Taylor OsteopathyKettering · Northants
Legal

Privacy policy.

Last updated: 10 January 2026

This privacy policy explains how Taylor Osteopathy ("we", "us", "our") collects, uses and protects your personal information when you visit taylorosteopathy.co.uk, contact us, book appointments, or attend our clinic.

It is written to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and our professional obligations under the General Osteopathic Council.

Please also see our cookie policy for information about how cookies are used on this website.

Who we are

Taylor Osteopathy is a privately owned osteopathy clinic regulated by the General Osteopathic Council (GOsC).

Address
Thursfield Pharmacy
1 School Lane
Kettering
Northamptonshire
NN16 0DH

Neil Taylor is the data controller for Taylor Osteopathy. For privacy or data protection enquiries, please use the contact details provided under "Your rights" below.

What information we collect

We only collect information that is necessary to provide healthcare services, respond to enquiries and operate the clinic effectively.

From the website

  • Contact form submissions: name, email address, phone number (if provided), the message you send and the date and time of submission.
  • IP addresses: we record the IP address of every contact-form submission for up to one hour as part of our spam-prevention measures. It is then automatically deleted.
  • Analytics data (only if you consent): anonymised page-view and session information collected through Google Analytics 4. Please see our cookie policy for further details.

If you become a patient

When you book an appointment, we collect appointment booking information and contact details through our Cliniko booking system. This may include your name, date of birth, address, email address, telephone number and appointment history.

During your consultation and ongoing care, we collect information necessary to provide safe and effective osteopathic treatment, including:

  • Personal identifiers — name, date of birth, address and GP details.
  • Health information — medical history, medications, your presenting complaint, examination findings, treatment notes, treatment plans and records of care provided.
  • Administrative information — appointment history, payment records, billing information and correspondence with you, your GP, insurer or other healthcare professionals where relevant.

Clinical records are primarily stored electronically within Cliniko. In limited circumstances, temporary paper records may be created — for example during technical outages or system maintenance — and these records are securely incorporated into the patient's clinical record as soon as practicable.

Why we collect it and our legal basis

PurposeLawful basis (UK GDPR)
Responding to enquiries via our contact form, telephone or emailArticle 6(1)(b) — taking steps prior to entering into a contract
Providing osteopathic treatment and maintaining clinical recordsArticle 6(1)(b) — performance of a contract
Article 9(2)(h) — provision of health or social care
Spam preventionArticle 6(1)(f) — legitimate interests in protecting our website and services
Website analyticsArticle 6(1)(a) — your consent
Meeting legal, professional and insurance obligationsArticle 6(1)(c) — compliance with a legal obligation
Marketing communicationsWhere required, Article 6(1)(a) — your consent
Where permitted by law, Article 6(1)(f) — legitimate interests

How long we keep your information

  • Contact-form enquiries that do not become appointments: up to 12 months.
  • Spam-protection IP addresses: up to 1 hour.
  • Clinical records (adults): a minimum of 8 years after your last appointment, in accordance with professional, legal and insurance requirements.
  • Clinical records (children): until the patient's 25th birthday, or age 26 if they were 17 at the time of their last appointment.
  • Financial and accounting records: 7 years, as required by HMRC.
  • Analytics data: up to 14 months within Google Analytics before automatic deletion.

Who we share it with

We only share information where necessary and appropriate. This may include:

  • Your GP, consultant or other healthcare professional — normally with your consent, or where we are required or permitted to do so by law, safeguarding obligations, professional duties or other applicable legal requirements.
  • Your medical insurer — where you ask us to bill them or provide information required to process a claim.
  • Regulators, professional bodies, insurers or law-enforcement agencies — where required by law or professional obligations.

Our service providers include:

  • Cliniko (appointment booking, practice management and clinical records)
  • 123 Reg (business email services)
  • Emergent AI Web Design (website and technical support)
  • Zettle (payment processing)
  • Stripe (if online prepayments or online payment facilities are introduced)
  • Google Analytics (where consent has been provided)

These providers process personal information only as necessary to provide services to us and are subject to appropriate contractual and data protection obligations.

We never sell personal information and never share it with third parties for their own marketing purposes.

International transfers

Some service providers may process information outside the United Kingdom.

Where this occurs, we ensure that appropriate safeguards are in place, including the UK International Data Transfer Agreement (IDTA), approved Standard Contractual Clauses with the UK Addendum, or transfers to countries recognised by the UK Government as providing an adequate level of data protection.

If you do not provide information

To provide osteopathic care safely and effectively, we require certain personal and health information.

If you choose not to provide information necessary for your assessment, treatment or ongoing care, we may be unable to provide treatment or may be limited in the advice and care we can offer.

Your rights

Under UK GDPR, you have the right to:

  • Access a copy of the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Request deletion of your information in certain circumstances (subject to legal and professional record-keeping requirements).
  • Restrict or object to processing in certain circumstances.
  • Withdraw consent at any time where consent is relied upon.
  • Receive certain personal data in a structured, commonly used and machine-readable format and, where technically feasible, have that information transferred to another organisation (data portability).

If you have concerns about how we use your personal information, we encourage you to contact us first so that we can try to resolve the issue.

You also have the right to complain to the Information Commissioner's Office (ICO).

Website
ico.org.uk
Telephone
0303 123 1113

To exercise any of your rights, please email enquiries@taylorosteopathy.co.uk with "Data Request" in the subject line.

We aim to respond within one calendar month.

Children

We do not knowingly collect personal information directly from children under the age of 13 through this website.

Where treatment is provided to a child, appointment bookings and communications should normally be made by a parent, guardian or person with parental responsibility.

Automated decision-making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

All decisions relating to patient care, treatment and record keeping involve human review and professional judgement.

Marketing communications

We may occasionally send information about our services, clinic updates, health-related information, special offers or other communications that may be of interest to existing or prospective patients.

Where required by law, we will only send marketing communications where we have your consent or another lawful basis to do so.

You may opt out of marketing communications at any time by contacting us or by using any unsubscribe facility provided within the communication.

We do not sell or share personal information with third parties for their own marketing purposes.

Security

We take the security of personal information seriously.

Clinical records are stored within access-controlled systems and protected using appropriate technical and organisational measures, including encryption where available.

Paper records, where used, are kept securely and access is restricted to authorised persons only.

We ensure that anyone handling personal information understands their responsibilities under data protection law.

Changes to this policy

We may update this privacy policy from time to time.

The "Last updated" date at the top of this policy indicates when it was most recently revised.

Where changes are significant, such as the introduction of new categories of personal information, new processing activities or new service providers, we will take reasonable steps to bring those changes to your attention through the website.

How to contact the data controller

For any privacy or data-protection enquiry — including subject access requests, consent withdrawal, deletion requests or general questions about how your information is handled — please contact Neil Taylor, the data controller for Taylor Osteopathy:

Please mark privacy correspondence "Data Request" so it reaches the right person promptly.

Last reviewed and approved by Neil Taylor, Data Controller — 10 January 2026.

Call WhatsApp Book

Made with Emergent