Shipston Therapy Centre

Privacy Policy

1. Who We Are

Shipston Therapy Centre is the trading name of Alwyn Grace Ltd, registered in England and Wales, company number 13883236.

Business address: 14 Market Place, Shipston-on-Stour, Warwickshire, CV36 4AG

ICO Registration Number: ZB329198

Data protection tier: Tier 1

Email: info@shipstontherapycentre.co.uk

Phone: 01608 664664

 2. What Information We Collect

We collect personal information to provide you with safe, effective treatment and a high standard of service. The information we may collect includes:

•       Contact details: Name, phone number, email address, postal address;

•       Health information: Medical history, current symptoms, medication, GP details;

•       Treatment records: Session notes, treatment plans, practitioner observations;

•       Booking and payment data: Appointment history, invoices, payment method (no card details are stored);

•       Website use: Information via cookies (see our Cookie Policy for details).

3. Who has responsibility for your data

The table below shows you who is controlling and processing your data – the persons or organisations known as ‘data controllers’ and ‘data processors under the UK General Data Protection Regulation (UK GDPR). All data controllers and data processors are required to process data in accordance with the GDPR, as adopted into law of the United Kingdom in the Data Protection Act 2018.

If we engage with a data processor who is administered from a country outside of the UK, we will have a contract in place to ensure your information is adequately protected.  

Joint Data Controllers 

  • Parties who have joint responsibility for determining the purposes for which, and the way any personal data are, or are to be processed.

Data Processors

Additional parties who have access to and process your data.

Alwyn Grace Limited t/a Shipston Therapy Centre with whom you are contracting with (or making enquiries with).

Any subcontractor e.g. self-employed practitioner, an external clinical supervisor, a solicitor, an accountant.

Third party software providers e.g. practice management software, bookkeeping software, cloud storage / email providers 

4. How We Use Your Information

We use your data to:

•       Provide safe and appropriate healthcare;

•       Manage appointments, payments and communication;

•       Maintain clinical records as required by law and professional bodies;

•       Contact you about bookings, follow-ups, or clinic updates;

•       Monitor and improve our services;

•       We do not use your data for marketing without your consent.

4. Lawful Basis for Processing

Under UK GDPR, the lawful bases we rely on include:

•       Consent – where you have given us clear permission (e.g. marketing preferences);

•       Contract – to provide health services as agreed;

•       Legal obligation – for record-keeping and regulatory compliance;

•       Vital interests – if it’s necessary to protect life (rare situations);

•       Legitimate interest – to manage the clinic efficiently and improve client care;

5. Sharing Your Data

We only share your information when absolutely necessary and in line with GDPR:

•       With your practitioner for safe treatment;

•       With other healthcare professionals (only with your consent or in an emergency);

•       With regulators or insurers if required by law;

•       With IT providers who manage our booking or record systems (they must meet strict confidentiality and security standards);

•       We never sell your data or share it with third parties for advertising.

6. How We Store Your Data

Your information is securely stored using encrypted, GDPR-compliant systems. We:

•       Store digital records in secure practice management systems;

•       Keep paper records (if any) in locked, restricted-access areas;

•       Regularly review and update our data security practices. 

7. How Long We Keep Your Data

•       Adults: We retain health records for 8 years after your last treatment

•       Children: Records are kept until the child turns 25, or 26 if treated at age 17

After this period, data is securely deleted or destroyed. 

8. Your Rights

Under data protection law, you have the right to:

•       Access your data;

•       Correct inaccurate data;

•       Ask for data to be erased (where legally possible);

•       Restrict or object to processing in certain circumstances;

•       Withdraw consent at any time (where consent is the basis for processing);

•       To exercise any of these rights, contact us using the details above.

If you’re unhappy with how we’ve handled your data, you can complain to the Information Commissioner’s Office (ICO): www.ico.org.uk | 0303 123 1113

9. Cookies and Website Analytics

We use basic cookies for site functionality and performance tracking. See our Cookie Policy for full details. 

10. Updates to This Policy

We may update this Privacy Policy from time to time. Any updates will be posted on our website and take effect immediately.

 Last updated July 2025

 

Ends.