Privacy Policy & GDPR Statement

Effective Date: April 2026

The Data Controller

The Data controller is Mr Prince John Adesuyi Enitan Haastrup (Physiotherapist) trading as PH Sports Rehab:

Privacy Policy

GDPR is bringing in new legal protection for personal information from the 25th May 2018. This Privacy Policy sets out how PH Sports Rehab uses and protects the information that you give to us when you register as a patient. PH Sports Rehab is committed to protecting and respecting your privacy and complying with the principles of the GDPR. We fully respect the confidentiality of the information that you may share with us.

The purpose of processing your information

We aim to process information about you in a secure and transparent way that enables us to carry out our job of assessing and managing you, whilst holding your data in a way that you can understand and complies to current legislation. When you register as a client at PH Sport Rehab we will ask you for some basic personal data including name, address, date of birth, contact details and medical information both relevant to the condition you have been referred for/have referred yourself for and any other medical information about your general health. This will help us to assess your condition and manage you in the most appropriate way that suits your individual needs. We may also use your information to promote our services and to support and manage our staff.

The Lawful basis for processing your information

At pH Sports Rehab and as members of The Health and Care Professions Council (HCPC) and the Chartered Society of Physiotherapy (CSP) we abide by the HCPC and CSP’s practice and ethics. The Lawful basis under which we hold and use your information is our legitimate interests; our requirement to retain the information to provide you with the best possible assessment and management of your condition. As we hold special category data known as “health related information”, the additional condition under which we hold and use this information; for us to fulfil our role as Physiotherapist in line with the HCPC’s Standards of conduct, performance and ethics and the CSP’s Code of Members' Professional Values and Behaviour.

What information we hold and what we do with it

The information we hold includes your:

Personal and contact details.
Medical history and other health-related information; including physical and mental health, family, lifestyle, social, employment and education details.
Treatment details and related notes.

We might use your information in the following ways:

For our own record keeping.
To provide you with the highest levels of care, treatment and customer service.
As a patient, we may need to contact you by email, phone or through the post. Our primary means of contact is email. We may forward appointment reminders to you and may need to liaise about payment matters.
From time to time we may send you an email with news about our clinics: the range of services we offer, clinic promotions and news and articles of interest to you.
To improve our services offered to you.

The information you provide us with is held in strict confidence. We will NOT sell, distribute or disclose your information to third parties unless we have your permission or are required to do so by law or by following best medical practice.

How we store your information

Your information is stored securely using a combination of password‑protected, encrypted computers, secure cloud‑based practice management software (WriteUp), and internal paper records/patient files. WriteUp is used to manage patient records, appointment scheduling, and clinical notes, and complies with UK GDPR requirements. This information allows us to provide you with health services, to manage your records and appointments, and to correspond (if applicable and consent given) with your referring consultant, insurer, or case management company to process your claim, where appropriate.

Retention period for your information

Your patient file information is held for a minimum of 8 years (as required by The Data Protection Act). All financial records are retained for a minimum of 7 years.

Security

The protection of your personal information is extremely important to us, we are committed to ensuring that your information is secure, and we strive to protect your personal information using means reasonably required by us to do so. We have physical, electronic and managerial procedures to secure the information that you supply us with. As no form of data storage and transmission is 100% reliable, we cannot guarantee its absolute security. Therefore, we make no warranties as to the level of security afforded to your data. We will, however, always aim to act in accordance with the relevant legislation. We will not share your information with anyone other than the professionals (NHS/private referrers) and intermediaries, (insurer, solicitor, employer or other party) that you have given us permission to share your information with. Your data will not be transferred outside the EU without your consent.

Your Rights

GDPR gives you the following rights:

The right to be informed: To know how your information will be held and used (this notice).
The right of access: To see your therapist’s records of your personal information, so you know what is held about you and can verify it.
The right to rectification: To tell your therapist to make changes to your personal information if it is incorrect or incomplete.
The right to erasure (also called “the right to be forgotten”): For you to request your therapist to erase any information they hold about you
The right to restrict processing of personal data: You have the right to request limits on how your therapist uses your personal information
The right to data portability: Under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
The right to object: To be able to tell your therapist you don’t want them to use certain parts of your information, or only to use it for certain purposes.
The right to lodge a complaint with the Information Commissioner’s Office: To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.
Full details of your rights can be found at ICO Individual Rights Guide.
If you wish to exercise any of these rights or you would like to find out more about your rights, please use the contact details given above.
If you are dissatisfied with the response you can complain to the Information Commissioner’s Office; their contact details are at:ICO Website.

Therapist’s rights

Please note:

If you do not agree to us keeping records of information about you and your treatments, or if you do not allow us to use the information in the way we need to for treatments, we may not be able to treat you.
We must keep your records of treatment for a certain period as described above, which may mean that even if you ask us to erase any details about you, we might have to keep these details until after that period has passed.
We can move your records between our computers and IT systems, as long as your details are protected from being seen by others without your permission.
Changes to Privacy Policy We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

Further information

For further information regarding our personal data processing please see our data protection register entry details on the Information Commissioner’s Office website at ICO website.