top of page


Privacy Notice

As primary healthcare practitioners, osteopaths take data protection and confidentiality issues very seriously. We take the Data protection Act 2018, which includes the General Data Protection Regulation very seriously and our policies we follow to ensure we meet these are outlined below.

When you supply your personal details to this clinic they are stored and processed for 4 reasons (the bits in bold are the relevant terms used in the Data protection Act 2018, which includes the General Data Protection Regulation – ie the law):

1. We need to collect personal information about your health to provide you with the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes a “contract”. If you chose to not provide the information required, we are unable to provide treatment.

2. We have a “Legitimate Interest” in collecting that information, because without it we could not do our job effectively and safely.

3. We also think that it is important that we can contact you to confirm your appointments with us or to update you on matters related to your medical care. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.

4. Provided we have your consent, we may occasionally send you general health information in the form of articles, advice, or newsletters. You may withdraw this consent at any time – just let us know by any convenient method.


Information We Collect

We may collect and process the following data about you:

  • Contact and other personal information you provide when booking appointments online or on the telephone.

  • Information about your current and historic health and lifestyle, for the purpose of making informed clinical decisions and providing safe, effective treatment. This information is collected by your osteopath verbally at a face to face appointment.

  • Information from surveys that we may use for research purposes and improve our services, although you do not have to respond to them.


How Your Data will be Used

Your data may be used for:

  • Emailing you personalised exercise plans or other relevant health advice.

  • Accounting, billing, and payment card verification.

  • Emailing you about changes to our service.

  • Anonymised patient health data may be used by us or third-party academic research organisations for research purposes.


Confidentiality & Storage

Confidentiality is a legal requirement of osteopaths, and it is of paramount importance that our patients can trust us with their information. We therefore ensure that:

  • Paper-based patient records and information are stored securely in a locked filing cabinet when not in use. These are then stored in the locked office and alarmed building outside of work hours.

  • Practitioners and reception staff only view patient information they need to see.

  • We keep confidential who visits our practice, where they live, the date and times of their appointments and any other personal or medical details.

  • Electronic data is stored on our work computer for GP letters and rehabilitation plans. These are password-protected, encrypted files, backed up regularly, and the office is locked and secured when outside of working hours.

Will Your Data be Shared with Anyone?

We will not share your data with anyone who does not need access without your written consent*.
Only the following people/agencies will have routine access to your data:

  • Your osteopath in order that they can provide you with treatment and schedule appointments.

  • Administrative staff, such as our accountant who may have access to contact details, but not medical notes.

*Only in the extremely rare instance of a legal order, or where with-holding data may pose a serious safety risk, would data ever be shared without your consent.

COVID-19 UPDATE: Whilst the government’s ‘Track and Trace’ scheme is operating, we may be contacted to provide data (name, phone number and email address) of people, including patients, who we have been in close contact with. In this situation, the Information Commissioner and government have confirmed that public health interest takes priority over your GDPR data protection rights. We will therefore be obliged to release this information.

How Long Will Your Data be Retained?

Osteopaths have a legal obligation to retain patient records for 8 years after their most recent appointment, or in the case of children/teenagers until they reach 25 years of age (or the 8 years have passed, whichever is longer) but after this period you can ask us to delete your records if you wish. Otherwise, we will retain your records indefinitely in order that we can provide you with the best possible care should you need to see us at some future date.

You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records. While you have the right to have a copy of your personal notes for free, third parties working on your behalf, such as solicitors, will be required to pay a fee to access your notes.

Who is Responsible for Data Protection?

Amy-Leigh Smith (Principal Osteopath) is responsible for data protection at MVMT  Osteopathy. MVMT Osteopathy is registered with the Information Commissioners Office (ICO). 

If you have any concerns about how we handle your data, please contact Amy-Leigh Smith:  / 07500557114. If you are not satisfied with our response, then you have the right to raise the matter with the ICO.

bottom of page