top of page

1. Data Controller & Scope

TheLivingWellPhysio.com (“we,” “us,” “our”) is the data controller for personal information collected via our website, telehealth platform, mobile applications, and related online services.

This policy applies to clients, website visitors, and subscribers worldwide. We comply with applicable data-protection laws in all jurisdictions where we deliver telehealth physiotherapy services.

2. Information We Collect

We collect personal data to deliver remote physiotherapy and support services:

  • Personal Identifiers: name, email, telephone, date of birth

  • Health & Therapy Data: medical history, treatment notes, exercise logs, session recordings

  • Payment Details: credit-card information, billing address, transaction history

  • Technical & Usage Data: IP address, device/browser type, cookies, session duration

  • Third-Party Data: insurance provider details, referring clinician information

Collection occurs via online intake forms, telehealth consultations, emails, surveys, and integrated booking/payment portals.

3. Legal Bases & Consent

We process data lawfully under these grounds:

  • Consent: for telehealth consultations, marketing communications, and cookies

  • Contract Performance: to schedule, deliver, and bill physiotherapy services

  • Legal Compliance: to meet record-keeping requirements under healthcare regulations

  • Legitimate Interests: for fraud prevention, system security, and service improvement

Clients may withdraw consent at any time by contacting us (see Contact Information).

4. Purpose & Use of Data

We use personal data to:

  • Provide and personalize physiotherapy assessments, exercise plans, and remote sessions

  • Manage billing, invoicing, and insurance claims

  • Enhance platform functionality, user experience, and service quality

  • Conduct internal audits, compliance checks, and reporting obligations

We do not use health data for marketing or share it with unaffiliated parties for promotional purposes.

5. Disclosure & Third Parties

We may disclose personal data to:

  • Service Providers: telehealth platforms, payment processors, scheduling software

  • Healthcare Professionals: referring physicians, insurers, accreditation bodies

  • Legal Authorities: under court orders, regulatory investigations, or public-health mandates

  • Auditors & Researchers: with data anonymized to protect patient identity

All third parties are contractually bound to maintain confidentiality and uphold equivalent data-protection standards.

6. Data Retention & Deletion

We retain personal data according to the following schedule:

  • Health Records & Treatment Notes: minimum 7 years from last session

  • Billing & Payment Records: minimum 5 years for tax and audit purposes

  • Marketing & Newsletter Lists: until consent is withdrawn

  • Technical Logs & Analytics: up to 2 years

Upon request or at the end of the retention period, we securely delete or anonymize data in accordance with industry best practices.

7. Security Measures

We implement robust safeguards to protect data:

  • Encryption: TLS for data in transit; AES-256 for data at rest

  • Access Controls: role-based permissions; unique user credentials; audit trails

  • Physical Security: secure data centers with restricted access

  • Employee Training: mandatory privacy and security workshops; confidentiality agreements

  • Incident Response: documented breach-notification plans and rapid containment procedures

8. Cross-Border Transfers

When we transfer data outside its origin country, we rely on:

  • Standard Contractual Clauses under GDPR

  • Adequacy certifications (where recognized)

  • Binding corporate rules and encryption safeguards

These measures ensure an equivalent level of protection for international transfers.

9. Cookies & Tracking

We use cookies and similar technologies to:

  • Enable core site functionality and session management

  • Analyze usage patterns via Google Analytics, Hotjar, or similar tools

  • Present personalized content and targeted offers

You may manage cookie preferences through our Cookie Preference Center or browser settings.

10. Data Subject Rights

You have the right to:

  • Access: obtain a copy of your personal data

  • Rectification: correct inaccurate or incomplete information

  • Erasure: request deletion of personal data, subject to legal retention requirements

  • Restrict Processing: pause processing for specific purposes

  • Object & Withdraw Consent: opt out of marketing or profiling activities

  • Portability: receive your data in a structured, machine-readable format

To exercise any right, contact our Data Protection Lead at privacy@thelivingwellphysio.com.

11. Marketing Communications

We send newsletters and promotional emails only with explicit opt-in consent. Every message includes an unsubscribe link. You may also opt out by emailing unsubscribe@thelivingwellphysio.com.

12. Children’s Data

Our services are intended for adults aged 18 and over. We do not knowingly collect data from minors. If you believe we have collected information from a child, please contact us immediately.

13. Breach Notification

In the event of a “material” data breach, we will:

  • Notify affected individuals without undue delay

  • Report to the relevant supervisory authority within the required timeframe

  • Document all incidents and remediation steps in our Incident Response Log

14. Policy Updates

We may update this policy to reflect changes in laws or business practices. We will:

  • Post the revised policy on our website with a new “Effective Date”

  • Notify registered clients by email of significant changes

Please review this policy periodically.

15. Contact Information

Data Protection Lead Email: privacy@thelivingwellphysio.com

You may also direct complaints to your local data-protection authority.

bottom of page