Privacy Policy

Last updated: January 2026

1. Introduction

This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

At The Woodstock Chiropractor, we are committed to protecting your privacy and ensuring that your personal and health information is handled lawfully, securely, and transparently.

2. Who We Are

This clinic is operated by:

The Woodstock Chiropractor
Email: contact@thewoodstockchiropractor.com
Telephone: 01993 811025

Clinical services are provided by registered healthcare professionals.

3. What Personal Data We Collect

We may collect and process the following information:

Personal details

– Name
– Address
– Date of birth
– Telephone number
– Email address

Health and clinical information

– Medical history
– Presenting complaint and symptoms
– Examination findings
– Clinical notes and treatment records
– Care plans and outcome measures

We only collect information that is necessary to provide safe and effective care.

4. Lawful Basis for Processing Your Data

Under UK GDPR, we process your personal and health data using the following lawful bases:

a) Contract

When you ask us to provide treatment, a contractual relationship is formed. We must process your personal data to:

– Arrange and manage appointments
– Deliver treatment safely
– Communicate with you about your care

b) Legitimate Interests

We process data where necessary for:

– Appointment reminders and administrative communication
– Managing clinical records
– Ensuring continuity and safety of care

c) Special Category Data – Health

Health data is processed because it is necessary for the provision of healthcare by regulated healthcare professionals, in accordance with Article 9(2)(h) UK GDPR.

If you choose not to provide information required for safe care, we may be unable to treat you.

5. Communication and Marketing

Appointment and care-related communication

We will contact you regarding:

– Appointment confirmations or changes
– Information directly related to your treatment or rehabilitation

This communication is essential to your care and does not require separate consent.

Marketing and newsletters

We will only send marketing communications or general health information (such as newsletters or clinic updates) if you have explicitly opted in.

You may withdraw your consent at any time by:

– Using the unsubscribe link in emails
– Contacting the clinic directly

6. How Your Data Is Stored

Your data is stored securely using PracticeHub , a cloud-based practice management system.

PracticeHub complies with UK GDPR and uses industry-standard security measures, including encryption, access controls, and secure data centres.

Where email communication or newsletters are used, we may also use Mailchimp. Only your name and email address are stored for this purpose, and only if you have opted in.

7. Who Can Access Your Data

– Clinical data is accessible only to registered healthcare professionals involved in your care
– Administrative data is accessible only to authorised clinic staff for operational purposes

All staff are trained in confidentiality and data protection.

8. Data Sharing

We do not sell, rent, or trade personal information.

Your data may be shared only where necessary, for example:

– With another healthcare professional involved in your care (with your knowledge or consent)
– With legal or insurance professionals where required by law or with your permission

Any sharing is limited to what is necessary and appropriate.

9. Data Retention

We are legally required to retain clinical records for:

– A minimum of 8 years from your last appointment
– Until your 25th birthday if you were under 17 at the time of your last appointment

After this period, records are securely deleted or anonymised.

10. Your Rights

Under UK data protection law, you have the right to:

– Access the personal data we hold about you
– Request correction of inaccurate or incomplete data
– Request erasure of data where appropriate
– Object to or restrict certain processing
– Withdraw consent for marketing communications at any time

Requests should be made by contacting the clinic. Identity verification may be required.

We will respond within one calendar month. Requests are normally provided free of charge.

11. Third-Party Fees

If your data needs to be transferred to a third party (for example, for insurance or legal purposes), that third party may charge a reasonable administrative fee. We will inform you in advance where applicable.

12. Data Protection Responsibility

Data protection responsibility for The Woodstock Chiropractor sits with the Clinical Director, who oversees data governance and compliance with UK GDPR.

If you have any questions or concerns about how your data is handled, please contact the clinic using the details above.

13. Changes to This Policy

This Privacy Policy may be updated from time to time. The most current version will always be available on our website.