Privacy Policy

1. Introduction
This Privacy Policy explains how WII ADJ LTD (The Chiropractic Centre – Billericay) and WII ADJ 2 LTD (The Chiropractic Centre – Brentwood) collect, store, process and protect personal data under the UK General Data Protection Regulation (UK-GDPR) and Data Protection Act 2018. We are committed to ensuring your data is handled lawfully, fairly and transparently.

2. Data Controllers
Each company acts as its own Data Controller. Both entities may access data where required to deliver chiropractic and healthcare services, manage appointments, fulfil legal obligations or
maintain accurate clinical records. We are registered with the Information Commissioner’s Office (ICO).

3. What Data We Collect
We collect personal and sensitive information necessary for providing healthcare and operating our clinics, including: identity data, contact details, date of birth, medical history, clinical notes, imaging reports, payment records, appointment information, marketing preferences, and communications with us. Sensitive clinical data is treated with enhanced confidentiality and processed strictly under lawful conditions.

4. Legal Basis for Processing
We process data on the following bases: • Contract – to provide care, schedule appointments and manage accounts. • Legal obligation – maintaining clinical records for minimum statutory periods. • Consent – marketing, newsletters, surveys, testimonials and optional communications. • Legitimate interests – security, fraud prevention, operational efficiency. • Vital interests – sharing essential information if someone is at risk of serious harm.

5. Clinical Records
We maintain detailed clinical notes, assessments, treatment plans and relevant medical
information. These records are essential for safe care and must be retained for 8 years (or until age 25 for minors). Records are securely stored digitally with restricted access.

6. Appointments, Communications & Booking System
To schedule and manage appointments, we process contact details, date of birth, appointment
history and health-related notes relevant to care. Automated reminders may be sent via SMS or
email. These systems are protected by encryption and secure authentication.

7. Payments & Direct Debit Information
Where applicable, payment information may include bank details, billing address and transaction history. These are handled securely by approved payment processors and retained for accounting requirements. We do not store full card details.

8. CRM, Newsletters & Marketing Communications
With your consent, we may store your name, email address and clinic preference for marketing
updates, clinic news, educational content or promotions. You may withdraw consent at any time via unsubscribe links or by contacting us directly.

9. Surveys, Feedback & Testimonials
Feedback provided voluntarily may be used to improve our services. Testimonials may be
displayed publicly only with consent. Public reviews on social media or Google may be reproduced under legitimate interest.

10. Website Usage & Cookies
Our website (www.thechirocentre.com) uses cookies and analytics tools to improve performance, security and user experience. Data may include anonymised IP addresses, browser type, time on site and pages viewed. We use secure hosting through Bluehost. We do not store clinical or patient data on the website.

11. Google Analytics & Tracking Tools
We use Google Analytics and Search Console to understand website traffic and performance. All data analysed is anonymised and does not identify individuals. Google’s privacy practices are available on their website.

12. Social Media Interactions
Engagement through platforms like Youtube, Facebook, Instagram or TikTok is subject to each platform’s terms. We encourage users not to share sensitive information publicly. We will never request confidential details through social media channels.

13. Sharing Your Data
We only share data when necessary and lawful. This may include: • Your GP or healthcare
professionals (with consent or if required for safety/legal reasons) • Insurers involved in claims or treatment authorisation • Payment processors and accountants for financial compliance • IT and software providers with contractual confidentiality

14. Data Security
We use secure servers, encrypted systems, access controls and authentication processes to
protect your data. Only authorised staff and contracted clinicians can access clinical information. We continuously review our systems to maintain security.

15. International Transfers
We aim to store data within the UK or EEA. If a third-party service provider stores data outside this area, we ensure that adequate legal safeguards are in place, such as Standard Contractual
Clauses.

16. Your Rights Under UK-GDPR
You have the right to: • access your personal data • request correction of inaccurate information • request deletion where legally permissible • restrict or object to processing • withdraw consent • request data portability • complain to the ICO We respond to requests within statutory deadlines.

17. Retention of Information
Data is retained only as long as necessary: • Clinical records: 8 years or statutory requirement •
Payment data: minimum accounting period • Marketing data: until withdrawal of consent • Surveys: deleted after use

18. Your Right to Object
You may object to processing based on legitimate interests or for direct marketing. We will stop
processing unless compelling legal grounds apply.

19. Changes to This Policy
We may update this Privacy Policy to reflect changes in law, regulation or clinic operations.
Updated versions will be posted on our website with a revised date.

20. Contact Details
To exercise your rights, request data, or ask questions about this policy, contact us: Email:
info@thechirocentre.com Phone: 01277 631025 Website: www.thechirocentre.com