Privacy Policy

Last updated: July 2025

1. Our Commitment to You

At Swale Back Pain Clinic, we aim to build long-lasting relationships with our clients, built on trust, respect, and our commitment to your individual healthcare needs. Whether you interact with us online, by phone, or in person, we collect personal information necessary to provide you with safe, effective, and personalised healthcare. We also use this information to manage our clinic efficiently, comply with legal requirements, and ensure your ongoing care and rehabilitation.

We never sell your personal information, and we are committed to protecting your privacy and confidentiality at all times.

2. Data Protection Law

When we refer to “data protection law” in this policy, we mean the laws currently in force in the UK, including:

• The UK General Data Protection Regulation (UK GDPR)
• The Data Protection Act 2018
• The Privacy and Electronic Communications Regulations (PECR)
• Any applicable supporting regulations and guidance

Swale Back Pain Clinic is the Data Controller for your personal data.

Contact Details:

Swale Back Pain Clinic

The Coach House, Syndale Park, London Road, Ospringe , Faversham Kent, ME13 0RH

Email: clinic@swalebackpainclinic.co.uk

Phone: 01795 720326

3. Information We Collect

We collect and process the following categories of data:

a) Personal Information

• Name, address, date of birth
• Contact details (phone, email)
• Emergency contact information

b) Health Information (Special Category Data)

• Medical history, symptoms, diagnoses, allergies
• Treatment plans, progress notes, test results
• Health professional referrals

c) Financial Information

• Payment details, billing records, payment history
• Insurance information

d) Demographic Information

• Ethnicity, gender, preferred language

e) Technical / Website Information

• IP address, browser/device information, usage data collected via cookies (see our Cookie Policy)

4. How We Use Your Information

We use your information for the following purposes:

• Providing Healthcare Services — to assess, diagnose, develop treatment plans, deliver care, and monitor progress
• Communication — to confirm appointments, provide updates, respond to enquiries, and send important service notices
• Administration & Legal Compliance — to manage records, process payments, and meet regulatory obligations
• Quality Improvement — to review our services and improve patient care (anonymised where possible)
• Research — only if you have given explicit consent; data will be anonymised and kept confidential

5. Our Legal Bases for Processing

Under the UK GDPR, we process your personal information using these lawful bases:

• Consent — where you have actively given permission (e.g., for research or marketing)
• Contract — to deliver our services to you
• Legal obligation — to comply with applicable legal and regulatory requirements, including clinical record-keeping
• Legitimate interests — to improve services and operate effectively, balanced against your rights
• Vital interests — to protect your life in an emergency

For special category health data, we process under Article 9(2)(h) UK GDPR — for the provision of health and social care.

6. Sharing Your Information

We may share your information with:

• Healthcare professionals involved in your treatment (e.g., GPs, therapists, specialists)
• Insurance providers — to verify coverage and process claims
• Third-party service providers — for secure IT systems, clinical software, and billing; all are bound by confidentiality agreements
• Legal/regulatory authorities — if required by law or court order
• Others — only with your explicit consent

We do not sell or trade your personal data.

7. Data Retention

We retain:

• Patient medical records — normally 8 years from the date of your last treatment, or until age 25 for children (in line with healthcare record-keeping rules)
• Financial records — as required by tax law
• Website analytics data — generally no longer than 26 months

8. Your Rights

You have the right to:

• Access the data we hold about you
• Rectify inaccurate or incomplete data
• Request erasure of your personal data, in certain circumstances
• Restrict processing in specific situations
• Data portability for information you provided to us in a structured, machine-readable format
• Withdraw consent at any time where consent is the legal basis
• Complain to the UK Information Commissioner’s Office (ICO) — www.ico.org.uk

9. Data Security

10. Third-Party Links

Our website may contain links to external websites. We are not responsible for how those sites process your personal data — please check their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy occasionally. The latest version will always be available on our website and will be effective from the date shown above.

12. Contact Us

If you have any questions about this Privacy Policy or how we process your data:

Swale Back Pain Clinic

The Coach House, Syndale Park, London Road, Ospringe , Faversham Kent, ME13 0RH

Email: clinic@swalebackpainclinic.co.uk

Phone: 01795 720326