Privacy Policy

Your privacy is important to us. This Privacy Policy explains how PhyzioFit LTD (“we”, “us”, “our”) collects, uses, stores, and protects your personal data and health information when you use our website, booking system, Health Declaration Forms, and physiotherapy services.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable UK privacy and healthcare laws.

1. Data Controller

PhyzioFit LTD is the data controller responsible for your personal data.

Company details:
PhyzioFit LTD (Private Limited Company)
Registered Address: 1446 Stratford Road, Hall Green, Birmingham, B28 9ES

Contact:
Email: enquiries@phyziofit.co.uk
Website: https://phyziofit.co.uk

Data Protection Officer

We are not legally required to appoint a Data Protection Officer. All data protection and privacy enquiries should be sent to the contact details above.

2. Information We collect

2.1 Information You Provide Directly

We collect personal information you provide voluntarily, including:

Name
Date of birth
Email address
Phone number
Postal address
Appointment, booking, and treatment information
Health information provided through Health Declaration Forms
Enquiries or messages submitted via our website
Payment information (processed securely by Wix; we do not store card details)

2.2 Health Information (Special Category Data)

We collect and process health information only where necessary to provide safe, appropriate, and effective physiotherapy treatment.

Lawful Basis

Health data is processed under:

Article 6(1)(b) – performance of a contract
Article 9(2)(h) UK GDPR – provision of health care
Schedule 1, Part 1, paragraph 2 of the Data Protection Act 2018
Article 9(2)(a) – explicit consent (where required)

Explicit consent is obtained through our Health Declaration Forms.

Use of Health Information

Health information is used to:

Assess suitability for treatment
Deliver safe and effective physiotherapy services
Maintain accurate clinical records
Comply with professional, legal, and insurance obligations
Contact you when medically necessary

You may withdraw consent at any time by emailing enquiries@phyziofit.co.uk.
Please note that without essential health information, we may be unable to provide treatment.

Withdrawal of consent does not affect the lawful retention of health records required for legal, insurance, or professional purposes.

2.3 Automatically Collected Information (via Wix)

Wix automatically collects certain information when you visit the website, including:

IP address
Device and browser type
Pages viewed
Time spent on the site
Technical errors or diagnostics

This data is used for:

Website security
Functionality and performance
Basic analytics

Non-essential analytics cookies are only used with your consent, in accordance with the Privacy and Electronic Communications Regulations (PECR).

3. Legal Bases for Processing (UK GDPR)

We process personal data under the following lawful bases:

Contract – to provide appointments, treatments, and services
Health or social care provision – for clinical records and treatment delivery
Explicit consent – for health information and optional communications
Legitimate interests – website functionality, basic analytics, and business operations
Legal obligation – tax, accounting, insurance, and regulatory compliance
Vital interests – where processing is necessary to protect your health

We have assessed that our legitimate interests do not override your rights and freedoms.

We do not sell or commercially share personal data.

4. How We Use Your Information

We use your information to:

Provide physiotherapy treatments and services
Assess clinical suitability and treatment safety
Maintain accurate and lawful records
Communicate regarding appointments and care
Manage bookings and payments
Improve website functionality and user experience
Comply with legal, professional, and regulatory obligations
Prevent fraud or misuse

Clinical notes are not used for marketing purposes and are not shared with third parties unless requested by you or required by law.

5. Security of Your Information

Our website, booking system, and payments are hosted and processed by Wix, which provides encryption, secure servers, and technical security measures.

We also implement appropriate organisational safeguards to protect personal and health data.

Health Declaration Forms and clinical notes are stored securely in line with UK healthcare and insurance standards
Payment card details are processed by Wix Payments; we do not access or store full card numbers

If a personal data breach occurs that poses a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours and affected individuals without undue delay, where required by law.

6. Retention Periods

We retain personal data only for as long as necessary:

Health records & consent forms: Kept for up to 7 years after your last treatment (insurance & professional requirements).
General booking and contact information: Kept for 24 months after last interaction.
Marketing consent: Kept until you withdraw it.
Payment information: Processed by Wix; we do not store card details.

After these periods, information is securely deleted or anonymised.

7. Disclosure to Third Parties

Your data may be processed by:

Wix.com (website hosting, analytics, bookings, forms, storage, and payments)
Legal or regulatory authorities where required by law
Professional advisers (e.g. insurers or legal advisers) where necessary

Wix acts as a data processor and processes personal data on our behalf under contractual safeguards.

We do not share clinical notes or treatment details with third parties unless required by law or at your request.

We do not rent, sell, or share personal data for marketing purposes.

8. International Data Transfers

Wix may store or process data in data centres outside the UK (e.g., EU, USA, Israel).

Wix uses legally recognised safeguards, including:

UK adequacy regulations
Standard Contractual Clauses (SCCs)
Security and encryption measures

Copies of relevant safeguards may be requested via Wix.

9. Your Rights

Under UK GDPR, you have the right to:

Access your personal data
Rectify inaccurate or incomplete data
Request erasure (where lawful)
Restrict processing
Object to certain processing
Data portability
Withdraw consent at any time

We will respond to valid requests within one month, unless an extension is permitted by law.

You may also complain to the Information Commissioner’s Office (ICO) at ico.org.uk.

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

10. Direct Marketing

We send marketing communications only when:

You have provided explicit consent, or
A “soft opt-in” applies (for existing customers)

You may withdraw consent or unsubscribe at any time.

11. Cookies

Our website uses cookies via Wix.

Essential cookies: required for security and functionality (always active)
Non-essential cookies: used for analytics and performance (only with consent)

You can manage cookie preferences through our cookie banner or your browser settings.

12. Children’s Privacy

We provide physiotherapy services to children and young people only where appropriate consent has been provided by a parent or legal guardian.

We do not knowingly process children’s personal data without valid parental responsibility or legal authority.

13. External Links

Our website may contain links to third-party websites. We are not responsible for their content or privacy practices.

14. Changes to This Policy

We may occasionally update this Privacy Policy. The latest version will always be available on our website.

15. Contact Us

Email: enquiries@phyziofit.co.uk
Website: https://phyziofit.co.uk

Last Updated: 06/01/2026