Privacy Notice

Last updated: October 2025

At Flex Chiropractic Clinic, we are committed to protecting your privacy and ensuring that your personal information is handled safely, lawfully, and transparently. This Privacy Notice explains how we collect, use, and safeguard your data in accordance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

1. Who We Are

Flex Chiropractic Clinic provides chiropractic and rehabilitation services focused on supporting your health, recovery, and wellbeing.

  • Clinic name: Flex Chiropractic Clinic

  • Address: Clifton Rugby Club

  • Email: info@flexchiropractic.co.uk

  • ICO Registration Number: C1790177

We are registered with the Information Commissioner’s Office (ICO) and fully comply with the professional standards set by the General Chiropractic Council (GCC).

2. Information We Collect

To deliver safe and effective chiropractic care, we collect and store relevant personal and clinical information, including:

  • Name, address, email, and telephone number

  • Date of birth and gender

  • Medical history, lifestyle information, and current symptoms

  • Treatment records, clinical notes, and progress updates

  • Payment and billing information

  • Communication records (emails, messages, or appointment bookings)

All patient information is securely managed through Cliniko, our GDPR-compliant practice management software.

3. How We Use Your Information

Your personal data is used to:

  • Provide chiropractic assessment, diagnosis, and treatment

  • Maintain accurate clinical and administrative records

  • Manage appointments and communicate with you

  • Process payments and manage accounts

  • Comply with legal and professional record-keeping requirements

  • Improve our services and ensure high standards of care

4. Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Performance of a contract – to deliver the healthcare services you have requested

  • Legal obligation – to maintain accurate clinical and financial records

  • Consent – for specific purposes such as marketing communications or sharing information with other healthcare providers

  • Legitimate interests – to operate the clinic effectively and ensure quality care

5. Data Storage and Security

Your information is securely stored and managed using Cliniko, a GDPR-compliant electronic health record system.
Cliniko encrypts all data and stores it on secure servers located in highly protected facilities. Access to data is restricted to authorised staff only.

All records are handled confidentially and in accordance with GCC professional standards and data protection law.

6. Sharing Your Information

We only share your information when necessary, such as:

  • With other healthcare professionals involved in your care (with your consent)

  • With insurance companies or third-party payers (where relevant)

  • When legally required (e.g., safeguarding concerns or court orders)

We will never sell or share your data for marketing purposes.

7. Data Retention

We keep your data for the minimum period required by law and professional guidance:

  • Adults: Records are retained for 8 years after your last appointment.

  • Children: Records are retained until your 25th birthday (or 26th if you were 17 at your last appointment).

After this time, records are securely destroyed.

8. Your Rights

You have the right to:

  • Access a copy of your personal data

  • Request correction or deletion of inaccurate data

  • Withdraw consent for processing (where applicable)

  • Object to or restrict how your data is used

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

You can contact the ICO via their website: www.ico.org.uk

9. Updates to This Privacy Notice

We may update this Privacy Notice periodically. The latest version will always be available on our website, and significant changes will be communicated to you where appropriate.