top of page

Privacy

Last updated: 9/03/2026

 

FitSpine Physio (“FitSpine”, “we”, “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights.

 

 

1) Who we are

 

Data Controller: FitSpine Physio

Contact email: [physiodaniel@yahoo.com]

Primary contact method: Instagram direct message (DM)

Locations: London, UK (appointments are confirmed after contact)

 

 

2) What personal data we collect

 

We may collect and process the following information when you contact us or book an appointment:

 

  • Contact details: name, email address, phone number, Instagram handle

  • Enquiry information: symptoms, injury history, goals, relevant background you choose to share

  • Appointment details: preferred times, confirmed location, attendance

  • Clinical information (if you become a patient): assessment findings and treatment notes relevant to your care

  • Payment and invoicing information: where applicable (FitSpine does not store full card details if payments are processed by third-party providers)

 

You are not required to share medical details via social media. Instagram messages are used to understand your enquiry and determine whether an appointment is appropriate before booking.

 

 

3) How we collect data

 

We collect information when you:

 

  • message us on Instagram

  • email us

  • submit a form on the website (if enabled)

  • book and attend an appointment

  • use the website (via cookies/analytics, if enabled)

 

 

4) How we use your data

 

We use your information to:

 

  • respond to enquiries and provide information about services

  • determine whether an appointment is appropriate and confirm appointment details

  • provide physiotherapy assessment and treatment (where you become a patient)

  • manage scheduling, administration, and records

  • comply with legal and professional obligations

  • improve our website and services (where analytics are enabled)

 

 

5) Legal basis for processing (UK GDPR)

 

We process personal data under one or more of the following legal bases:

 

  • Legitimate interests: responding to enquiries, managing appointments, running the practice

  • Contract: providing services you request and fulfilling appointment arrangements

  • Consent: where you actively choose to provide information or agree to optional communications

  • Legal obligation: record keeping, insurance, and regulatory requirements

  • Health data (special category data): processed for the provision of health care services and proper clinical management, in line with UK GDPR requirements

 

 

6) Sharing your data

 

We do not sell your personal data.

 

We may share your information only where necessary:

 

  • with service providers that support the website or communications (e.g., Wix, email provider, Instagram/Meta as a platform)

  • with professional advisers (e.g., accountant) where required

  • with medical professionals only with your permission or where clinically necessary

  • with authorities where required by law

 

Third-party platforms (e.g., Instagram/Meta) have their own privacy policies and controls. Please review their policies if you contact us via those platforms.

 

 

7) Data storage and retention

 

We keep personal data only as long as necessary:

 

  • Enquiry messages: retained as needed for communication and follow-up

  • Clinical records: retained in line with professional and legal requirements in the UK (typically several years; exact retention may vary depending on record type and circumstances)

  • Invoices/financial records: retained in line with HMRC requirements

 

 

8) How we protect your data

 

We take reasonable steps to protect your information, including:

 

  • limiting access to personal data to those who need it

  • using secure devices/accounts and reputable service providers

  • minimising sensitive information shared via social media

 

No method of transmission over the internet is completely secure. Please avoid sharing highly sensitive medical information via Instagram DM.

 

 

9) Your rights

 

Under UK GDPR, you may have the right to:

 

  • access the personal data we hold about you

  • request correction of inaccurate data

  • request deletion of your data (where applicable)

  • object to or restrict processing in certain circumstances

  • request portability of your data

  • withdraw consent where processing is based on consent

 

To exercise your rights, contact us at: physiodaniel@yahoo.com

 

 

10) Cookies and analytics

 

Our website may use cookies and similar technologies to function properly and (if enabled) to understand how visitors use the site.

 

You can control cookies through your browser settings.

If we use analytics tools, they may collect information such as pages visited, time on site, and device type.

 

 

11) External links

 

Our website may link to third-party websites (e.g., Instagram, Google Maps). We are not responsible for the privacy practices of external sites. Please review their privacy policies.

 

 

12) Children’s privacy

 

FitSpine services are intended for adults and families. If a child’s information is provided in connection with an appointment request, please ensure it is shared by a parent/guardian.

 

 

13) Updates to this policy

 

We may update this Privacy Policy from time to time. The latest version will always be posted on this page with an updated date.

bottom of page