Privacy Policy

Last updated: June 2026

Jen Parr Hand Therapy LTD (“we”, “us”, “our”) is committed to protecting your personal data. This policy explains what information we collect, why we collect it, and how it is used, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

The data controller is Jen Parr Hand Therapy LTD, a private physiotherapy practice based in London. If you have any questions about how your data is used, please contact us at jenparrhandtherapy@gmail.com.

2. What data we collect

We may collect and process the following personal data:

• Contact details — name, email address, telephone number
• Health information — details of your condition, injury, or medical history, provided by you or your referring clinician, for the purpose of assessment and treatment
• Appointment records — dates, notes, and treatment plans from your consultations
• Communication records — messages submitted via the contact form or sent by email or WhatsApp
• Payment information — invoices and payment records (we do not store card details)

3. Lawful basis for processing

We process your data on the following legal grounds:

• Contract performance — to provide the physiotherapy services you have requested
• Legitimate interests — to manage appointments, follow up on your care, and operate our practice
• Legal obligation — to comply with our professional regulatory requirements (HCPC, CSP)
• Consent — where you have explicitly agreed, for example to receive marketing communications

Health data is special category data under UK GDPR. We process it on the basis of Article 9(2)(h) — the provision of health or social care treatment.

4. How we use your data

• To respond to enquiries and book appointments
• To provide, document, and follow up on your treatment
• To send appointment reminders and relevant aftercare information
• To comply with our professional and legal obligations

We will never sell your personal data or share it with third parties for marketing purposes.

5. Data retention

Patient clinical records are retained for a minimum of eight years following your last contact with us, in line with NHS and CSP guidance. Contact enquiries that do not proceed to treatment are deleted within 12 months. You may request earlier deletion where this does not conflict with our legal obligations.

6. Third parties

We use a small number of trusted third-party services to operate this website and practice:

• Netlify — website hosting (contact form submissions may pass through Netlify’s servers)
• Doctify — patient review platform (reviews are submitted voluntarily and governed by Doctify’s own privacy policy)
• Google Fonts — typeface delivery (Google may log your IP address when fonts are requested)

7. Cookies

This website uses no marketing or analytics cookies. Google Fonts may set a cookie for font caching. No personal data is tracked across sessions.

8. Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request erasure of your data (subject to retention obligations)
• Restrict or object to processing in certain circumstances
• Receive your data in a portable format
• Withdraw consent at any time where consent is the legal basis

To exercise any of these rights, please contact us using the details below. We will respond within one calendar month.

9. Complaints

If you have concerns about how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.