law, regulation or professional standards.
• Service providers acting as data processors, such as: email hosting, website hosting, appointment scheduling systems, or payment processors. These organisations are only permitted to use your data in line with our instructions and applicable data protection law.

We do not sell your data and we do not use your information for third-party marketing.

International transfers

Our website is hosted in the UK or EEA wherever possible. Some of our service providers may store or process data outside the UK or EEA. Where this occurs, we take steps to ensure that appropriate safeguards are in place, such as standard contractual clauses or equivalent protections.

How long we keep your data

We keep personal data for no longer than is necessary for the purposes for which it was collected. Retention periods differ depending on the type of record:

• Enquiry data: kept for as long as needed to handle your enquiry and for a short period afterwards to manage any follow-up, then deleted or anonymised.
• Appointment and clinical records: retained in line with professional guidance and legal requirements for healthcare records. These periods can be several years from the date of your last appointment.
• Administrative records (e.g. invoices): retained as required for tax and accounting purposes.

Your rights

Under data protection law you have a number of rights in relation to your personal data, including:

• The right to request access to the data we hold about you.
• The right to request correction of inaccurate or incomplete data.
• The right to request deletion of your data where it is no longer needed or processed unlawfully.
• The right to object to certain types of processing, or to request restriction of processing.
• The right to data portability in certain circumstances.

These rights are subject to limitations, particularly where we are required by law or professional regulation to retain medical records. To exercise any of your rights, please contact us using the details above.

Website, cookies and Google Maps

This website is primarily informational. We do not use analytics, advertising or tracking cookies. Basic server logs are kept for security and maintenance purposes.

The contact section of the website includes an embedded Google Map and a link to open directions. When you view or interact with this content, Google may collect usage data and set cookies in accordance with their own privacy and cookie policies. You can manage your preferences using your browser settings or your Google account.

Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure. Access to systems is restricted to those who need it to carry out their role within the clinic.

Contact and complaints

If you have any questions about this privacy notice or how we handle your data, please contact the clinic using the details above.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are unhappy with how we handle your personal data. Further information is available at www.ico.org.uk.

Changes to this notice

We may update this privacy notice from time to time to reflect changes in the way we process personal data or to comply with legal requirements. The latest version will always be available on this page.

← Back to the website