Data Privacy Notice

Information about The Hand Therapy Clinic Ltd

Company Name: The Hand Therapy Clinic Limited
Place of registration: England and Wales
Companies House Number: 7748374
Registered Office: The Old Store, Mascalls Pound Farm, Maidstone Road, Paddock Wood, Kent. TN12 6LT
Principal activities: Physiotherapy, Healthcare services

About our privacy notice

The Hand Therapy Clinic is committed to protecting your privacy and legal rights when dealing with your personal information.

This privacy notice explains when and why we collect personal information about you (or anyone you have provided us with information about e.g. your child), how we use it and keep it secure. It also provides the information about your rights in relation to it.

In this policy “personal information” means any personal data provided to us by you, or on your behalf, for the purpose of providing our services to you.

We reserve the right to amend this Data Privacy Policy from time to time without prior notice. You are advised to check our website on a regular basis for any amendments (any amendments with not be made retrospectively).

We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal information. Further details on GDPR can be found at For the purposes of GDPR we are the “data controller” of all personal information held about you.

If you do have any queries, comments or requests about this privacy notice, or if you wish to contact us about personal information we hold, we can be contacted at:

The Hand Therapy Clinic Ltd.
Administration Office, 13 Wisborough Road, South Croydon CR2 0DR

The Hand Therapy Clinic Limited is registered as a data controller with the UK Information Commissioner's Office (ICO), registration number ZA067308

Information we collect and how

Standard Personal information
Telephone number(s)
email address(es)
date of birth
next of kin or similar contact details
Merchant card machine receipts that relate to payments for our services
account details relating to your private medical insurance provider

Special Category information

includes personal information which may specifically relate to your:

  • Health, both physical and mental diagnoses
  • Medication
  • Medical imaging/investigations

Special Category information relating to health can include (but is not limited to) clinical notes, examination findings, medical imaging data related to your care, diagnostic test results, correspondence and communications from other clinical professionals which relates to your current or past clinical care.

We will collect personal and special category information from you, or other third parties by:

  • Face to face consultations, communications via email, telephone or post with yourself.
  • Your parent or guardian, if you are under 18 years old
  • An interpreter acting on your behalf
  • A family member, or someone else, acting on your behalf
  • From communications via email, telephone, post by clinicians involved in your care.
  • From your private medical insurance provider or referring source e.g. referral letter


We have a legal obligation to process your standard personal and special category information, so as to be able to provide a medical diagnosis and treatment/provision of health care as appropriate. Physiotherapists are directly involved in your healthcare and are designated by the Health Act 1999 or the Health Professionals Order 2001 and legally by our regulatory body (Chartered Society of Physiotherapy) to record information about you, that relate to preventive or occupational medicine, for medical diagnosis or the provision of health care or treatment.

We shall maintain written records of our physiotherapy treatments and all communications (postal, electronic, telephone) on your behalf.


We will store your personal information to the extent that we are required to by law. If you are an adult: as healthcare professionals we have a legal obligation to process and store your personal information for eight years from the date of the last clinical record, we have for you. If you are a child: we store the records for eight years from the age of 18 years of age if no further contact has been recorded from that time.

Unless there are any specific circumstances that may require a longer storage time e.g.

  • if we believe that the documents may be relevant to any ongoing or prospective legal proceeding.
  • in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).

All personal data is securely destroyed or erased once we no longer need it.

Paper records are kept in secure, locked cabinets only accessible by the clinic staff.
Database information is password protected - computer and database – with only clinic administrative staff having the access codes.
Our Private Practice Software (PPS) database is administered by Rushcliff Ltd.

Your rights under GDPR:

You have the following rights, although do note that the rights are not absolute. The only absolute right you have is to request that we do not use your personal information for direct marketing.

  • To access your personal data by a SAR (Subject Access Request)
  • To be provided with information about how your personal data is processed and used
  • To have your personal data corrected
  • To have your personal data erased in certain circumstances
  • To object to or restrict how your personal data is processed
  • To have your personal data transferred to yourself or to another business in certain circumstances.

How we protect the security of your personal information data:

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. Computers screens locked if left unattended, password protection for all sensitive information sites and locked filing cabinets in a locked building when closed.

We will store all the personal information you provide on our secure (password- and firewall-protected) computers/servers.

You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

We will not transfer your personal data outside the EU without your consent.

Our clinician and administrative staff are trained in the appropriate handling of personal data and how to respond to a data breach

We will notify you, without undue delay, in the event that we reasonably believe that there has been any breach of your personal data which might expose you to serious risk.

The right to complain: You have the right to take any complaints about how we process your personal data to the ICO but would prefer that you contact us first to discuss it further.


Search Engineered By First Search Consultancy
Hand Injury London ~ Hand Physiotherapist London ~ Wrist Injury London ~ Dupuytrens London ~ Broken Thumb