Privacy Notice

Back & Body Medical Ltd / The Back & Body Clinic

We take your privacy seriously and are committed to protecting your personal data.

What Information We Collect

We may collect and process the following information:

• Name, date of birth, contact details

• Medical history and health information

• Appointment and treatment records

• Payment and billing information

This information may be collected via:

• Online booking systems

• New patient forms

• Telephone or face-to-face interactions

• Secure digital platforms

How We Use Your Information

We use your information to:

• Provide safe and effective healthcare

• Manage appointments and treatment plans

• Communicate with you about your care

• Process payments

• Meet legal and regulatory obligations

Lawful Basis for Processing

We process your data under:

• Contract – to provide healthcare services

• Healthcare provision (special category data) – for diagnosis and treatment

• Legal obligations – for regulatory compliance

Sharing Your Information

We may share your information with:

• Referring clinicians (e.g. GP, physiotherapist, consultant)

• Radiology providers (e.g. Teleconsult)

• External healthcare professionals involved in your care

• Private medical insurers (e.g. Bupa, AXA, Vitality, WPA)

• Secure image sharing platforms (e.g. SECTRA IEP)

We only share information that is necessary and ensure it is transferred securely.

Data Storage & Security

Your data is stored securely using:

• Practice management systems 

• Imaging systems 

• Secure cloud-based platforms

We use:

• Password protection

• Role-based access

• Secure backups

to keep your data safe.

How Long We Keep Your Data

We retain patient records in line with the NHS Records Management Code of Practice:

• Adult records: minimum 8 years after last treatment

• Children’s records: until age 25 or 8 years after last entry

Your Rights

You have the right to:

• Access your personal data

• Request correction of inaccurate data

• Request restriction of processing

• Withdraw consent for marketing

• Complain to the Information Commissioner’s Office (ICO)

Access to Your Records

You can request access to your records at any time.

• Requests will be completed within 1 month

• No fee is charged unless requests are excessive

Marketing Preferences

You may receive:

• Appointment reminders

• Patient journey communications

• Marketing updates (if opted in)

You can opt out at any time by:

• Clicking unsubscribe

• Contacting us directly

Contact Us

If you have any questions about your data:

Data Protection Officer
Sammi Maudsley
 sammi@backandbodyclinic.co.uk