Privacy, Website and Cookies Policies
1. Introduction
Hans Physiotherapy ("we," "our," or "us") is committed to protecting the privacy and security of your personal data. This policy explains how we collect, use, store and protect personal information in accordance with UK GDPR and relevant data protection laws.
2. Business Name and Data Protection Responsibility
-
Business Name: Hans Physiotherapy
-
Data Protection Lead: Hans van Gestel
-
Contact Details:
By email: hans.physiotherapy@gmail.com
By phone: 07359866544
By post: Hans Physiotherapy, Old Market Buildings, Leys Road, IV36 1DS Forres
3. Personal Data We Collect
We may collect the following categories information;
-
Name, address, phone number, email address
-
Medical history and physiotherapy treatment information
-
Payment details for billing
-
Information received through website forms and general enquires.
4. Lawful Basis for Processing
We process personal data under the following lawful bases:
-
Contract: to provide physiotherapy treatment and related services
-
Legal Obligation: regulatory and clinical record-keeping requirements
-
Legitimate Interest: continuity of care and appointment management
Special category health data is processed under Article 9(2)(h) for the provision of health care.
5. How We Use Personal Data
We use your personal data to:
-
Provide physiotherapy care and maintain treatment records
-
Manage appointments and communications
-
Process payments and issue invoices
-
Respond to enquiries or concerns
6. Data Sources
We collect personal data from:
-
Direct interactions, such as appointments, phone calls, and emails
-
Website enquiry and booking forms
-
Referrals from healthcare professionals
7. Artificial Intelligence (AI) Usage
We utilise artificial intelligence (“AI”) technologies in connection with our website, digital communications, and certain operational processes. The use of AI is intended to enhance efficiency, improve accuracy, and support the delivery of high‑quality services to patients and website users.
- Scope of AI Use: AI tools may be employed for website optimisation, analytics, and content generation. These tools are not used to make clinical decisions or replace professional judgement.
- Data Protection: Any personal data processed through AI systems is handled in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.
- Transparency: We are committed to informing users that AI is part of our digital infrastructure. Where AI is used to process personal data, such processing is subject to the same safeguards, retention periods, and lawful bases as other forms of data processing.
- Cookies and Tracking: AI may interact with cookies and tracking technologies to personalise and improve user experience. Users can manage cookie preferences through our cookie consent tool.
- Accountability: We retain responsibility for all outputs generated by AI systems and ensure that appropriate human oversight is maintained.
8. Sharing your Data
We only share data when necessary, such as with:
-
Healthcare professionals involved in your treatment (with consent where required)
-
Payment processors
-
Service providers such as website hosting or clinical software
All third-party processors operate under GDPR-compliant agreements.
9. International Data Transfers
Our website is hosted by Wix, personal information may be stored in data centres located in the United States of America, Ireland, South Korea, Taiwan and Israel. We may use other jurisdictions as necessary for the proper delivery of our services and/or as may be required by law.
Wix is a global company that respects the laws of the jurisdictions it operates within. The processing of the User Customer Data may take place within the territory of the European Union, Israel or a third country, territory, or one or more specified sectors within that third country, of which, the European Commission has decided that it ensures an adequate level of protection (transfer on the basis of an adequacy decision).
10. Data Security and Retention
We apply appropriate technical and organisational measures to safeguard your information.
Retention periods:
-
-Adults: 8 years after last treatment
-
Children: until age 25 (or 26 if treated at 17)
-
Deceased patients: 8 years after death
-
Financial records: 6 years
-
General enquiries: up to 12 months
Data is securely deleted once retention periods expire.
11. Children’s Data
Children’s information is handled with additional confidentiality and only shared with those holding parental responsibility or as legally required.
12. Your Rights
You have the following rights:
-
Access your data
-
Request corrections
-
Request deletion (where applicable)
-
Object to processing
-
Data portability
Requests will be handled within one month.
13. Website Data Collection
When you use our website, we may collect:
-
Personal information submitted through forms
-
Technical information such as IP address, browser type, and device information
14. Cookies and Similar Technologies
Our website uses cookies to improve your browsing experience. Cookies may include:
-
Essential cookies: required for website functionality
-
Analytical cookies: help us understand website use
-
Functional cookies: improve user experience
Non-essential cookies are only used with your consent. You may manage cookie preferences through your browser settings.
15. Third-Party Links
Our website may contain links to external websites. We are not responsible for the privacy practices of these third-party sites.
16. Data Security (Website)
We take reasonable steps to protect information transmitted through our website. However, no method of electronic transmission is completely secure.
17. Changes to This Policy
We may update this Privacy and Cookies Policy from time to time. Updated versions will be published on our website.
18. Complaints
If you have concerns about how we handle your data, you may contact us once full details are added. You may also raise a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.
Cancellation and Non-Attendance Policy
When you book an appointment with us, we reserve time especially for you. As a small business, we rely on our appointment schedule to serve our community effectively. To ensure fairness to all patients and to support the running of our clinic, we require the following;
Notice of Cancellation
Please let us know as soon as possible if you need to cancel or reschedule your appointment.
You must provide at least 24 hours notice prior to your scheduled appointment.
You can cancel your appointment by following the cancellation link sent in your confirmation or reminder emails, or by contacting the clinic directly.
Late Cancellations or Unattended Appointments
If you cancel with less than 24 hours notice or do not attend your appointment, you will be charged the full cost of the appointment booked.
This charge is because;
-
We reserve this time slot exclusively for you.
-
We are often unable to offer late cancellations to other patients who may be waiting for our care.
-
Unattended appointment represents a direct loss to our small business, as we assume the cost of staff time and reserve resources, even when the appointment is not used.
How Fees are Collected
Outstanding fees for late cancellations or unattended appointments will be charged to the payment method held on our records, or you will be invoiced if no secure payment details are held.
Appointment Reminders
We will send reminders by email, but these are a courtesy and do not replace your responsibility to manage and attend your appointment.
Why This Policy Matters
Your time is valuable, and so is ours.
Every appointment slot that is cancelled at short notice or not attended means we cannot offer that time to another patient in need. As a small practice, missed appointments have a significant impact on our ability to operate sustainable, cover clinician time, and continue offering high quality care for our community. This free helps us maintain reliable services and manage our schedule fairly for everyone.