Privacy Policy

Zenith Osteopathy + Wellness

This privacy notice tells you what to expect us to do with your personal information

Scope

This privacy notice (sometimes referred to as a privacy policy or privacy statement) concerns personal data, which is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.

The UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR), seek to protect and enhance the rights of UK data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and its storage within the UK.

Zenith Osteopathy + Wellness Contact details

Telephone: 07882217609

Email: info@zenithosteopathywellness.co.uk

What information we collect, use, and why

For the purposes of providing our services we may require detailed medical information. We will only collect what is relevant and necessary for your treatment. When you visit our practices, we will make notes which may include details concerning your health, medication, treatment and other issues affecting your musculoskeletal conditions. This data is always held securely, is not shared with anyone not involved in your treatment, although for data storage purposes it may be handled by pre-vetted staff who have all signed an integrity and confidentiality agreement. To be able to process your personal data it is a condition of any treatment that you give your explicit consent to allow us to document and process your personal medical data. Contact details provided by you such as telephone numbers, email addresses, postal addresses may be used to remind you of future appointments, provide reports or other information concerning your treatment.

We will not disclose your Personal Information unless compelled to, in order to meet legal obligations, regulations or valid governmental requests.

We collect or use the following information to provide services and goods:

Names and contact details
Addresses
Date of birth
Purchase or account history
Health information (including dietary requirements, allergies and health conditions)
Website user information (including user journeys and cookie tracking)
Records of meetings and decisions
Information relating to compliments or complaints

We also collect or use the following information to provide services and goods:

Health information

We collect or use the following information for service updates or marketing purposes:

Names and contact details
Addresses
Marketing preferences
Location data
Website and app user journey information
Records of consent, where appropriate

We collect or use the following information to comply with legal requirements:

Name
Contact information
Financial transaction information
Health information

Lawful bases

We process your data in accordance with Article 6 of the UK GDPR under the lawful basis of;

(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

We recognise that some of your data falls under the ‘special category data’ and we process this data in accordance with Article 9 of the UK GDPR specifically’

(a) Explicit consent

(h) Health or social care (in accordance with Part 1 of Schedule 1 of the DPA 2018)

Our lawful bases for collecting or using personal information to provide services and goods are:

Consent
Legal obligation
Legitimate interest

We store personal information and health record notes in order to provide you with health services including but not limited to Osteopathy, Mindfulness, Coaching and Massage services.

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

Consent

Our lawful bases for collecting or using personal information for legal requirements are:

Consent
Legal obligation

Where we get personal information from

People directly
Health care providers
Insurance companies

How long we keep your information

Children and young people:

England, Wales, and Northern Ireland

Retain until the patient’s 25th birthday or 26th if young person was 17 at conclusion of treatment, or 8 years after death.

Scotland

Until the patient’s 25th birthday, or 26th if an entry was made when the young person was 17; or 3 years after death of the patient if sooner.

All other records:

England, Wales, and Northern Ireland

8 years after the conclusion of treatment or death.

Scotland

6 years after last entry, or 3 years after the patient’s death.

Who we share information with

Data processors

Cliniko: This data processor does the following activities for us: Cliniko is the clinic management system used by Zenith Osteopathy + Wellness and is used to store all personal patient data and medical records. Cliniko also sends out patient confirmation information and reminders on our behalf.

Your data protection rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal data.

Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.

You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

To access what personal data is held, identification will be required. We will accept the following forms of identification (ID) when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required.

Website users

Personal identification information:

We may collect personal identification information from users in a variety of ways, including, but not limited to, when users visit our site, fill out a form, and in connection with other activities, services, features or resources we make available on our site.

When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, phone number or other details to help you with your experience. Users may, however, visit our site anonymously. We will collect personal identification information from users only if they voluntarily submit such information to us.

Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain site related activities.

We use this information to follow up with a user after correspondence.

We may also collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our site, such as the operating system and the internet service providers utilized and other similar information.

Our website is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.

All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

Web browser cookies

Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

How we use collected information

The site may collect and use users personal information for the following purposes:

To improve customer service. Information you provide helps us respond to your customer service requests and support needs more efficiently.
To send periodic emails. We may use the email address to respond to user enquiries, questions, and/or other requests.

How we protect your information

To protect this information the site is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.

In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.

Sharing your personal information

We do not sell, trade, or rent users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.

We have implemented the following:

We, along with third-party vendors such as Google use cookies (such as the Google Analytics cookies) to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.

Opting out: Users can set preferences for how Google advertises to you using the Google Ad Settings page.

Alternatively, you can opt out by visiting the Network Advertising Initiative opt-out page or by using the Google Analytics opt-out browser add-on.

Your acceptance of these terms

By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated

28 January 2025