We, Backstobasics Osteopathy (UK) Ltd (‘Backstobasics’), as the Data Controller who can
be contacted at 127 New Road, Croxley Green, Rickmansworth, WD3 3EN (‘We’) are committed
to respecting your privacy and complying with applicable data protection and privacy laws. We
about how we will use your personal data.
posted (each, a “Website” and, collectively the "Websites"), or otherwise communicate with us,
for example by phone or in writing by mail, e-mail or social media. We wish to help you make
informed decisions, so please take a few moments to read the sections below and learn how we
may use your personal information.
Our use of any information we collect about you when you visit a Website will be governed by
Who are we?
Osteopaths diagnose and treat health conditions. Treatments are carried out in accordance with
the Institute of Osteopathy’s patient charter http://www.iosteopathy.org/osteopathy/the-
patient-charter/. The practice may also provide other treatments, about which our staff will be
pleased to provide more details.
What personal information may we collect about you?
Backstobasics can collect information about you when you use our website, contact form, send
us an email, call us on the telephone, send us information through the post, contact us by social
media, fill out a form in our clinic and/or when you verbally give us information in our clinic.
However, we may also collect information we observe about you, for example via cookies when
you visit one of our websites, and/or CCTV footage when you visit our practice.
Below we list some of the most common categories of personal information we may collect
● Your contact details (including, name, title, postal addresses, telephone numbers and
email addresses) to keep in touch with you;
● Demographic information such as age, height, weight, gender, employment history,
leisure interests and family dependencies so that we can best advise you when
providing you with our services;
● Any personal information you choose to give us when contacting us, during the
registration process and/or during a consultation;
● Sensitive personal information such as detailed medical information, medical case notes,
medication treatment and/or any other issues affecting your health and/or your
families health which may affect your treatment. This is to provide you with the
necessary treatment/support/advice when utilising our services;
● Payment details for payment of services;
● Other operational personal data created, obtained, or otherwise processed in the course
of carrying out our business activities, including but not limited to, CCTV footage and
logs of accidents, injuries and insurance claims.
How do we use your personal information?
We collect and use information about you if you visit our website, utilise our services, make
patient enquiries and/or send other communications.
Your relationship with us will determine why we collect particular information about you. We
collect your personal data because you have consented for us to do so; We may be required by
law to collect certain information; require it in order to perform a contract, or prior to entering
into a contact, with you; or use it for our legitimate business interests where these do not
override your rights or interest.
We may collect and use your information to:
● Supply you with goods and/or services that you have requested, including but not
limited to Osteopathic treatment, selling orthotics;
● Effectively respond to and deal with your query in the event that you contact us;
● Send you an email to inform you of your appointment;
● Ensure you see relevant and interesting content on our website(s) using your electronic
● Process information that is required or requested by regulatory bodies or law
● Investigate, respond to and/or process any complaints, claims for loss, damage and/or
● Prevent and/or detect crime;
● Monitor the safety of our employees and/or contractors;
● Facilitate your access to our on-site facilities;
● Any other processing for which you have indicated your consent.
Who has access to your personal information?
Your information will be processed by employees of Backstobasics in order to fulfil our
obligations to you as outlined in this notice. We may also share your details with third parties
● Contractors working on behalf of or in partnership with Backstobasics;
● Other medical practitioners linked to your treatment, e.g. GP (this will only be provided
with your consent);
● Our third-party suppliers/service providers who are Backstobasics data processors
under contract, support our systems, operations and/or processes;
● Insurance companies who are funding your treatment;
● Law enforcement or other regulatory bodies who can legally request access to
information about you for prevention and detection of crime and/or the apprehension
or prosecution of offenders.
Information security and International Transfers
Backstobasics are committed to being transparent and keeping your information secure. We
are also obliged to tell you where we use services that transfer your information internationally.
We have a strict selection process when it comes to our suppliers/ service providers and we
enforce strict requirements within our contracts to ensure your data is kept within safe hands.
It may be necessary to transfer your data to suppliers/service providers where we rely on
storage, system and administrative support from outside the European Economic Area*
therefore the processing of your data may involve a transfer of data to countries outside of the
*The European Economic Area (EEA) currently comprises the Member states of the European
Union plus Norway, Iceland and Liechtenstein.
The table below outlines the instances where your information may be transferred outside of
Server /Cloud Hosting (‘Cliniko’) Australia
We take all reasonable steps to ensure that your personal data is processed securely.
We have entered into contracts with all our national and international suppliers and service
providers which include EU approved clauses concerning the protection of the data transferred.
How long will you keep my personal information?
Information is only kept as long as necessary for the period it is required. When deciding how
long we keep your information we take into account any minimum retention requirements set
out in law. Depending on the purpose for which we hold your hold your personal data, retention
periods may vary. We will hold your personal data for at least a minimum of 8 years after your
last consultation or if a patient is a child, until their 25 th birthday. This is in line with the
Osteopathic Practice Standard D6(3).
What rights do I have with regards to my personal data?
To exercise your privacy rights please send your request in writing. We may be required to
verify your identity for security purposes. Your rights are outlined below:
● The right to access information we hold about you, why we have that information, who
has access to the information and where we obtained the information from.
● The right to correct and update the information we hold about you. If the data we hold
about you is out of date, incomplete or incorrect you can inform us and your data will be
● The right to have your information erased. If you feel we should no longer be using your
data you can request that we erase the data that we hold. Upon receiving a request for
erasure we will confirm whether it has been deleted or a reason why it cannot be
deleted (for example because we have a legal obligation to keep the information or we
need it for a legitimate business interest)
● The right to object to processing of your data. You may request that we stop processing
information about you. Upon receiving your request we will contact you and let you
know if we are able to comply or if we have legitimate grounds to continue to process
your data. Even after you exercise your right to object, we may continue to hold your
data to comply with your other rights or bring or defend legal claims.
● The right to data portability. You have the right to request that we transfer your data to
We will comply with your request where it is feasible to do so, within 30 days of receiving your
request. There are no fees or charges for the first request. However additional requests for the
same data may be subject to an administrative fee of £25 per request.
To exercise your rights please do so by writing to:
127 New Road
Or email us at email@example.com
Where we need your consent to hold your information we will ask you to confirm your consent
in writing and we will inform you why we are collecting the information, how we will use it,
how long we keep it for, who else will have access to it and what your rights are as a data
subject. Where we do rely on consent you have the right to change your mind and withdraw that
consent at any time. If you withdraw your consent we will immediately cease using any
personal information obtained and processed under that consent unless we have some other
legal obligation to continue to use it.
What can I do if I am not satisfied with how my personal information is processed?
At Backstobasics we aim to ensure all information collected about you is done so fairly and
lawfully, whilst implementing robust measures to keep your information secure. If you are not
satisfied with the information provided in this notice, please contact us in the first instance so
we can resolve your queries or provide you with any additional information required.
Alternatively it is your right to contact your local Data Protection Authority and lodge a
complaint. In the UK the lead Data Protection Authority is the Information Commissioner. For
more information please visit the Information Commissioner’s office at
www.ico.org.uk/concerns or call them on 0303 123 1113.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once
you agree, the file is added and the cookie helps analyse web traffic or lets you know when you
visit a particular site. Cookies allow web applications to respond to you as an individual. The
web application can tailor its operations to your needs, likes and dislikes by gathering and
remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data
about web page traffic and improve our website in order to tailor it to customer needs. We only
use this information for statistical analysis purposes and then the data is removed from the
Overall, cookies help us provide you with a better website, by enabling us to monitor which
pages you find useful and which you do not. A cookie in no way gives us access to your
computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies,
but you can usually modify your browser setting to decline cookies if you prefer. This may
prevent you from taking full advantage of the website.
If you have any queries in relation to this notice, or need more information please do not
hesitate to contact us at:
127 New Road
Or email us at firstname.lastname@example.org
Effective date: 24 May 2018
WE CARE, WE CAN
WE CARE, WE CAN
Copyright by TheNobleweb 2018. All rights reserved.