Privacy Policy

ARC Physiotherapy takes your privacy seriously. This privacy policy applies to ARC Physiotherapy’s website at (Website) as well as any information provided about you in person, by letter, SMS or over the telephone. This policy covers the collection, processing and other use of personal data under the General Data Protection Regulations (GDPR).

For the purpose of the GDPR we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to Andrew Powell at ARC Physiotherapy, 69 High Street, Saffron Walden, Essex, CB10 1AA.

By using the Website you consent to this policy. We collect and process data because we have a legal obligation to do so and it is adequate, relevant and limited to what is necessary. ARC Physiotherapy is registered with the Information Commissioner’s Office for this purpose.


Information we collect

We collect and process information when you telephone or email the clinic to make an enquiry or appointment. At the point of enquiry or booking we may ask you for;

  • Your name
  • Your date of birth
  • Your address
  • Your telephone number, either landline or mobile or both
  • Your e-mail address

At your clinic appointment, we will ask for information regarding your medical history and information regarding the condition you are seeing advice about. We will also ask for information regarding any activities you undertake, your employment and any medication you take. We will also record the findings of a physical examination and the treatment we provide.

ARC Physiotherapy will collect personal data on this Website only if it is directly provided to us by you the user, e.g. your e-mail address, name, home or work address and telephone number, and therefore has been provided by you with your consent. Normally you will only provide such details if you are contacting us using our online form/email.

We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally).


Use of your information

ARC Physiotherapy may hold and process personal data that you provide to us in accordance with the GDPR.

The information that we collect and store relating to you is primarily used to enable us to provide our services to you, and to meet our contractual commitments to you. We use this information;

  1. To provide a legal record of any treatment or advice we provide.
  2. To ensure continuity of care.
  3. To contact you regarding your ongoing treatment as well as invoicing for any outstanding bills.
  4. To contact you if new information or treatments become available that may be of benefit to you or changes to our services that may affect you.
  5. We may pass information to other medical professionals who may be involved in your care; this may include GPs, consultants, occupational health departments or other Health and Care Professions.
  6. To provide required information to your insurance company (if using an insurer to claim for treatment) for the purposes of billing, requesting authorisation for further treatments, discussing treatment plans or for audit purposes at the request of the insurers.
  7. We may use your information for quality feedback purposes.
  8. We may use your information for audit purposes.

We do not pass on your information for commercial purposes.

We take all reasonable steps to ensure that our information is kept up to date and rectified if necessary. It is also your responsibility to inform us if any personal information changes.


Disclosure of your information

We may disclose your information to regulatory bodies to enable us to comply with the law.

Where you have consented for us to do so, we may provide your data to selected third parties who may contact you about their goods or services that you may be interested in.

If you do not want us to use your data for our use, you will have the opportunity to withhold your consent to this when you provide your details to us on the form on which we collect your data, or you can do so by writing to us at the clinic address (paragraph 2), or sending us an email to at any time.


Controlling the use of your data

If you have given us consent to use your data for a particular purpose you can revoke or vary that consent at any time. If you do not want us to use your data or want to vary the consent that you have provided you can write to us at the address detailed in paragraph 2 or email us at at any time.


Where we store and transfer your data

We use an electronic practice management software that is hosted by a third party (BlueZinc IT Ltd). All notes are kept in paper format and secured in line with GDPR requirements.

As part of the services offered to you, for example through our Website, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the Website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in the ‘Cloud’. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.

A transfer of your personal data may happen if any of our servers are located in a country outside of the EEA or one of our service providers is located in a country outside of the EEA. If we transfer or store your personal data outside the EEA in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected, as outlined in this privacy policy and in accordance with the GDPR. If you use our service while you are outside the EEA, your personal data may be transferred outside the EEA in order to provide you with these services.

We may disclose your personal data outside of our group: (a) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and (b) if ARC Physiotherapy is bought by a third party, in which case personal data held by it about its customers will be one of the assets to transfer to the buyer. However, any such transfer will only be on terms that the confidentiality of your personal data is protected and that the terms of this privacy policy will continue to be complied with by the recipient.

In medical professions, duty to share information is as important as duty to maintain patient confidentiality. The Caldicott Review in England 2013 highlighted that safe and appropriate sharing in the interests of the individual’s direct care should be the rule, not the exception. We will always endeavour to inform you about any communication with other healthcare professionals such as consultants, GPs, other physiotherapists and health professionals directly involved in your care, but in any cases where this is not possible, we will share information if it is deemed to be in your best interest.

Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the Website.

You have the right to opt out of our processing your personal data for marketing purposes by contacting us at



Computers used at ARC Physiotherapy are encrypted in line with GDPR requirements.

Data are stored in Cloud archive storage in line with GDPR regulations.

If we send sensitive information electronically by email, it will be password protected and we will take all reasonable precautions to transmit the information securely.

The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

Third party and third party links

If transferring your data to third parties (such as insurance companies) or clicking on any third party websites on our Website, these websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.


Use of cookies

Our Website uses cookies. We use cookies to gather information about your computer for our services and to provide statistical information regarding the use of our Website. Such information will not identify you personally – it is statistical data about our visitors and their use of our Website. This statistical data does not identify any personal details whatsoever. We may also gather information about your general Internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer, as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website and the service that we provide to you. All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our Website. Where we work with advertisers on our Website, our advertisers may also use cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements on our Website.


Your rights

The GDPR gives you the right to access information held about you by us. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. You can write to us at the address detailed in paragraph 2, or by email to There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of your requesting the data.

You have the right to change the permissions that you have given us in relation to how we may use your date. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to us at the address detailed in paragraph 2, above, or by email to

We are legally obliged to keep medical notes. Retention of physiotherapy notes and retention schedules are directed by Records Management Code of Practice for Health and Social Care 2016 and the Chartered Society of Physiotherapy. Physiotherapy records are required to be kept for eight years from the date of last treatment for adult records, and for children eight years after their 18 birthday or until 25 years of age.


Changes to this policy

We may update these policies to reflect changes to the Website and customer feedback. Please regularly review these policies to be informed of how we are protecting your personal data.

We welcome any queries, comments or requests you may have regarding this Privacy Policy. Please do not hesitate to contact us at ARC Physiotherapy, 69 High Street, Saffron Walden, Essex, CB10 1AA or