Privacy Policy

Who we are

Optimus Physio is operated by Sangita Patel (BHSc Physiotherapy; PGDip Sports Med), trading as a sole practitioner. Sangita Patel is the data controller for all personal information collected through this website and in the course of providing physiotherapy services. You can contact her at [email protected] or at the clinic address below.

What information we collect

We collect and process several categories of personal information depending on your interaction with us.

Contact and identity information — your name, email address, phone number, and postal address, collected when you make an enquiry, book an appointment, or complete an intake form.

Health and clinical information — your medical history, presenting symptoms, treatment records, clinical notes, and any imaging or reports you share with us. This is special category data under UK GDPR and is handled with additional safeguards (see below).

Financial information — payment records, including appointment fees paid and invoices issued. We do not store card details; payments are processed by our third-party provider.

Technical and usage information — when you visit this website, we may collect your IP address, browser type, and pages visited, via cookies and analytics tools. See the Cookies section below.

Our lawful basis for processing

We process your personal information only where we have a lawful basis to do so under UK GDPR.

Contract (Article 6(1)(b)) — processing your contact and identity information is necessary to provide the physiotherapy service you have requested and to manage your appointments.

Health and social care (Article 9(2)(h)) — we process your health and clinical information on the basis that it is necessary for the provision of healthcare and the management of your treatment. This is a specific legal basis for special category health data under UK GDPR, and it does not require separate consent for your clinical records to be created and maintained.

Legal obligation (Article 6(1)(c)) — we may be required to retain or disclose certain information to comply with our legal and regulatory obligations, including HMRC requirements for financial records and mandatory reporting duties.

Consent (Article 6(1)(a)) — for marketing communications or non-essential cookies, we will ask for your explicit consent and you may withdraw it at any time.

How we use your information

We use your personal information to:

Provide physiotherapy assessment and treatment, and manage your ongoing care

Contact you to confirm, reschedule, or follow up on appointments

Refer you to, or correspond with, other healthcare providers involved in your care — with your knowledge and where clinically appropriate

Process payment and maintain financial records

Comply with our professional regulatory and legal obligations as a registered physiotherapist

Who we share your information with

We do not sell your data. We share it only in the following circumstances.

Other healthcare providers — with your knowledge, where referral or correspondence is clinically necessary (for example, your GP, a consultant, or a surgical team).

Service providers — third-party tools we use to run the practice, such as our booking system, payment processor, and email platform. These providers are only permitted to process your data on our behalf and in accordance with our instructions.

Legal and regulatory requirements — where we are required to disclose information by law, court order, or regulatory authority, including the Health and Care Professions Council (HCPC), which regulates physiotherapy practice in the UK.

How long we keep your information

Clinical records — retained for a minimum of eight years from the date of your last treatment, in line with NHS and Chartered Society of Physiotherapy guidance. If you were a minor at the time of treatment, records are kept until your 25th birthday, or for eight years from the last entry if that is later.

Financial records — retained for seven years as required by HMRC.

Enquiry and contact data — if you enquire but do not become a patient, we retain your contact details for up to 12 months and then delete them securely.

Security

We take the security of your personal information seriously. Clinical records are held in a secure practice management system with access controls and encryption. Paper records, if any, are stored securely and disposed of via confidential waste. We review our security measures regularly and take appropriate steps to prevent unauthorised access, loss, or disclosure.

Cookies

This website uses cookies. Essential cookies are required for the site to function and are set automatically. Analytics cookies (such as Google Analytics) are only set with your consent, which you can manage via the cookie banner when you first visit the site. You can also manage or delete cookies through your browser settings at any time. Blocking all cookies may affect the functionality of certain parts of this site.

Your rights

Under UK GDPR you have the following rights regarding your personal data. You can exercise any of these by contacting us at [email protected]. We will respond within one calendar month.

Access — you may request a copy of the personal information we hold about you (a Subject Access Request).

Rectification — you may ask us to correct inaccurate or incomplete information.

Erasure — you may ask us to delete your personal data in certain circumstances. Please note that we may need to retain clinical and financial records for the periods set out above to meet our legal and professional obligations, and these cannot be deleted on request during that period.

Restriction — you may ask us to restrict processing of your data in certain circumstances, for example while an inaccuracy is being corrected.

Portability — where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.

Objection — you may object to processing based on legitimate interests. You may also withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.

Complaints

If you have concerns about how we handle your personal data, please contact us first and we will do our best to resolve the matter. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

Changes to this policy

We may update this privacy policy from time to time. The current version will always be available on this page, with the date it was last reviewed noted below. We recommend checking back periodically if you are a returning patient.

Last reviewed: April 2026